ID OPENVAS:1361412562310841049 Type openvas Reporter Copyright (c) 2012 Greenbone Networks GmbH Modified 2019-03-13T00:00:00
Description
Ubuntu Update for Linux kernel vulnerabilities USN-1480-1
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_ubuntu_USN_1480_1.nasl 14132 2019-03-13 09:25:59Z cfischer $
#
# Ubuntu Update for raptor USN-1480-1
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_xref(name:"URL", value:"http://www.ubuntu.com/usn/usn-1480-1/");
script_oid("1.3.6.1.4.1.25623.1.0.841049");
script_version("$Revision: 14132 $");
script_tag(name:"last_modification", value:"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $");
script_tag(name:"creation_date", value:"2012-06-19 09:42:22 +0530 (Tue, 19 Jun 2012)");
script_cve_id("CVE-2012-0037");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:N/A:N");
script_xref(name:"USN", value:"1480-1");
script_name("Ubuntu Update for raptor USN-1480-1");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
script_family("Ubuntu Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU(10\.04 LTS|12\.04 LTS|11\.10|11\.04)");
script_tag(name:"summary", value:"Ubuntu Update for Linux kernel vulnerabilities USN-1480-1");
script_tag(name:"affected", value:"raptor on Ubuntu 12.04 LTS,
Ubuntu 11.10,
Ubuntu 11.04,
Ubuntu 10.04 LTS");
script_tag(name:"solution", value:"Please Install the Updated Packages.");
script_tag(name:"insight", value:"Timothy D. Morgan discovered that Raptor would unconditionally load XML
external entities. If a user were tricked into opening a specially crafted
document in an application linked against Raptor, an attacker could
possibly obtain access to arbitrary files on the user's system or
potentially execute arbitrary code with the privileges of the user invoking
the program.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
if(release == "UBUNTU10.04 LTS")
{
if ((res = isdpkgvuln(pkg:"libraptor1", ver:"1.4.21-1ubuntu1.1", rls:"UBUNTU10.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
if(release == "UBUNTU12.04 LTS")
{
if ((res = isdpkgvuln(pkg:"libraptor1", ver:"1.4.21-7ubuntu0.1", rls:"UBUNTU12.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
if(release == "UBUNTU11.10")
{
if ((res = isdpkgvuln(pkg:"libraptor1", ver:"1.4.21-5ubuntu0.1", rls:"UBUNTU11.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
if(release == "UBUNTU11.04")
{
if ((res = isdpkgvuln(pkg:"libraptor1", ver:"1.4.21-2ubuntu0.1", rls:"UBUNTU11.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
{"id": "OPENVAS:1361412562310841049", "bulletinFamily": "scanner", "title": "Ubuntu Update for raptor USN-1480-1", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1480-1", "published": "2012-06-19T00:00:00", "modified": "2019-03-13T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841049", "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "references": ["1480-1", "http://www.ubuntu.com/usn/usn-1480-1/"], "cvelist": ["CVE-2012-0037"], "type": "openvas", "lastseen": "2019-05-29T18:38:31", "history": [{"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2012-0037"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1480-1", "edition": 5, "enchantments": {"dependencies": {"modified": "2018-09-01T23:58:08", "references": [{"idList": ["SECURITYVULNS:VULN:12287", "SECURITYVULNS:DOC:27835", "SECURITYVULNS:DOC:27872"], "type": "securityvulns"}, {"idList": ["60F81AF3-7690-11E1-9423-00235A5F2C9A"], "type": "freebsd"}, {"idList": ["REDHAT-RHSA-2012-0410.NASL", "MANDRIVA_MDVSA-2012-061.NASL", "OPENSUSE-2012-187.NASL", "FREEBSD_PKG_60F81AF3769011E1942300235A5F2C9A.NASL", "MACOSX_LIBREOFFICE_351.NASL", "SL_20120322_OPENOFFICE_ORG_ON_SL5_X.NASL", "CENTOS_RHSA-2012-0410.NASL", "FEDORA_2012-10590.NASL", "MANDRIVA_MDVSA-2012-063.NASL", "DEBIAN_DSA-2438.NASL"], "type": "nessus"}, {"idList": ["SSV:30216"], "type": "seebug"}, {"idList": ["RHSA-2012:0410", "RHSA-2012:0411"], "type": "redhat"}, {"idList": ["ELSA-2012-0410"], "type": "oraclelinux"}, {"idList": ["DEBIAN:DSA-2438-1:5F194"], "type": "debian"}, {"idList": ["USN-1901-1", "USN-1480-1"], "type": "ubuntu"}, {"idList": ["CVE-2012-0037"], "type": "cve"}, {"idList": ["CESA-2012:0411", "CESA-2012:0410"], "type": "centos"}, {"idList": ["OPENVAS:841049", "OPENVAS:1361412562310864580", "OPENVAS:1361412562310864157", "OPENVAS:1361412562310831642", "OPENVAS:881155", "OPENVAS:136141256231071242", "OPENVAS:71289", "OPENVAS:864584", "OPENVAS:1361412562310864584", "OPENVAS:864157"], "type": "openvas"}, {"idList": ["GLSA-201408-19", "GLSA-201209-05"], "type": "gentoo"}]}, "score": {"value": 9.3, "vector": "NONE"}}, "hash": "e756f5b0b10c2f50835e91e2d7e550a58d99877cdbc7dd4d5a48f971907df031", "hashmap": [{"hash": "43baddaa70add1107086453517de711c", "key": "href"}, {"hash": "f1188d8ebe5727620b8baa9076b527e2", "key": "sourceData"}, {"hash": "17b15e8e016d9e5c8b6607c02bfd9924", "key": "description"}, {"hash": "3c236091754d2db00c1c42f811b3ada4", "key": "cvss"}, {"hash": "d227a126608b1475a16d4aaf0f8d0806", "key": "pluginID"}, {"hash": "11444654809843c67bb25c23b14b8e8e", "key": "title"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "a282f166ddc6c378940071a6b738e1a3", "key": "reporter"}, {"hash": "3c110792002b1cfad01d834c9b577a22", "key": "references"}, {"hash": "82a2a9fb29a536d769d3402e9a58e1e1", "key": "published"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}, {"hash": "2ab1fb8906f2e00c8bfb5b4349dcf9cd", "key": "cvelist"}, {"hash": "464857d7b87b7b905e79b99c78b7d97a", "key": "modified"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841049", "id": "OPENVAS:1361412562310841049", "lastseen": "2018-09-01T23:58:08", "modified": "2018-08-17T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310841049", "published": "2012-06-19T00:00:00", "references": ["1480-1", "http://www.ubuntu.com/usn/usn-1480-1/"], "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1480_1.nasl 11037 2018-08-17 11:51:16Z cfischer $\n#\n# Ubuntu Update for raptor USN-1480-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\n\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1480-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841049\");\n script_version(\"$Revision: 11037 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-17 13:51:16 +0200 (Fri, 17 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-19 09:42:22 +0530 (Tue, 19 Jun 2012)\");\n script_cve_id(\"CVE-2012-0037\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"USN\", value:\"1480-1\");\n script_name(\"Ubuntu Update for raptor USN-1480-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.04 LTS|12\\.04 LTS|11\\.10|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1480-1\");\n script_tag(name:\"affected\", value:\"raptor on Ubuntu 12.04 LTS,\n Ubuntu 11.10,\n Ubuntu 11.04,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Timothy D. Morgan discovered that Raptor would unconditionally load XML\n external entities. If a user were tricked into opening a specially crafted\n document in an application linked against Raptor, an attacker could\n possibly obtain access to arbitrary files on the user's system or\n potentially execute arbitrary code with the privileges of the user invoking\n the program.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libraptor1\", ver:\"1.4.21-1ubuntu1.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libraptor1\", ver:\"1.4.21-7ubuntu0.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libraptor1\", ver:\"1.4.21-5ubuntu0.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libraptor1\", ver:\"1.4.21-2ubuntu0.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "title": "Ubuntu Update for raptor USN-1480-1", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 5, "lastseen": "2018-09-01T23:58:08"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2012-0037"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1480-1", "edition": 2, "enchantments": {"score": {"value": 9.3, "vector": "NONE"}}, "hash": "39171d7cfb283f945d585397d4450392efd5931f8f5ab2757a96848824a916f8", "hashmap": [{"hash": "43baddaa70add1107086453517de711c", "key": "href"}, {"hash": "d474137195f7479873e0759711304521", "key": "modified"}, {"hash": "17b15e8e016d9e5c8b6607c02bfd9924", "key": "description"}, {"hash": "3c236091754d2db00c1c42f811b3ada4", "key": "cvss"}, {"hash": "d227a126608b1475a16d4aaf0f8d0806", "key": "pluginID"}, {"hash": "11444654809843c67bb25c23b14b8e8e", "key": "title"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "a282f166ddc6c378940071a6b738e1a3", "key": "reporter"}, {"hash": "b99ed15ad114121fc00630a5efc2b31b", "key": "sourceData"}, {"hash": "3c110792002b1cfad01d834c9b577a22", "key": "references"}, {"hash": "82a2a9fb29a536d769d3402e9a58e1e1", "key": "published"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}, {"hash": "2ab1fb8906f2e00c8bfb5b4349dcf9cd", "key": "cvelist"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841049", "id": "OPENVAS:1361412562310841049", "lastseen": "2018-04-30T13:55:19", "modified": "2018-04-27T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310841049", "published": "2012-06-19T00:00:00", "references": ["1480-1", "http://www.ubuntu.com/usn/usn-1480-1/"], "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1480_1.nasl 9649 2018-04-27 08:45:50Z cfischer $\n#\n# Ubuntu Update for raptor USN-1480-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1480-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841049\");\n script_version(\"$Revision: 9649 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-27 10:45:50 +0200 (Fri, 27 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-19 09:42:22 +0530 (Tue, 19 Jun 2012)\");\n script_cve_id(\"CVE-2012-0037\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"USN\", value: \"1480-1\");\n script_name(\"Ubuntu Update for raptor USN-1480-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.04 LTS|12\\.04 LTS|11\\.10|11\\.04)\");\n script_tag(name : \"summary\" , value : \"Ubuntu Update for Linux kernel vulnerabilities USN-1480-1\");\n script_tag(name : \"affected\" , value : \"raptor on Ubuntu 12.04 LTS ,\n Ubuntu 11.10 ,\n Ubuntu 11.04 ,\n Ubuntu 10.04 LTS\");\n script_tag(name : \"solution\" , value : \"Please Install the Updated Packages.\");\n script_tag(name : \"insight\" , value : \"Timothy D. Morgan discovered that Raptor would unconditionally load XML\n external entities. If a user were tricked into opening a specially crafted\n document in an application linked against Raptor, an attacker could\n possibly obtain access to arbitrary files on the user's system or\n potentially execute arbitrary code with the privileges of the user invoking\n the program.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libraptor1\", ver:\"1.4.21-1ubuntu1.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libraptor1\", ver:\"1.4.21-7ubuntu0.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libraptor1\", ver:\"1.4.21-5ubuntu0.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libraptor1\", ver:\"1.4.21-2ubuntu0.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "title": "Ubuntu Update for raptor USN-1480-1", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2018-04-30T13:55:19"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2012-0037"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1480-1", "edition": 3, "enchantments": {"score": {"value": 9.3, "vector": "NONE"}}, "hash": "e756f5b0b10c2f50835e91e2d7e550a58d99877cdbc7dd4d5a48f971907df031", "hashmap": [{"hash": "43baddaa70add1107086453517de711c", "key": "href"}, {"hash": "f1188d8ebe5727620b8baa9076b527e2", "key": "sourceData"}, {"hash": "17b15e8e016d9e5c8b6607c02bfd9924", "key": "description"}, {"hash": "3c236091754d2db00c1c42f811b3ada4", "key": "cvss"}, {"hash": "d227a126608b1475a16d4aaf0f8d0806", "key": "pluginID"}, {"hash": "11444654809843c67bb25c23b14b8e8e", "key": "title"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "a282f166ddc6c378940071a6b738e1a3", "key": "reporter"}, {"hash": "3c110792002b1cfad01d834c9b577a22", "key": "references"}, {"hash": "82a2a9fb29a536d769d3402e9a58e1e1", "key": "published"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}, {"hash": "2ab1fb8906f2e00c8bfb5b4349dcf9cd", "key": "cvelist"}, {"hash": "464857d7b87b7b905e79b99c78b7d97a", "key": "modified"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841049", "id": "OPENVAS:1361412562310841049", "lastseen": "2018-08-24T21:36:12", "modified": "2018-08-17T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310841049", "published": "2012-06-19T00:00:00", "references": ["1480-1", "http://www.ubuntu.com/usn/usn-1480-1/"], "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1480_1.nasl 11037 2018-08-17 11:51:16Z cfischer $\n#\n# Ubuntu Update for raptor USN-1480-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\n\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1480-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841049\");\n script_version(\"$Revision: 11037 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-17 13:51:16 +0200 (Fri, 17 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-19 09:42:22 +0530 (Tue, 19 Jun 2012)\");\n script_cve_id(\"CVE-2012-0037\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"USN\", value:\"1480-1\");\n script_name(\"Ubuntu Update for raptor USN-1480-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.04 LTS|12\\.04 LTS|11\\.10|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1480-1\");\n script_tag(name:\"affected\", value:\"raptor on Ubuntu 12.04 LTS,\n Ubuntu 11.10,\n Ubuntu 11.04,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Timothy D. Morgan discovered that Raptor would unconditionally load XML\n external entities. If a user were tricked into opening a specially crafted\n document in an application linked against Raptor, an attacker could\n possibly obtain access to arbitrary files on the user's system or\n potentially execute arbitrary code with the privileges of the user invoking\n the program.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libraptor1\", ver:\"1.4.21-1ubuntu1.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libraptor1\", ver:\"1.4.21-7ubuntu0.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libraptor1\", ver:\"1.4.21-5ubuntu0.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libraptor1\", ver:\"1.4.21-2ubuntu0.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "title": "Ubuntu Update for raptor USN-1480-1", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-24T21:36:12"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2012-0037"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1480-1", "edition": 6, "enchantments": {"dependencies": {"modified": "2019-03-14T14:32:08", "references": [{"idList": ["SECURITYVULNS:VULN:12287", "SECURITYVULNS:DOC:27835", "SECURITYVULNS:DOC:27872"], "type": "securityvulns"}, {"idList": ["OPENVAS:1361412562310864580", "OPENVAS:71242", "OPENVAS:1361412562310864157", "OPENVAS:136141256231071242", "OPENVAS:831599", "OPENVAS:1361412562310864393", "OPENVAS:870721", "OPENVAS:1361412562310123949", "OPENVAS:831642", "OPENVAS:1361412562310864584"], "type": "openvas"}, {"idList": ["60F81AF3-7690-11E1-9423-00235A5F2C9A"], "type": "freebsd"}, {"idList": ["SSV:30216"], "type": "seebug"}, {"idList": ["RHSA-2012:0410", "RHSA-2012:0411"], "type": "redhat"}, {"idList": ["ELSA-2012-0410"], "type": "oraclelinux"}, {"idList": ["DEBIAN:DSA-2438-1:5F194"], "type": "debian"}, {"idList": ["USN-1901-1", "USN-1480-1"], "type": "ubuntu"}, {"idList": ["CVE-2012-0037"], "type": "cve"}, {"idList": ["CESA-2012:0411", "CESA-2012:0410"], "type": "centos"}, {"idList": ["MANDRIVA_MDVSA-2012-061.NASL", "OPENSUSE-2012-187.NASL", "OPENOFFICE_2012_0037.NASL", "SL_20120322_RAPTOR_ON_SL6_X.NASL", "CENTOS_RHSA-2012-0411.NASL", "REDHAT-RHSA-2012-0411.NASL", "SL_20120322_OPENOFFICE_ORG_ON_SL5_X.NASL", "FEDORA_2012-10590.NASL", "FEDORA_2012-4629.NASL", "FEDORA_2012-10591.NASL"], "type": "nessus"}, {"idList": ["GLSA-201408-19", "GLSA-201209-05"], "type": "gentoo"}]}, "score": {"value": 9.3, "vector": "NONE"}}, "hash": "e44224804e0bb4874ff9e551b19d61973320d6b2000efd217eab7dccbf28a56e", "hashmap": [{"hash": "43baddaa70add1107086453517de711c", "key": "href"}, {"hash": "17b15e8e016d9e5c8b6607c02bfd9924", "key": "description"}, {"hash": "3c236091754d2db00c1c42f811b3ada4", "key": "cvss"}, {"hash": "ad4d18ce7879d13ff3fe5003518760c4", "key": "modified"}, {"hash": "dd79cc88274c2aa10f91bb62b632b208", "key": "sourceData"}, {"hash": "d227a126608b1475a16d4aaf0f8d0806", "key": "pluginID"}, {"hash": "11444654809843c67bb25c23b14b8e8e", "key": "title"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "a282f166ddc6c378940071a6b738e1a3", "key": "reporter"}, {"hash": "3c110792002b1cfad01d834c9b577a22", "key": "references"}, {"hash": "82a2a9fb29a536d769d3402e9a58e1e1", "key": "published"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}, {"hash": "2ab1fb8906f2e00c8bfb5b4349dcf9cd", "key": "cvelist"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841049", "id": "OPENVAS:1361412562310841049", "lastseen": "2019-03-14T14:32:08", "modified": "2019-03-13T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310841049", "published": "2012-06-19T00:00:00", "references": ["1480-1", "http://www.ubuntu.com/usn/usn-1480-1/"], "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1480_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for raptor USN-1480-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1480-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841049\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-19 09:42:22 +0530 (Tue, 19 Jun 2012)\");\n script_cve_id(\"CVE-2012-0037\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"USN\", value:\"1480-1\");\n script_name(\"Ubuntu Update for raptor USN-1480-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.04 LTS|12\\.04 LTS|11\\.10|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1480-1\");\n script_tag(name:\"affected\", value:\"raptor on Ubuntu 12.04 LTS,\n Ubuntu 11.10,\n Ubuntu 11.04,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Timothy D. Morgan discovered that Raptor would unconditionally load XML\n external entities. If a user were tricked into opening a specially crafted\n document in an application linked against Raptor, an attacker could\n possibly obtain access to arbitrary files on the user's system or\n potentially execute arbitrary code with the privileges of the user invoking\n the program.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libraptor1\", ver:\"1.4.21-1ubuntu1.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libraptor1\", ver:\"1.4.21-7ubuntu0.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libraptor1\", ver:\"1.4.21-5ubuntu0.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libraptor1\", ver:\"1.4.21-2ubuntu0.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "title": "Ubuntu Update for raptor USN-1480-1", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 6, "lastseen": "2019-03-14T14:32:08"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2012-0037"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1480-1", "edition": 4, "enchantments": {"score": {"value": 9.3, "vector": "NONE"}}, "hash": "1fdbb98e7f19b99b07b23b340f69934af01cce875afcb9c80cefd1c3711d3ef3", "hashmap": [{"hash": "43baddaa70add1107086453517de711c", "key": "href"}, {"hash": "f1188d8ebe5727620b8baa9076b527e2", "key": "sourceData"}, {"hash": "17b15e8e016d9e5c8b6607c02bfd9924", "key": "description"}, {"hash": "d227a126608b1475a16d4aaf0f8d0806", "key": "pluginID"}, {"hash": "11444654809843c67bb25c23b14b8e8e", "key": "title"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "a282f166ddc6c378940071a6b738e1a3", "key": "reporter"}, {"hash": "3c110792002b1cfad01d834c9b577a22", "key": "references"}, {"hash": "82a2a9fb29a536d769d3402e9a58e1e1", "key": "published"}, {"hash": "c9b7d00377a789a14c9bb9dab6c7168c", "key": "naslFamily"}, {"hash": "2ab1fb8906f2e00c8bfb5b4349dcf9cd", "key": "cvelist"}, {"hash": "464857d7b87b7b905e79b99c78b7d97a", "key": "modified"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841049", "id": "OPENVAS:1361412562310841049", "lastseen": "2018-08-30T19:25:20", "modified": "2018-08-17T00:00:00", "naslFamily": "Ubuntu Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310841049", "published": "2012-06-19T00:00:00", "references": ["1480-1", "http://www.ubuntu.com/usn/usn-1480-1/"], "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1480_1.nasl 11037 2018-08-17 11:51:16Z cfischer $\n#\n# Ubuntu Update for raptor USN-1480-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\n\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1480-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841049\");\n script_version(\"$Revision: 11037 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-17 13:51:16 +0200 (Fri, 17 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-19 09:42:22 +0530 (Tue, 19 Jun 2012)\");\n script_cve_id(\"CVE-2012-0037\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"USN\", value:\"1480-1\");\n script_name(\"Ubuntu Update for raptor USN-1480-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.04 LTS|12\\.04 LTS|11\\.10|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1480-1\");\n script_tag(name:\"affected\", value:\"raptor on Ubuntu 12.04 LTS,\n Ubuntu 11.10,\n Ubuntu 11.04,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Timothy D. Morgan discovered that Raptor would unconditionally load XML\n external entities. If a user were tricked into opening a specially crafted\n document in an application linked against Raptor, an attacker could\n possibly obtain access to arbitrary files on the user's system or\n potentially execute arbitrary code with the privileges of the user invoking\n the program.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libraptor1\", ver:\"1.4.21-1ubuntu1.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libraptor1\", ver:\"1.4.21-7ubuntu0.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libraptor1\", ver:\"1.4.21-5ubuntu0.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libraptor1\", ver:\"1.4.21-2ubuntu0.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "title": "Ubuntu Update for raptor USN-1480-1", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:25:20"}], "edition": 7, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "2ab1fb8906f2e00c8bfb5b4349dcf9cd"}, {"key": "cvss", "hash": "876f47c4ebc2b9e0dd17afaa22819f2a"}, {"key": "description", "hash": "17b15e8e016d9e5c8b6607c02bfd9924"}, {"key": "href", "hash": "43baddaa70add1107086453517de711c"}, {"key": "modified", "hash": "ad4d18ce7879d13ff3fe5003518760c4"}, {"key": "naslFamily", "hash": "c9b7d00377a789a14c9bb9dab6c7168c"}, {"key": "pluginID", "hash": "d227a126608b1475a16d4aaf0f8d0806"}, {"key": "published", "hash": "82a2a9fb29a536d769d3402e9a58e1e1"}, {"key": "references", "hash": "3c110792002b1cfad01d834c9b577a22"}, {"key": "reporter", "hash": "a282f166ddc6c378940071a6b738e1a3"}, {"key": "sourceData", "hash": "dd79cc88274c2aa10f91bb62b632b208"}, {"key": "title", "hash": "11444654809843c67bb25c23b14b8e8e"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "bd2a5aadc0ecd09986fafb0526a262549643243fb888f19c0073da142c684c5f", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-0037"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:27872", "SECURITYVULNS:VULN:12287", "SECURITYVULNS:DOC:27835"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-0410"]}, {"type": "seebug", "idList": ["SSV:30216"]}, {"type": "ubuntu", "idList": ["USN-1480-1", "USN-1901-1"]}, {"type": "redhat", "idList": ["RHSA-2012:0411", "RHSA-2012:0410"]}, {"type": "nessus", "idList": ["SUSE_11_LIBRAPTOR-DEVEL-120217.NASL", "FREEBSD_PKG_60F81AF3769011E1942300235A5F2C9A.NASL", "DEBIAN_DSA-2438.NASL", "LIBREOFFICE_351.NASL", "ORACLELINUX_ELSA-2012-0410.NASL", "REDHAT-RHSA-2012-0410.NASL", "UBUNTU_USN-1480-1.NASL", "UBUNTU_USN-1901-1.NASL", "OPENSUSE-2012-183.NASL", "CENTOS_RHSA-2012-0411.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:881155", "OPENVAS:864393", "OPENVAS:841049", "OPENVAS:841501", "OPENVAS:71289", "OPENVAS:864580", "OPENVAS:1361412562310881120", "OPENVAS:881120", "OPENVAS:1361412562310870721", "OPENVAS:1361412562310864393"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2438-1:5F194"]}, {"type": "freebsd", "idList": ["60F81AF3-7690-11E1-9423-00235A5F2C9A"]}, {"type": "centos", "idList": ["CESA-2012:0411", "CESA-2012:0410"]}, {"type": "gentoo", "idList": ["GLSA-201209-05", "GLSA-201408-19"]}], "modified": "2019-05-29T18:38:31"}, "score": {"value": 6.7, "vector": "NONE", "modified": "2019-05-29T18:38:31"}, "vulnersScore": 6.7}, "objectVersion": "1.3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1480_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for raptor USN-1480-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1480-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841049\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-19 09:42:22 +0530 (Tue, 19 Jun 2012)\");\n script_cve_id(\"CVE-2012-0037\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"USN\", value:\"1480-1\");\n script_name(\"Ubuntu Update for raptor USN-1480-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.04 LTS|12\\.04 LTS|11\\.10|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1480-1\");\n script_tag(name:\"affected\", value:\"raptor on Ubuntu 12.04 LTS,\n Ubuntu 11.10,\n Ubuntu 11.04,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Timothy D. Morgan discovered that Raptor would unconditionally load XML\n external entities. If a user were tricked into opening a specially crafted\n document in an application linked against Raptor, an attacker could\n possibly obtain access to arbitrary files on the user's system or\n potentially execute arbitrary code with the privileges of the user invoking\n the program.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libraptor1\", ver:\"1.4.21-1ubuntu1.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libraptor1\", ver:\"1.4.21-7ubuntu0.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libraptor1\", ver:\"1.4.21-5ubuntu0.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libraptor1\", ver:\"1.4.21-2ubuntu0.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "Ubuntu Local Security Checks", "pluginID": "1361412562310841049", "scheme": null}
{"cve": [{"lastseen": "2019-05-29T18:12:19", "bulletinFamily": "NVD", "description": "Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.", "modified": "2017-08-29T01:30:00", "id": "CVE-2012-0037", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0037", "published": "2012-06-17T03:41:00", "title": "CVE-2012-0037", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:44", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n\r\n VSR Security Advisory\r\n http://www.vsecurity.com/\r\n\r\n=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\r\n\r\nAdvisory Name: libraptor - XXE in RDF/XML File Interpretation\r\n Release Date: 2012-03-24\r\n Applications: libraptor / librdf (versions 1.x and 2.x)\r\nAlso Affected: OpenOffice 3.x, LibreOffice 3.x, AbiWord, KOffice\r\n Author: tmorgan {a} vsecurity * com\r\nVendor Status: Patches available; major downstream vendors\r\n and operating system distributions notified\r\nCVE Candidate: CVE-2012-0037\r\n Reference: http://www.vsecurity.com/resources/advisory/20120324-1/\r\n\r\n=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\r\n\r\n\r\nProduct Description\r\n~-----------------~\r\n"Raptor is a free software / Open Source C library that provides a set of\r\n parsers and serializers that generate Resource Description Framework (RDF)\r\n triples by parsing syntaxes or serialize the triples into a syntax. The\r\n supported parsing syntaxes are RDF/XML, N-Quads, N-Triples, TRiG, Turtle, RSS\r\n tag soup including all versions of RSS, Atom 1.0 and 0.3, GRDDL and\r\n microformats for HTML, XHTML and XML and RDFa. The serializing syntaxes are\r\n RDF/XML (regular, and abbreviated), Atom 1.0, GraphViz, JSON, N-Quads,\r\n N-Triples, RSS 1.0 and XMP." -- libraptor web site [1]\r\n\r\nlibraptor is a component of librdf[2] which is used by a variety of open source\r\nsoftware to interpret Resource Description Framework (RDF) [3] formats.\r\n\r\n\r\nVulnerability Overview\r\n~--------------------~\r\nIn December 2011, VSR identified a vulnerability in multiple open source office\r\nproducts (including OpenOffice, LibreOffice, KOffice, and AbiWord) due to unsafe\r\ninterpretation of XML files with custom entity declarations. Deeper analysis\r\nrevealed that the vulnerability was caused by acceptance of external entities by\r\nthe libraptor library, which is used by librdf and is in turn used by these\r\noffice products.\r\n\r\nIn the context of office applications, these vulnerabilities could allow for XML\r\nExternal Entity (XXE) attacks resulting in file theft and a loss of user privacy\r\nwhen opening potentially malicious ODF documents. For other applications which\r\ndepend on librdf or libraptor, potentially serious consequences could result\r\nfrom accepting RDF/XML content from untrusted sources, though the impact may\r\nvary widely depending on the context.\r\n\r\n\r\nVulnerability Details\r\n~-------------------~\r\nOpen Document Format (ODF) files consist of a collection of several different\r\nfiles stored in a ZIP archive. Included in this set is a "manifest.rdf" file\r\nwhich is formatted according to the RDF/XML representation. The RDF format is\r\nintended to be used for storing metadata associated with specific document\r\nelements. The manifest.rdf file can reference secondary RDF files within the\r\nODF file as well as external document schemas.\r\n\r\nThe RDF file parser (librdf) used by the affected office products allows DTD\r\nspecifications within the RDF files themselves. In addition, the parser\r\ninterprets external entities which may reference arbitrary external files, HTTP\r\nand FTP resources.\r\n\r\nFor instance, the following "evil.rdf" file was created within a valid ODF text\r\narchive (.odt file) which was referenced by the internal manifest.rdf file:\r\n\r\n\r\n<?xml version="1.0" encoding="utf-8"?>\r\n<!DOCTYPE rdf [\r\n <!ENTITY file SYSTEM "file:///c:/windows/win.ini">\r\n]>\r\n<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">\r\n <rdf:Description rdf:about="content.xml#id1265690860">\r\n <ns0:comment\r\nxmlns:ns0="http://www.w3.org/2000/01/rdf-schema#">&file;</ns0:comment>\r\n </rdf:Description>\r\n</rdf:RDF>\r\n\r\n\r\n\r\nUpon opening the malicious .odt file in OpenOffice for Windows, the\r\nc:\windows\win.ini file was read and included in the document metadata. Upon\r\nsaving the document, this metadata was included literally in the resulting\r\nevil.rdf file (within the .odt):\r\n\r\n<?xml version="1.0" encoding="utf-8"?>\r\n<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">\r\n <rdf:Description rdf:about="content.xml#id1265690860">\r\n <ns1:comment xmlns:ns1="http://www.w3.org/2000/01/rdf-schema#">; for\r\n16-bit app support\r\n[fonts]\r\n[extensions]\r\n[mci extensions]\r\n[files]\r\n[Mail]\r\nMAPI=1\r\nCMCDLLNAME32=mapi32.dll\r\nCMC=1\r\nMAPIX=1\r\nMAPIXVER=1.0.0.1\r\nOLEMessaging=1\r\n</ns1:comment>\r\n </rdf:Description>\r\n</rdf:RDF>\r\n\r\n\r\nThe malicious XML entities could also include URLs to attacker-controlled\r\nHTTP or FTP resources. This would allow an attacker to determine when a\r\ndocument was opened, potentially resulting in reduced privacy. However, based\r\non current analysis of the affected office applications, the most serious attack\r\nscenario is likely to be:\r\n\r\n1. Attacker posts a malicious file on a web site or sends file to victim. The\r\nfile contains a form for the victim to fill out and return to the attacker.\r\n\r\n2. Victim fills out the form, saves it, sends it back to the attacker.\r\n\r\n3. Attacker is able to read the contents of any stolen files as embedded\r\nmetadata, simply by unzipping the returned file and reading the malicious RDF\r\ncomponent.\r\n\r\n\r\nThis attack clearly requires some significant user interaction. However, other\r\napplications which rely on librdf/libraptor have not been analyzed. It is\r\nplausible that the context of the external entity interpretation in other\r\nsoftware could allow for more serious automated file retrieval attacks.\r\n\r\n\r\nVersions Affected\r\n~---------------~\r\nThe 1.x and 2.x major versions of librdf are affected.\r\n\r\nThus far, all recent versions of open source office products appear to be\r\naffected, since these products rely on librdf/raptor for the interpretation of\r\nRDF files. This, in turn relies on libxml2 which supports external entity\r\ninterpretation by default. OpenOffice and LibreOffice include a modified copy of\r\nlibrdf 1.x which was vulnerable at the time of testing. It is likely that all\r\npreviously release 3.x versions of OpenOffice and LibreOffice are vulnerable.\r\nAbiWord and KOffice rely on a copy of librdf which is installed by the\r\nunderlying operating system.\r\n\r\nNumerous other open source software packages depend on librdf or libraptor\r\n(including ardour, libslv2, lv2file, morla, soprano, and numerous\r\nlanguage-specific wrappers), but it is not known if these are exploitable in any\r\nrealistic scenario.\r\n\r\n\r\nVendor Response\r\n~-------------~\r\nThe following timeline provides an overview of communication with the primary\r\naffected vendors:\r\n\r\n2012-01-09 OpenOffice, LibreOffice, AbiWord, KOffice, and libraptor\r\n maintainers were provided a draft advisory and test sample.\r\n The OpenWall "distros" mailing list was also notified.\r\n Apache OpenOffice Security team acknowledged notification.\r\n libraptor developer confirmed flaw.\r\n\r\n2012-01-10 CVE-2012-0037 assigned by Apache.\r\n\r\n2012-02-02 Notified OpenWall "distros" mailing list again, due to previous\r\n technical problems.\r\n\r\n2012-02-04 libraptor developer provided patches to all notified parties.\r\n\r\n2012-02-22 Extensive arguing between vendors about embargo/release date.\r\n\r\n2012-03-06 More arguing about release date.\r\n\r\n2012-03-14 Agreed upon release date established.\r\n\r\n2012-03-22 Security updates and vendor advisories released.\r\n\r\n2012-03-24 VSR advisory released.\r\n\r\n\r\nRecommendation\r\n~------------~\r\nUsers of most open source operating system distributions should update to the\r\nlatest librdf package as soon as possible, once a patched version is available\r\nfor their distribution. OpenOffice and LibreOffice packages should also be\r\nupgraded, since these include a custom copy of the library.\r\n\r\nUsers of other operating systems who use LibreOffice or OpenOffice should\r\nupgrade these packages to the latest release versions as soon as possible \r\n\r\nDevelopers of software which rely on librdf or libraptor should assess the risk\r\nof XXE attacks on interpreted XML files and take appropriate actions to notify\r\ntheir users based on how their software operates. VSR would be happy to assist\r\ndevelopers in these efforts on a case-by-case basis.\r\n\r\n\r\nCommon Vulnerabilities and Exposures (CVE) Information\r\n~----------------------------------------------------~\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned\r\nthe number CVE-2012-0037 to this issue. This is a candidate for\r\ninclusion in the CVE list (http://cve.mitre.org), which standardizes\r\nnames for security problems.\r\n\r\n\r\nAcknowledgements\r\n~--------------~\r\nThanks to Leper for help in preliminary testing.\r\n\r\nThanks to Jan iankko Lieskovsky, Daniel Veillard, Caolan McNamara, and Michael\r\nStahl for performing deeper analysis on the interaction between libraptor and\r\nlibxml2.\r\n\r\n=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\r\n\r\nReferences:\r\n\r\n1. http://librdf.org/raptor/\r\n\r\n2. http://librdf.org/\r\n\r\n3. http://www.w3.org/RDF/\r\n\r\n\r\n=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\r\n\r\nThis advisory is distributed for educational purposes only with the sincere\r\nhope that it will help promote public safety. This advisory comes with\r\nabsolutely NO WARRANTY; not even the implied warranty of merchantability or\r\nfitness for a particular purpose. Neither Virtual Security Research, LLC nor\r\nthe author accepts any liability for any direct, indirect, or consequential\r\nloss or damage arising from use of, or reliance on, this information.\r\n\r\nSee the VSR disclosure policy for more information on our responsible\r\ndisclosure practices:\r\n http://www.vsecurity.com/company/disclosure\r\n\r\n=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\r\n Copyright 2012 Virtual Security Research, LLC. All rights reserved.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niD8DBQFPbfkKQ1RSUNR+T+gRAtqLAKCfiu/8wW49/Jtp9Q4+4VvRgXDvegCfcZZf\r\nl3N1P2JkzSJNnVZAuUqwBbs=\r\n=8Uwi\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2012-04-02T00:00:00", "published": "2012-04-02T00:00:00", "id": "SECURITYVULNS:DOC:27872", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27872", "title": "CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected)", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:46", "bulletinFamily": "software", "description": "It's possible to inject file via XML", "modified": "2012-04-02T00:00:00", "published": "2012-04-02T00:00:00", "id": "SECURITYVULNS:VULN:12287", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12287", "title": "raptor library (libreoffice / openoffice) file injection", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:44", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2438-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nMarch 22, 2012 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : raptor\r\nVulnerability : programming error\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2012-0037\r\n\r\nIt was discovered that Raptor, a RDF parser and serializer library,\r\nallows file inclusion through XML entities, resulting in information\r\ndisclosure.\r\n\r\nFor the stable distribution (squeeze), this problem has been fixed in\r\nversion 1.4.21-2+squeeze1.\r\n\r\nFor the unstable distribution (sid), this problem will be fixed soon.\r\n\r\nWe recommend that you upgrade your raptor packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niEYEARECAAYFAk9rVPkACgkQXm3vHE4uylq8aQCdF/Y2xxs+4R/d35s0NCEIA2nA\r\nxWcAoMvbz4NkFXUmj/FZQmkazp1tg8xC\r\n=Jhyh\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2012-03-26T00:00:00", "published": "2012-03-26T00:00:00", "id": "SECURITYVULNS:DOC:27835", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27835", "title": "[SECURITY] [DSA 2438-1] raptor security update", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:33", "bulletinFamily": "unix", "description": "[1.4.18-5.1]\n- Fixed XML entity expansion that could lead to information disclosure (CVE-2012-0037)\n Resolves: rhbz#804496", "modified": "2012-03-22T00:00:00", "published": "2012-03-22T00:00:00", "id": "ELSA-2012-0410", "href": "http://linux.oracle.com/errata/ELSA-2012-0410.html", "title": "raptor security update", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "seebug": [{"lastseen": "2017-11-19T17:54:22", "bulletinFamily": "exploit", "description": "Bugtraq ID: 52681\r\nCVE ID\uff1aCVE-2012-0037\r\n\r\nOpenOffice\u662f\u4e00\u6b3e\u5f00\u653e\u6e90\u4ee3\u7801\u7684\u6587\u5b57\u5904\u7406\u7cfb\u7edf\r\n\r\nOpenOffice.org\u5b58\u5728\u4e00\u4e2aXML\u5916\u90e8\u5b9e\u4f53\u653b\u51fb\uff0c\u5904\u7406ODF\u6587\u6863\u4e2d\u67d0\u4e9bXML\u7ec4\u4ef6\u4e2d\u7684\u5916\u90e8\u5b9e\u4f53\u65f6\u5b58\u5728\u6f0f\u6d1e\uff0c\u901a\u8fc7\u6784\u5efa\u5916\u90e8\u5b9e\u4f53\u5f15\u7528\u5176\u4ed6\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u8d44\u6e90\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u65e0\u9700\u7528\u6237\u4ea4\u4e92\u628a\u672c\u5730\u5185\u5bb9\u6ce8\u5165\u5230ODF\u6587\u6863\u4e2d\uff0c\u5bfc\u81f4\u4fe1\u606f\u6cc4\u9732\n0\nOpenOffice 3.4 Beta\r\nOpenOffice 3.3\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\n\r\n\r\n\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://www.openoffice.org/security/cves/CVE-2012-0037.html", "modified": "2012-03-23T00:00:00", "published": "2012-03-23T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-30216", "id": "SSV:30216", "type": "seebug", "title": "OpenOffice ODF\u6587\u6863\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e", "sourceData": "", "sourceHref": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "ubuntu": [{"lastseen": "2019-05-29T17:22:17", "bulletinFamily": "unix", "description": "Timothy D. Morgan discovered that Raptor would unconditionally load XML external entities. If a user were tricked into opening a specially crafted document in an application linked against Raptor, an attacker could possibly obtain access to arbitrary files on the user\u2019s system or potentially execute arbitrary code with the privileges of the user invoking the program.", "modified": "2012-06-18T00:00:00", "published": "2012-06-18T00:00:00", "id": "USN-1480-1", "href": "https://usn.ubuntu.com/1480-1/", "title": "Raptor vulnerability", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T17:22:01", "bulletinFamily": "unix", "description": "Timothy D. Morgan discovered that Raptor would unconditionally load XML external entities. If a user were tricked into opening a specially crafted document in an application linked against Raptor, an attacker could possibly obtain access to arbitrary files on the user\u2019s system or potentially execute arbitrary code with the privileges of the user invoking the program.", "modified": "2013-07-08T00:00:00", "published": "2013-07-08T00:00:00", "id": "USN-1901-1", "href": "https://usn.ubuntu.com/1901-1/", "title": "Raptor vulnerability", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "redhat": [{"lastseen": "2019-08-13T18:45:50", "bulletinFamily": "unix", "description": "OpenOffice.org is an office productivity suite that includes desktop\napplications, such as a word processor, spreadsheet application,\npresentation manager, formula editor, and a drawing program. OpenOffice.org\nembeds a copy of Raptor, which provides parsers for Resource Description\nFramework (RDF) files.\n\nAn XML External Entity expansion flaw was found in the way Raptor processed\nRDF files. If OpenOffice.org were to open a specially-crafted file (such\nas an OpenDocument Format or OpenDocument Presentation file), it could\npossibly allow a remote attacker to obtain a copy of an arbitrary local\nfile that the user running OpenOffice.org had access to. A bug in the way\nRaptor handled external entities could cause OpenOffice.org to crash or,\npossibly, execute arbitrary code with the privileges of the user running \nOpenOffice.org. (CVE-2012-0037)\n\nRed Hat would like to thank Timothy D. Morgan of VSR for reporting this\nissue.\n\nAll OpenOffice.org users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct this issue. All running\ninstances of OpenOffice.org applications must be restarted for this update\nto take effect.\n", "modified": "2017-09-08T12:18:09", "published": "2012-03-22T04:00:00", "id": "RHSA-2012:0411", "href": "https://access.redhat.com/errata/RHSA-2012:0411", "type": "redhat", "title": "(RHSA-2012:0411) Important: openoffice.org security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-08-13T18:45:07", "bulletinFamily": "unix", "description": "Raptor provides parsers for Resource Description Framework (RDF) files.\n\nAn XML External Entity expansion flaw was found in the way Raptor processed\nRDF files. If an application linked against Raptor were to open a \nspecially-crafted RDF file, it could possibly allow a remote attacker to \nobtain a copy of an arbitrary local file that the user running the\napplication had access to. A bug in the way Raptor handled external\nentities could cause that application to crash or, possibly, execute\narbitrary code with the privileges of the user running the application.\n(CVE-2012-0037)\n\nRed Hat would like to thank Timothy D. Morgan of VSR for reporting this\nissue.\n\nAll Raptor users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running applications\nlinked against Raptor must be restarted for this update to take effect.\n", "modified": "2018-06-06T20:24:17", "published": "2012-03-22T04:00:00", "id": "RHSA-2012:0410", "href": "https://access.redhat.com/errata/RHSA-2012:0410", "type": "redhat", "title": "(RHSA-2012:0410) Important: raptor security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "openvas": [{"lastseen": "2019-05-29T18:39:07", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2012-07-09T00:00:00", "id": "OPENVAS:1361412562310870721", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870721", "title": "RedHat Update for raptor RHSA-2012:0410-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for raptor RHSA-2012:0410-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-March/msg00016.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870721\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:53:26 +0530 (Mon, 09 Jul 2012)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2012-0037\");\n script_xref(name:\"RHSA\", value:\"2012:0410-01\");\n script_name(\"RedHat Update for raptor RHSA-2012:0410-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'raptor'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"raptor on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Raptor provides parsers for Resource Description Framework (RDF) files.\n\n An XML External Entity expansion flaw was found in the way Raptor processed\n RDF files. If an application linked against Raptor were to open a\n specially-crafted RDF file, it could possibly allow a remote attacker to\n obtain a copy of an arbitrary local file that the user running the\n application had access to. A bug in the way Raptor handled external\n entities could cause that application to crash or, possibly, execute\n arbitrary code with the privileges of the user running the application.\n (CVE-2012-0037)\n\n Red Hat would like to thank Timothy D. Morgan of VSR for reporting this\n issue.\n\n All Raptor users are advised to upgrade to these updated packages, which\n contain a backported patch to correct this issue. All running applications\n linked against Raptor must be restarted for this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"raptor\", rpm:\"raptor~1.4.18~5.el6_2.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"raptor-debuginfo\", rpm:\"raptor-debuginfo~1.4.18~5.el6_2.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2018-01-02T10:57:56", "bulletinFamily": "scanner", "description": "Check for the Version of raptor", "modified": "2018-01-02T00:00:00", "published": "2012-07-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881120", "id": "OPENVAS:881120", "title": "CentOS Update for raptor CESA-2012:0410 centos6 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for raptor CESA-2012:0410 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Raptor provides parsers for Resource Description Framework (RDF) files.\n\n An XML External Entity expansion flaw was found in the way Raptor processed\n RDF files. If an application linked against Raptor were to open a \n specially-crafted RDF file, it could possibly allow a remote attacker to \n obtain a copy of an arbitrary local file that the user running the\n application had access to. A bug in the way Raptor handled external\n entities could cause that application to crash or, possibly, execute\n arbitrary code with the privileges of the user running the application.\n (CVE-2012-0037)\n \n Red Hat would like to thank Timothy D. Morgan of VSR for reporting this\n issue.\n \n All Raptor users are advised to upgrade to these updated packages, which\n contain a backported patch to correct this issue. All running applications\n linked against Raptor must be restarted for this update to take effect.\";\n\ntag_affected = \"raptor on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-March/018518.html\");\n script_id(881120);\n script_version(\"$Revision: 8267 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 07:29:17 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:13:52 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2012-0037\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"CESA\", value: \"2012:0410\");\n script_name(\"CentOS Update for raptor CESA-2012:0410 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of raptor\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"raptor\", rpm:\"raptor~1.4.18~5.el6_2.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"raptor-devel\", rpm:\"raptor-devel~1.4.18~5.el6_2.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:59", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:1361412562310881120", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881120", "title": "CentOS Update for raptor CESA-2012:0410 centos6", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for raptor CESA-2012:0410 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-March/018518.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881120\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:13:52 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2012-0037\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"CESA\", value:\"2012:0410\");\n script_name(\"CentOS Update for raptor CESA-2012:0410 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'raptor'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"raptor on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Raptor provides parsers for Resource Description Framework (RDF) files.\n\n An XML External Entity expansion flaw was found in the way Raptor processed\n RDF files. If an application linked against Raptor were to open a\n specially-crafted RDF file, it could possibly allow a remote attacker to\n obtain a copy of an arbitrary local file that the user running the\n application had access to. A bug in the way Raptor handled external\n entities could cause that application to crash or, possibly, execute\n arbitrary code with the privileges of the user running the application.\n (CVE-2012-0037)\n\n Red Hat would like to thank Timothy D. Morgan of VSR for reporting this\n issue.\n\n All Raptor users are advised to upgrade to these updated packages, which\n contain a backported patch to correct this issue. All running applications\n linked against Raptor must be restarted for this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"raptor\", rpm:\"raptor~1.4.18~5.el6_2.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"raptor-devel\", rpm:\"raptor-devel~1.4.18~5.el6_2.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2018-01-02T10:58:16", "bulletinFamily": "scanner", "description": "Check for the Version of raptor", "modified": "2017-12-26T00:00:00", "published": "2012-08-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=864580", "id": "OPENVAS:864580", "title": "Fedora Update for raptor FEDORA-2012-10591", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for raptor FEDORA-2012-10591\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"raptor on Fedora 17\";\ntag_insight = \"Raptor is the RDF Parser Toolkit for Redland that provides\n a set of standalone RDF parsers, generating triples from RDF/XML\n or N-Triples.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-July/084481.html\");\n script_id(864580);\n script_version(\"$Revision: 8245 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-26 07:29:59 +0100 (Tue, 26 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 11:15:05 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-0037\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-10591\");\n script_name(\"Fedora Update for raptor FEDORA-2012-10591\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of raptor\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"raptor\", rpm:\"raptor~1.4.21~12.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-18T11:08:49", "bulletinFamily": "scanner", "description": "Check for the Version of raptor2", "modified": "2018-01-17T00:00:00", "published": "2013-07-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=841501", "id": "OPENVAS:841501", "title": "Ubuntu Update for raptor2 USN-1901-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1901_1.nasl 8448 2018-01-17 16:18:06Z teissa $\n#\n# Ubuntu Update for raptor2 USN-1901-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"raptor2 on Ubuntu 12.04 LTS\";\ntag_insight = \"Timothy D. Morgan discovered that Raptor would unconditionally load XML\n external entities. If a user were tricked into opening a specially crafted\n document in an application linked against Raptor, an attacker could\n possibly obtain access to arbitrary files on the user's system or\n potentially execute arbitrary code with the privileges of the user invoking\n the program.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(841501);\n script_version(\"$Revision: 8448 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:18:06 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-07-09 15:51:04 +0530 (Tue, 09 Jul 2013)\");\n script_cve_id(\"CVE-2012-0037\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"Ubuntu Update for raptor2 USN-1901-1\");\n\n script_xref(name: \"USN\", value: \"1901-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1901-1/\");\n script_tag(name: \"summary\" , value: \"Check for the Version of raptor2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libraptor2-0\", ver:\"2.0.6-1ubuntu0.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-02T21:10:52", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2017-04-24T00:00:00", "published": "2012-04-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=71289", "id": "OPENVAS:71289", "title": "FreeBSD Ports: raptor2", "type": "openvas", "sourceData": "#\n#VID 60f81af3-7690-11e1-9423-00235a5f2c9a\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 60f81af3-7690-11e1-9423-00235a5f2c9a\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n raptor2\n raptor\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://seclists.org/fulldisclosure/2012/Mar/281\nhttp://www.vsecurity.com/resources/advisory/20120324-1/\nhttp://www.vuxml.org/freebsd/60f81af3-7690-11e1-9423-00235a5f2c9a.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(71289);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2012-0037\");\n script_version(\"$Revision: 6018 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-24 11:02:24 +0200 (Mon, 24 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:59:26 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"FreeBSD Ports: raptor2\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\nvuln = 0;\ntxt = \"\";\nbver = portver(pkg:\"raptor2\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.0.7\")<0) {\n txt += \"Package raptor2 version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\nbver = portver(pkg:\"raptor\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.4.21_2\")<0) {\n txt += \"Package raptor version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt ));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-12-04T11:20:30", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1480-1", "modified": "2017-12-01T00:00:00", "published": "2012-06-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=841049", "id": "OPENVAS:841049", "title": "Ubuntu Update for raptor USN-1480-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1480_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for raptor USN-1480-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Timothy D. Morgan discovered that Raptor would unconditionally load XML\n external entities. If a user were tricked into opening a specially crafted\n document in an application linked against Raptor, an attacker could\n possibly obtain access to arbitrary files on the user's system or\n potentially execute arbitrary code with the privileges of the user invoking\n the program.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1480-1\";\ntag_affected = \"raptor on Ubuntu 12.04 LTS ,\n Ubuntu 11.10 ,\n Ubuntu 11.04 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1480-1/\");\n script_id(841049);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-19 09:42:22 +0530 (Tue, 19 Jun 2012)\");\n script_cve_id(\"CVE-2012-0037\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"USN\", value: \"1480-1\");\n script_name(\"Ubuntu Update for raptor USN-1480-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libraptor1\", ver:\"1.4.21-1ubuntu1.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libraptor1\", ver:\"1.4.21-7ubuntu0.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libraptor1\", ver:\"1.4.21-5ubuntu0.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libraptor1\", ver:\"1.4.21-2ubuntu0.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-02T10:56:44", "bulletinFamily": "scanner", "description": "Check for the Version of openoffice.org-base", "modified": "2017-12-27T00:00:00", "published": "2012-07-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881155", "id": "OPENVAS:881155", "title": "CentOS Update for openoffice.org-base CESA-2012:0411 centos5 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openoffice.org-base CESA-2012:0411 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"OpenOffice.org is an office productivity suite that includes desktop\n applications, such as a word processor, spreadsheet application,\n presentation manager, formula editor, and a drawing program. OpenOffice.org\n embeds a copy of Raptor, which provides parsers for Resource Description\n Framework (RDF) files.\n\n An XML External Entity expansion flaw was found in the way Raptor processed\n RDF files. If OpenOffice.org were to open a specially-crafted file (such\n as an OpenDocument Format or OpenDocument Presentation file), it could\n possibly allow a remote attacker to obtain a copy of an arbitrary local\n file that the user running OpenOffice.org had access to. A bug in the way\n Raptor handled external entities could cause OpenOffice.org to crash or,\n possibly, execute arbitrary code with the privileges of the user running \n OpenOffice.org. (CVE-2012-0037)\n \n Red Hat would like to thank Timothy D. Morgan of VSR for reporting this\n issue.\n \n All OpenOffice.org users are advised to upgrade to these updated packages,\n which contain backported patches to correct this issue. All running\n instances of OpenOffice.org applications must be restarted for this update\n to take effect.\";\n\ntag_affected = \"openoffice.org-base on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-March/018519.html\");\n script_id(881155);\n script_version(\"$Revision: 8249 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 07:29:56 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:24:26 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2012-0037\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"CESA\", value: \"2012:0411\");\n script_name(\"CentOS Update for openoffice.org-base CESA-2012:0411 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openoffice.org-base\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-base\", rpm:\"openoffice.org-base~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-calc\", rpm:\"openoffice.org-calc~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-core\", rpm:\"openoffice.org-core~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-draw\", rpm:\"openoffice.org-draw~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-emailmerge\", rpm:\"openoffice.org-emailmerge~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-graphicfilter\", rpm:\"openoffice.org-graphicfilter~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-headless\", rpm:\"openoffice.org-headless~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-impress\", rpm:\"openoffice.org-impress~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-javafilter\", rpm:\"openoffice.org-javafilter~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-af_ZA\", rpm:\"openoffice.org-langpack-af_ZA~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-ar\", rpm:\"openoffice.org-langpack-ar~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-as_IN\", rpm:\"openoffice.org-langpack-as_IN~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-bg_BG\", rpm:\"openoffice.org-langpack-bg_BG~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-bn\", rpm:\"openoffice.org-langpack-bn~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-ca_ES\", rpm:\"openoffice.org-langpack-ca_ES~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-cs_CZ\", rpm:\"openoffice.org-langpack-cs_CZ~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-cy_GB\", rpm:\"openoffice.org-langpack-cy_GB~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-da_DK\", rpm:\"openoffice.org-langpack-da_DK~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-de\", rpm:\"openoffice.org-langpack-de~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-el_GR\", rpm:\"openoffice.org-langpack-el_GR~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-es\", rpm:\"openoffice.org-langpack-es~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-et_EE\", rpm:\"openoffice.org-langpack-et_EE~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-eu_ES\", rpm:\"openoffice.org-langpack-eu_ES~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-fi_FI\", rpm:\"openoffice.org-langpack-fi_FI~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-fr\", rpm:\"openoffice.org-langpack-fr~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-ga_IE\", rpm:\"openoffice.org-langpack-ga_IE~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-gl_ES\", rpm:\"openoffice.org-langpack-gl_ES~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-gu_IN\", rpm:\"openoffice.org-langpack-gu_IN~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-he_IL\", rpm:\"openoffice.org-langpack-he_IL~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-hi_IN\", rpm:\"openoffice.org-langpack-hi_IN~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-hr_HR\", rpm:\"openoffice.org-langpack-hr_HR~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-hu_HU\", rpm:\"openoffice.org-langpack-hu_HU~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-it\", rpm:\"openoffice.org-langpack-it~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-ja_JP\", rpm:\"openoffice.org-langpack-ja_JP~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-kn_IN\", rpm:\"openoffice.org-langpack-kn_IN~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-ko_KR\", rpm:\"openoffice.org-langpack-ko_KR~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-lt_LT\", rpm:\"openoffice.org-langpack-lt_LT~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-ml_IN\", rpm:\"openoffice.org-langpack-ml_IN~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-mr_IN\", rpm:\"openoffice.org-langpack-mr_IN~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-ms_MY\", rpm:\"openoffice.org-langpack-ms_MY~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-nb_NO\", rpm:\"openoffice.org-langpack-nb_NO~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-nl\", rpm:\"openoffice.org-langpack-nl~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-nn_NO\", rpm:\"openoffice.org-langpack-nn_NO~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-nr_ZA\", rpm:\"openoffice.org-langpack-nr_ZA~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-nso_ZA\", rpm:\"openoffice.org-langpack-nso_ZA~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-or_IN\", rpm:\"openoffice.org-langpack-or_IN~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-pa_IN\", rpm:\"openoffice.org-langpack-pa_IN~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-pl_PL\", rpm:\"openoffice.org-langpack-pl_PL~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-pt_BR\", rpm:\"openoffice.org-langpack-pt_BR~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-pt_PT\", rpm:\"openoffice.org-langpack-pt_PT~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-ru\", rpm:\"openoffice.org-langpack-ru~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-sk_SK\", rpm:\"openoffice.org-langpack-sk_SK~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-sl_SI\", rpm:\"openoffice.org-langpack-sl_SI~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-sr_CS\", rpm:\"openoffice.org-langpack-sr_CS~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-ss_ZA\", rpm:\"openoffice.org-langpack-ss_ZA~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-st_ZA\", rpm:\"openoffice.org-langpack-st_ZA~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-sv\", rpm:\"openoffice.org-langpack-sv~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-ta_IN\", rpm:\"openoffice.org-langpack-ta_IN~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-te_IN\", rpm:\"openoffice.org-langpack-te_IN~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-th_TH\", rpm:\"openoffice.org-langpack-th_TH~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-tn_ZA\", rpm:\"openoffice.org-langpack-tn_ZA~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-tr_TR\", rpm:\"openoffice.org-langpack-tr_TR~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-ts_ZA\", rpm:\"openoffice.org-langpack-ts_ZA~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-ur\", rpm:\"openoffice.org-langpack-ur~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-ve_ZA\", rpm:\"openoffice.org-langpack-ve_ZA~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-xh_ZA\", rpm:\"openoffice.org-langpack-xh_ZA~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-zh_CN\", rpm:\"openoffice.org-langpack-zh_CN~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-zh_TW\", rpm:\"openoffice.org-langpack-zh_TW~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-langpack-zu_ZA\", rpm:\"openoffice.org-langpack-zu_ZA~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-math\", rpm:\"openoffice.org-math~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-pyuno\", rpm:\"openoffice.org-pyuno~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-sdk\", rpm:\"openoffice.org-sdk~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-sdk-doc\", rpm:\"openoffice.org-sdk-doc~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-testtools\", rpm:\"openoffice.org-testtools~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-ure\", rpm:\"openoffice.org-ure~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-writer\", rpm:\"openoffice.org-writer~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org-xsltfilter\", rpm:\"openoffice.org-xsltfilter~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openoffice.org\", rpm:\"openoffice.org~3.1.1~19.10.el5_8.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-11T11:07:01", "bulletinFamily": "scanner", "description": "Check for the Version of raptor2", "modified": "2018-01-10T00:00:00", "published": "2012-08-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=864393", "id": "OPENVAS:864393", "title": "Fedora Update for raptor2 FEDORA-2012-4629", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for raptor2 FEDORA-2012-4629\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"raptor2 on Fedora 17\";\ntag_insight = \"Raptor is the RDF Parser Toolkit for Redland that provides\n a set of standalone RDF parsers, generating triples from RDF/XML\n or N-Triples.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.html\");\n script_id(864393);\n script_version(\"$Revision: 8352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-10 08:01:57 +0100 (Wed, 10 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:07:40 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-0037\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-4629\");\n script_name(\"Fedora Update for raptor2 FEDORA-2012-4629\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of raptor2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"raptor2\", rpm:\"raptor2~2.0.7~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:32", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-08-30T00:00:00", "id": "OPENVAS:1361412562310864393", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864393", "title": "Fedora Update for raptor2 FEDORA-2012-4629", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for raptor2 FEDORA-2012-4629\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864393\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:07:40 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-0037\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"FEDORA\", value:\"2012-4629\");\n script_name(\"Fedora Update for raptor2 FEDORA-2012-4629\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'raptor2'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"raptor2 on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"raptor2\", rpm:\"raptor2~2.0.7~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2019-02-21T01:19:09", "bulletinFamily": "scanner", "description": "Timothy D. Morgan discovered that Raptor would unconditionally load XML external entities. If a user were tricked into opening a specially crafted document in an application linked against Raptor, an attacker could possibly obtain access to arbitrary files on the user's system or potentially execute arbitrary code with the privileges of the user invoking the program.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-1901-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67206", "published": "2013-07-09T00:00:00", "title": "Ubuntu 12.04 LTS : raptor2 vulnerability (USN-1901-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1901-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67206);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/12/01 13:19:08\");\n\n script_cve_id(\"CVE-2012-0037\");\n script_bugtraq_id(52681);\n script_xref(name:\"USN\", value:\"1901-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : raptor2 vulnerability (USN-1901-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Timothy D. Morgan discovered that Raptor would unconditionally load\nXML external entities. If a user were tricked into opening a specially\ncrafted document in an application linked against Raptor, an attacker\ncould possibly obtain access to arbitrary files on the user's system\nor potentially execute arbitrary code with the privileges of the user\ninvoking the program.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1901-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libraptor2-0 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libraptor2-0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libraptor2-0\", pkgver:\"2.0.6-1ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libraptor2-0\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:16:48", "bulletinFamily": "scanner", "description": "Timothy D. Morgan discovered that Raptor would unconditionally load XML external entities. If a user were tricked into opening a specially crafted document in an application linked against Raptor, an attacker could possibly obtain access to arbitrary files on the user's system or potentially execute arbitrary code with the privileges of the user invoking the program.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-1480-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=59567", "published": "2012-06-19T00:00:00", "title": "Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : raptor vulnerability (USN-1480-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1480-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59567);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/12/01 13:19:07\");\n\n script_cve_id(\"CVE-2012-0037\");\n script_bugtraq_id(52681);\n script_xref(name:\"USN\", value:\"1480-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : raptor vulnerability (USN-1480-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Timothy D. Morgan discovered that Raptor would unconditionally load\nXML external entities. If a user were tricked into opening a specially\ncrafted document in an application linked against Raptor, an attacker\ncould possibly obtain access to arbitrary files on the user's system\nor potentially execute arbitrary code with the privileges of the user\ninvoking the program.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1480-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libraptor1 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libraptor1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.04|11\\.04|11\\.10|12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 11.04 / 11.10 / 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libraptor1\", pkgver:\"1.4.21-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libraptor1\", pkgver:\"1.4.21-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libraptor1\", pkgver:\"1.4.21-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libraptor1\", pkgver:\"1.4.21-7ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libraptor1\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:21:20", "bulletinFamily": "scanner", "description": "- updated to libreoffice-3.4.5.5 (SUSE 3.4.5-rc3) :\n\n - extras\n\n - add SUSE color palette (fate#312645)\n\n - filters\n\n - crash when loading embedded elements (bnc#693238)\n\n - crash when importing an empty paragraph (rh#667082)\n\n - writer\n\n - do not use an invalidated iterator (fdo#46337)\n\n - updated to libreoffice-3.4.5.4 (SUSE 3.4.5-rc2)\n\n - calc\n\n - pie charts colors messed in XLS import (fdo#40320)\n\n - correctly import data point formats in data series (fdo#40320)\n\n - components\n\n - crash when parsing XML signatures (fdo#39657)\n\n - broken getDataArray (fdo#46165, fdo#38441, i#117010)\n\n - don't paint a frame around the list of edit boxes (fdo#42543)\n\n - inconsistent compression method for encrypted documents (bnc#653688)\n\n - filters\n\n - more on bentConnectors (bnc#736495)\n\n - wrong text color in smartArt (bnc#746996)\n\n - reading of w:textbox contents (bnc#693388)\n\n - textbox position and size DOCX import (fdo#45560)\n\n - RTF/DOCX import of transparent frames (bnc#695479)\n\n - consecutive frames in RTF/DOCX import (bnc#703032)\n\n - handling of frame properties in RTF import (bnc#417818)\n\n - force imported XLSX active tab to be shown (bnc#748198)\n\n - create TableManager for inside shapes (bnc#747471, bnc#693238)\n\n - textboxes import with OLE objects inside (bnc#747471, bnc#693238)\n\n - impress\n\n - do not create an empty slide when printing handouts (fdo#31966)\n\n - libs-core\n\n - default shortcut for .uno:SearchDialog should be Ctrl+H\n\n - crash using instances dialog of dataform navigator (fdo#44816)\n\n - libs-extern\n\n - disable problematic reading of external entities in raptor\n\n - libs-gui\n\n - correctly calculate leap year\n\n - use proper Indian Rupee currency symbol U+20B9 (rh#794679)\n\n - writer\n\n - field refreshing (fdo#39694)\n\n - more layout crashers (i#101776, fdo#39510)\n\n - textbox borders style and width in DOCX import (fdo#45560)\n\n - expand all text fields when setting properties (fdo#42073)\n\n - updated to libreoffice-3.4.5.3 (SUSE 3.4.5-rc1)\n\n - version 3.4.5.3, tag suse-3.4.5.3 (SUSE LO 3.4.5-rc1)\n\n - SmartArt import\n\n - custom shapes import\n\n - Oracle Java 1.7.0 detection\n\n - reading AES-encrypted ODF 1.2 documents as generated by LO 3.5\n\n - base\n\n - iterator misuse (fdo #44040, bnc#742178)\n\n - calc\n\n - allow pasting to multiple ranges (bnc#715094)\n\n - correctly convert chart data ranges (bnc#727504)\n\n - definedName corruption for XLSX export (bnc#741182)\n\n - adjust/shrink the ranges while copying (bnc#677811)\n\n - extra graph data is displayed for label (bnc#717290)\n\n - getCellRangeByName failure for named range (bnc#738113)\n\n - graph in XLS file has dates displayed wrong (bnc#720443)\n\n - improve performance of large Excel documents (bnc#715104)\n\n - display page background color/image properly (bnc#722045)\n\n - pivot table output becoming empty on re-save (bnc#715543)\n\n - encode virtual paths to local volume correctly (bnc#719887)\n\n - avoid adjusting cell-anchored objects on other sheets (bnc#726152)\n\n - make sure to adjust the sheet index of drawing objects (bnc#733864)\n\n - make the data validation popup more reliable (fdo #36851, bnc#737190)\n\n - filters\n\n - table style (bnc#705991)\n\n - text rotation fixes (bnc#734734)\n\n - crash in PPTX import (bnc#706792)\n\n - read w:sdt* contents (bnc#705949)\n\n - connector shape fixes (bnc#719989)\n\n - legacy fragment import (bnc#699334)\n\n - non-working Excel macros (bnc#705977)\n\n - free drawn curves import (bnc#657909)\n\n - group shape transformations (bnc#621739)\n\n - extLst of drawings in diagrams import (bnc#655408)\n\n - flip properties of custom shapes import (bnc#705985)\n\n - line spacing is used from previous values (bnc#734734)\n\n - missing ooxml customshape->mso shape name entries (bnc#737921)\n\n - word doesn't break the numberings and prefers hiding them (bnc#707157)\n\n - impress\n\n - undo corruption (bnc#685123)\n\n - do not set duplicate master slide names (bnc#735533)\n\n - libs-core\n\n - handle copy and paste from ConsoleOne (bnc#704274)\n\n - VBA control events not working, broken eventattacher (bnc#718227)\n\n - 'General Error' when double-click graphic in presentation (bnc#720948)\n\n - libs-extern-sys\n\n - upgrade graphite to 1.0.3 fix surrogate support\n\n - libs-gui\n\n - crash at exit (bnc#728603)\n\n - radial gradient offset (bnc#714787)\n\n - horizontal scrollbars with KDE oxygen style (bnc#722918)\n\n - rendering of metafiles embedded in EMF+ (updated) (bnc#705956)\n\n - postprocess\n\n - make the 3D transitions work again (bnc#728559)\n\n - ure\n\n - make Duden Korrektor 5 and 6 work\n\n - writer\n\n - frame selection (bnc#740117)\n\n - crash when editing index (bnc#726174)\n\n - order database properties (bnc#740032)\n\n - numbering levels in DOC import (bnc#715115)\n\n - image size issue in DOC import (bnc#718971)\n\n - pointless forward moving of a table (bnc#706138)\n\n - tabs set after the end margin in DOCX import (bnc#693238)\n\n - add hyperlinks by default in Table of Contents (bnc#705956)\n\n - updated to libreoffice-3.4.4.3 (SUSE 3.4.4-rc1 == final) :\n\n - base\n\n - crash when inserting a constant in a query (fdo#38286)\n\n - calc\n\n - crash when modifying a named range\n\n - speed up range name lookup by index (bnc#715104)\n\n - recalculate matrix formula dimension correctly (fdo#39485)\n\n - mark all formula cells dirty when appending a new sheet (fdo#35965)\n\n - components\n\n - handling of SAFEARRAY(s) in olebridge (fdo#38441)\n\n - filters\n\n - auto fit text VIEWING too small in PPT import (fdo#41245)\n\n - impress\n\n - hang in slideshow (fdo#32861)\n\n - crash while dropping texture (fdo#38391)\n\n - libs-core\n\n - recognize .svg in ODF container (fdo#41995)\n\n - dictionaries lost after LibO upgrade (fdo#37195)\n\n - crash when 'Find Record' button is clicked in Base (fdo#40701)\n\n - fix the drawing of dotted and dashed borders in Calc (fdo#37129)\n\n - VBA control events not working; broken eventattacher (bnc#718227)\n\n - libs-extern-sys\n\n - upgrade graphite to 1.0.3 to fix surrogate support\n\n - libs-gui\n\n - crash when changing screen resolution\n\n - let Qt call XInitThreads() (fdo#40298)\n\n - activation order crashes address database (fdo#41022)\n\n - drawing of dotted and dashed borders in Calc (fdo#37129)\n\n - translations\n\n - update translations\n\n - writer\n\n - leak in PDF export (i#116448)\n\n - crash when editing index (bnc#726174)\n\n - crash while processing incorrect range of pages (fdo#35513)\n\n - crash on closing document with footnotes (fdo#39510, lp#854626)", "modified": "2018-11-10T00:00:00", "id": "OPENSUSE-2012-183.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=74581", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : libreoffice (openSUSE-SU-2012:0428-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-183.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74581);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/10 11:50:00\");\n\n script_cve_id(\"CVE-2012-0037\");\n\n script_name(english:\"openSUSE Security Update : libreoffice (openSUSE-SU-2012:0428-1)\");\n script_summary(english:\"Check for the openSUSE-2012-183 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - updated to libreoffice-3.4.5.5 (SUSE 3.4.5-rc3) :\n\n - extras\n\n - add SUSE color palette (fate#312645)\n\n - filters\n\n - crash when loading embedded elements (bnc#693238)\n\n - crash when importing an empty paragraph (rh#667082)\n\n - writer\n\n - do not use an invalidated iterator (fdo#46337)\n\n - updated to libreoffice-3.4.5.4 (SUSE 3.4.5-rc2)\n\n - calc\n\n - pie charts colors messed in XLS import (fdo#40320)\n\n - correctly import data point formats in data series\n (fdo#40320)\n\n - components\n\n - crash when parsing XML signatures (fdo#39657)\n\n - broken getDataArray (fdo#46165, fdo#38441, i#117010)\n\n - don't paint a frame around the list of edit boxes\n (fdo#42543)\n\n - inconsistent compression method for encrypted documents\n (bnc#653688)\n\n - filters\n\n - more on bentConnectors (bnc#736495)\n\n - wrong text color in smartArt (bnc#746996)\n\n - reading of w:textbox contents (bnc#693388)\n\n - textbox position and size DOCX import (fdo#45560)\n\n - RTF/DOCX import of transparent frames (bnc#695479)\n\n - consecutive frames in RTF/DOCX import (bnc#703032)\n\n - handling of frame properties in RTF import (bnc#417818)\n\n - force imported XLSX active tab to be shown (bnc#748198)\n\n - create TableManager for inside shapes (bnc#747471,\n bnc#693238)\n\n - textboxes import with OLE objects inside (bnc#747471,\n bnc#693238)\n\n - impress\n\n - do not create an empty slide when printing handouts\n (fdo#31966)\n\n - libs-core\n\n - default shortcut for .uno:SearchDialog should be Ctrl+H\n\n - crash using instances dialog of dataform navigator\n (fdo#44816)\n\n - libs-extern\n\n - disable problematic reading of external entities in\n raptor\n\n - libs-gui\n\n - correctly calculate leap year\n\n - use proper Indian Rupee currency symbol U+20B9\n (rh#794679)\n\n - writer\n\n - field refreshing (fdo#39694)\n\n - more layout crashers (i#101776, fdo#39510)\n\n - textbox borders style and width in DOCX import\n (fdo#45560)\n\n - expand all text fields when setting properties\n (fdo#42073)\n\n - updated to libreoffice-3.4.5.3 (SUSE 3.4.5-rc1)\n\n - version 3.4.5.3, tag suse-3.4.5.3 (SUSE LO 3.4.5-rc1)\n\n - SmartArt import\n\n - custom shapes import\n\n - Oracle Java 1.7.0 detection\n\n - reading AES-encrypted ODF 1.2 documents as generated by\n LO 3.5\n\n - base\n\n - iterator misuse (fdo #44040, bnc#742178)\n\n - calc\n\n - allow pasting to multiple ranges (bnc#715094)\n\n - correctly convert chart data ranges (bnc#727504)\n\n - definedName corruption for XLSX export (bnc#741182)\n\n - adjust/shrink the ranges while copying (bnc#677811)\n\n - extra graph data is displayed for label (bnc#717290)\n\n - getCellRangeByName failure for named range (bnc#738113)\n\n - graph in XLS file has dates displayed wrong (bnc#720443)\n\n - improve performance of large Excel documents\n (bnc#715104)\n\n - display page background color/image properly\n (bnc#722045)\n\n - pivot table output becoming empty on re-save\n (bnc#715543)\n\n - encode virtual paths to local volume correctly\n (bnc#719887)\n\n - avoid adjusting cell-anchored objects on other sheets\n (bnc#726152)\n\n - make sure to adjust the sheet index of drawing objects\n (bnc#733864)\n\n - make the data validation popup more reliable (fdo\n #36851, bnc#737190)\n\n - filters\n\n - table style (bnc#705991)\n\n - text rotation fixes (bnc#734734)\n\n - crash in PPTX import (bnc#706792)\n\n - read w:sdt* contents (bnc#705949)\n\n - connector shape fixes (bnc#719989)\n\n - legacy fragment import (bnc#699334)\n\n - non-working Excel macros (bnc#705977)\n\n - free drawn curves import (bnc#657909)\n\n - group shape transformations (bnc#621739)\n\n - extLst of drawings in diagrams import (bnc#655408)\n\n - flip properties of custom shapes import (bnc#705985)\n\n - line spacing is used from previous values (bnc#734734)\n\n - missing ooxml customshape->mso shape name entries\n (bnc#737921)\n\n - word doesn't break the numberings and prefers hiding\n them (bnc#707157)\n\n - impress\n\n - undo corruption (bnc#685123)\n\n - do not set duplicate master slide names (bnc#735533)\n\n - libs-core\n\n - handle copy and paste from ConsoleOne (bnc#704274)\n\n - VBA control events not working, broken eventattacher\n (bnc#718227)\n\n - 'General Error' when double-click graphic in\n presentation (bnc#720948)\n\n - libs-extern-sys\n\n - upgrade graphite to 1.0.3 fix surrogate support\n\n - libs-gui\n\n - crash at exit (bnc#728603)\n\n - radial gradient offset (bnc#714787)\n\n - horizontal scrollbars with KDE oxygen style (bnc#722918)\n\n - rendering of metafiles embedded in EMF+ (updated)\n (bnc#705956)\n\n - postprocess\n\n - make the 3D transitions work again (bnc#728559)\n\n - ure\n\n - make Duden Korrektor 5 and 6 work\n\n - writer\n\n - frame selection (bnc#740117)\n\n - crash when editing index (bnc#726174)\n\n - order database properties (bnc#740032)\n\n - numbering levels in DOC import (bnc#715115)\n\n - image size issue in DOC import (bnc#718971)\n\n - pointless forward moving of a table (bnc#706138)\n\n - tabs set after the end margin in DOCX import\n (bnc#693238)\n\n - add hyperlinks by default in Table of Contents\n (bnc#705956)\n\n - updated to libreoffice-3.4.4.3 (SUSE 3.4.4-rc1 == \nfinal) :\n\n - base\n\n - crash when inserting a constant in a query (fdo#38286)\n\n - calc\n\n - crash when modifying a named range\n\n - speed up range name lookup by index (bnc#715104)\n\n - recalculate matrix formula dimension correctly\n (fdo#39485)\n\n - mark all formula cells dirty when appending a new sheet\n (fdo#35965)\n\n - components\n\n - handling of SAFEARRAY(s) in olebridge (fdo#38441)\n\n - filters\n\n - auto fit text VIEWING too small in PPT import\n (fdo#41245)\n\n - impress\n\n - hang in slideshow (fdo#32861)\n\n - crash while dropping texture (fdo#38391)\n\n - libs-core\n\n - recognize .svg in ODF container (fdo#41995)\n\n - dictionaries lost after LibO upgrade (fdo#37195)\n\n - crash when 'Find Record' button is clicked in Base\n (fdo#40701)\n\n - fix the drawing of dotted and dashed borders in Calc\n (fdo#37129)\n\n - VBA control events not working; broken eventattacher\n (bnc#718227)\n\n - libs-extern-sys\n\n - upgrade graphite to 1.0.3 to fix surrogate support\n\n - libs-gui\n\n - crash when changing screen resolution\n\n - let Qt call XInitThreads() (fdo#40298)\n\n - activation order crashes address database (fdo#41022)\n\n - drawing of dotted and dashed borders in Calc (fdo#37129)\n\n - translations\n\n - update translations\n\n - writer\n\n - leak in PDF export (i#116448)\n\n - crash when editing index (bnc#726174)\n\n - crash while processing incorrect range of pages\n (fdo#35513)\n\n - crash on closing document with footnotes (fdo#39510,\n lp#854626)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=417818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=621739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=653688\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=655408\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=657909\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=677811\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=685123\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=693238\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=693388\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=695479\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=699334\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=703032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=704274\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=705949\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=705956\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=705977\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=705985\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=705991\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=706138\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=706792\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=707157\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=714787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=715094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=715104\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=715115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=715543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=717290\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=718227\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=718971\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=719887\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=719989\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=720443\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=720948\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=722045\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=722644\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=722918\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=724087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=726152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=726174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=727504\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=728559\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=728603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=733864\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=734734\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=734781\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=735533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=736495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=737190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=737921\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=738113\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=740032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=740117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=740453\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=741043\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=741182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=742178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=746996\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=747471\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=748198\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=748548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-03/msg00049.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libreoffice packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-base-drivers-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-base-drivers-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-base-drivers-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-base-drivers-postgresql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-base-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-calc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-calc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-calc-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-draw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-draw-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-draw-extensions-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-filters-optional\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-filters-optional-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-gnome-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-help-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-help-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-help-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-help-en-GB\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-help-en-US\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-help-en-ZA\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-help-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-help-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-help-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-help-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-help-gu-IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-help-hi-IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-help-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-help-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-help-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-help-km\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-help-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-help-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-help-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-help-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-help-pt-BR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-help-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-help-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-help-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-help-zh-CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-help-zh-TW\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-icon-theme-crystal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-icon-theme-galaxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-icon-theme-hicontrast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-icon-theme-oxygen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-icon-theme-tango\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-icon-themes-prebuilt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-impress\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-impress-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-impress-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-impress-extensions-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-kde-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-kde4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-kde4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-be-BY\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-en-GB\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-en-ZA\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-ga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-gu-IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-hi-IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-km\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-nb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-nn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-nr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-pa-IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-prebuilt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-pt-BR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-rw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-sh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-ss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-st\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-tg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-ts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-ve\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-xh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-zh-CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-zh-TW\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-l10n-zu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-mailmerge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-math\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-math-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-officebean\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-officebean-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-pyuno\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-pyuno-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-sdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-testtool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-testtool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-writer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-writer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libreoffice-writer-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-base-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-base-debuginfo-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-base-drivers-mysql-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-base-drivers-mysql-debuginfo-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-base-drivers-postgresql-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-base-drivers-postgresql-debuginfo-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-base-extensions-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-branding-upstream-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-calc-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-calc-debuginfo-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-calc-extensions-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-debuginfo-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-debugsource-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-draw-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-draw-extensions-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-draw-extensions-debuginfo-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-filters-optional-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-filters-optional-debuginfo-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-gnome-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-gnome-debuginfo-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-help-cs-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-help-da-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-help-de-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-help-en-GB-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-help-en-US-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-help-en-ZA-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-help-es-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-help-et-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-help-fr-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-help-gl-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-help-gu-IN-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-help-hi-IN-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-help-hu-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-help-it-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-help-ja-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-help-km-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-help-ko-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-help-nl-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-help-pl-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-help-pt-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-help-pt-BR-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-help-ru-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-help-sl-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-help-sv-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-help-zh-CN-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-help-zh-TW-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-icon-theme-crystal-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-icon-theme-galaxy-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-icon-theme-hicontrast-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-icon-theme-oxygen-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-icon-theme-tango-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-icon-themes-prebuilt-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-impress-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-impress-debuginfo-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-impress-extensions-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-impress-extensions-debuginfo-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-kde-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-kde-debuginfo-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-kde4-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-kde4-debuginfo-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-af-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-ar-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-be-BY-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-bg-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-br-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-ca-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-cs-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-cy-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-da-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-de-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-el-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-en-GB-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-en-ZA-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-es-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-et-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-fi-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-fr-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-ga-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-gl-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-gu-IN-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-he-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-hi-IN-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-hr-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-hu-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-it-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-ja-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-ka-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-km-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-ko-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-lt-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-mk-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-nb-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-nl-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-nn-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-nr-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-pa-IN-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-pl-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-prebuilt-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-pt-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-pt-BR-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-ru-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-rw-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-sh-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-sk-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-sl-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-sr-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-ss-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-st-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-sv-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-tg-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-th-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-tr-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-ts-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-uk-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-ve-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-vi-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-xh-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-zh-CN-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-zh-TW-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-l10n-zu-3.4.5.5-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-mailmerge-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-math-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-math-debuginfo-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-officebean-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-officebean-debuginfo-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-pyuno-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-pyuno-debuginfo-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-sdk-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-sdk-debuginfo-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-testtool-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-testtool-debuginfo-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-writer-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-writer-debuginfo-3.4.5.5-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libreoffice-writer-extensions-3.4.5.5-4.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libreoffice-branding-upstream / libreoffice-help-en-US / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:16:32", "bulletinFamily": "scanner", "description": "The remote host is running a version of LibreOffice < 3.4.6 / 3.5.1 that has flaws in the way certain XML components are processed for external entities in ODF documents. These flaws can be utilized to access and inject the content of local files into an ODF document without a user's knowledge or permission, or inject arbitrary code that would be executed when opened by the user.", "modified": "2018-07-12T00:00:00", "id": "LIBREOFFICE_351.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=58726", "published": "2012-04-12T00:00:00", "title": "LibreOffice < 3.4.6 / 3.5.1 XML External Entity RDF Document Handling Information Disclosure", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(58726);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/12 19:01:17\");\n\n script_cve_id(\"CVE-2012-0037\");\n script_bugtraq_id(52681);\n\n script_name(english:\"LibreOffice < 3.4.6 / 3.5.1 XML External Entity RDF Document Handling Information Disclosure\");\n script_summary(english:\"Checks if patch is installed\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host is running an application affected by a data leakage\nvulnerability.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is running a version of LibreOffice < 3.4.6 / 3.5.1\nthat has flaws in the way certain XML components are processed for\nexternal entities in ODF documents. These flaws can be utilized to\naccess and inject the content of local files into an ODF document\nwithout a user's knowledge or permission, or inject arbitrary code\nthat would be executed when opened by the user.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.libreoffice.org/advisories/CVE-2012-0037/\");\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade to LibreOffice 3.4.6 / 3.5.1 or higher.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/03/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:libreoffice:libreoffice\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"libreoffice_installed.nasl\");\n script_require_keys(\"SMB/LibreOffice/Version\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nkb_base = \"SMB/LibreOffice\";\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\");\npath = get_kb_item_or_exit(kb_base+\"/Path\");\nversion_ui = get_kb_item_or_exit(kb_base+\"/Version_UI\");\n\nif (\n version =~ \"^3\\.3\\.\" ||\n (version =~ \"^3\\.4\\.\" &&\n ver_compare(ver:version, fix:'3.4.602.500', strict:FALSE) == -1)\n ||\n (version =~ \"^3\\.5\\.\" &&\n ver_compare(ver:version, fix:'3.5.0.102', strict:FALSE) == -1)\n)\n{\n port = get_kb_item(\"SMB/transport\");\n if (report_verbosity > 0)\n {\n report = \n '\\n Path : ' + path + \n '\\n Installed version : ' + version_ui + \n '\\n Fixed version : 3.4.6 / 3.5.1\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse exit(0, \"The LibreOffice \"+version_ui+\" install under \"+path+\" is not affected.\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:19:35", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2012:0410 :\n\nUpdated raptor packages that fix one security issue are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nRaptor provides parsers for Resource Description Framework (RDF) files.\n\nAn XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially crafted RDF file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running the application had access to. A bug in the way Raptor handled external entities could cause that application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-0037)\n\nRed Hat would like to thank Timothy D. Morgan of VSR for reporting this issue.\n\nAll Raptor users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against Raptor must be restarted for this update to take effect.", "modified": "2018-07-18T00:00:00", "id": "ORACLELINUX_ELSA-2012-0410.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68500", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 6 : raptor (ELSA-2012-0410)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0410 and \n# Oracle Linux Security Advisory ELSA-2012-0410 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68500);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2012-0037\");\n script_bugtraq_id(52681);\n script_xref(name:\"RHSA\", value:\"2012:0410\");\n\n script_name(english:\"Oracle Linux 6 : raptor (ELSA-2012-0410)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0410 :\n\nUpdated raptor packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nRaptor provides parsers for Resource Description Framework (RDF)\nfiles.\n\nAn XML External Entity expansion flaw was found in the way Raptor\nprocessed RDF files. If an application linked against Raptor were to\nopen a specially crafted RDF file, it could possibly allow a remote\nattacker to obtain a copy of an arbitrary local file that the user\nrunning the application had access to. A bug in the way Raptor handled\nexternal entities could cause that application to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2012-0037)\n\nRed Hat would like to thank Timothy D. Morgan of VSR for reporting\nthis issue.\n\nAll Raptor users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. All running\napplications linked against Raptor must be restarted for this update\nto take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-March/002710.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected raptor packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:raptor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:raptor-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"raptor-1.4.18-5.el6_2.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"raptor-devel-1.4.18-5.el6_2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"raptor / raptor-devel\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:16:25", "bulletinFamily": "scanner", "description": "Updated raptor packages that fix one security issue are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nRaptor provides parsers for Resource Description Framework (RDF) files.\n\nAn XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially crafted RDF file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running the application had access to. A bug in the way Raptor handled external entities could cause that application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-0037)\n\nRed Hat would like to thank Timothy D. Morgan of VSR for reporting this issue.\n\nAll Raptor users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against Raptor must be restarted for this update to take effect.", "modified": "2018-11-26T00:00:00", "id": "REDHAT-RHSA-2012-0410.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=58441", "published": "2012-03-23T00:00:00", "title": "RHEL 6 : raptor (RHSA-2012:0410)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0410. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58441);\n script_version (\"1.16\");\n script_cvs_date(\"Date: 2018/11/26 11:02:15\");\n\n script_cve_id(\"CVE-2012-0037\");\n script_bugtraq_id(52681);\n script_xref(name:\"RHSA\", value:\"2012:0410\");\n\n script_name(english:\"RHEL 6 : raptor (RHSA-2012:0410)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated raptor packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nRaptor provides parsers for Resource Description Framework (RDF)\nfiles.\n\nAn XML External Entity expansion flaw was found in the way Raptor\nprocessed RDF files. If an application linked against Raptor were to\nopen a specially crafted RDF file, it could possibly allow a remote\nattacker to obtain a copy of an arbitrary local file that the user\nrunning the application had access to. A bug in the way Raptor handled\nexternal entities could cause that application to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2012-0037)\n\nRed Hat would like to thank Timothy D. Morgan of VSR for reporting\nthis issue.\n\nAll Raptor users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. All running\napplications linked against Raptor must be restarted for this update\nto take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0037\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0410\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected raptor, raptor-debuginfo and / or raptor-devel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:raptor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:raptor-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:raptor-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0410\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"raptor-1.4.18-5.el6_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"raptor-debuginfo-1.4.18-5.el6_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"raptor-devel-1.4.18-5.el6_2.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"raptor / raptor-debuginfo / raptor-devel\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:16:25", "bulletinFamily": "scanner", "description": "Timothy D. Morgan reports :\n\nIn December 2011, VSR identified a vulnerability in multiple open source office products (including OpenOffice, LibreOffice, KOffice, and AbiWord) due to unsafe interpretation of XML files with custom entity declarations. Deeper analysis revealed that the vulnerability was caused by acceptance of external entities by the libraptor library, which is used by librdf and is in turn used by these office products.\n\nIn the context of office applications, these vulnerabilities could allow for XML External Entity (XXE) attacks resulting in file theft and a loss of user privacy when opening potentially malicious ODF documents. For other applications which depend on librdf or libraptor, potentially serious consequences could result from accepting RDF/XML content from untrusted sources, though the impact may vary widely depending on the context.", "modified": "2018-11-21T00:00:00", "id": "FREEBSD_PKG_60F81AF3769011E1942300235A5F2C9A.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=58472", "published": "2012-03-26T00:00:00", "title": "FreeBSD : raptor/raptor2 -- XXE in RDF/XML File Interpretation (60f81af3-7690-11e1-9423-00235a5f2c9a)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58472);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/21 10:46:30\");\n\n script_cve_id(\"CVE-2012-0037\");\n\n script_name(english:\"FreeBSD : raptor/raptor2 -- XXE in RDF/XML File Interpretation (60f81af3-7690-11e1-9423-00235a5f2c9a)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Timothy D. Morgan reports :\n\nIn December 2011, VSR identified a vulnerability in multiple open\nsource office products (including OpenOffice, LibreOffice, KOffice,\nand AbiWord) due to unsafe interpretation of XML files with custom\nentity declarations. Deeper analysis revealed that the vulnerability\nwas caused by acceptance of external entities by the libraptor\nlibrary, which is used by librdf and is in turn used by these office\nproducts.\n\nIn the context of office applications, these vulnerabilities could\nallow for XML External Entity (XXE) attacks resulting in file theft\nand a loss of user privacy when opening potentially malicious ODF\ndocuments. For other applications which depend on librdf or libraptor,\npotentially serious consequences could result from accepting RDF/XML\ncontent from untrusted sources, though the impact may vary widely\ndepending on the context.\"\n );\n # http://seclists.org/fulldisclosure/2012/Mar/281\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://seclists.org/fulldisclosure/2012/Mar/281\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.vsecurity.com/resources/advisory/20120324-1/\"\n );\n # https://vuxml.freebsd.org/freebsd/60f81af3-7690-11e1-9423-00235a5f2c9a.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5069b9d1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:raptor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:raptor2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"raptor2<2.0.7\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"raptor<1.4.21_2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:16:24", "bulletinFamily": "scanner", "description": "It was discovered that Raptor, a RDF parser and serializer library, allows file inclusion through XML entities, resulting in information disclosure.", "modified": "2018-11-10T00:00:00", "id": "DEBIAN_DSA-2438.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=58436", "published": "2012-03-23T00:00:00", "title": "Debian DSA-2438-1 : raptor - programming error", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2438. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58436);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/10 11:49:35\");\n\n script_cve_id(\"CVE-2012-0037\");\n script_bugtraq_id(52681);\n script_xref(name:\"DSA\", value:\"2438\");\n\n script_name(english:\"Debian DSA-2438-1 : raptor - programming error\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Raptor, a RDF parser and serializer library,\nallows file inclusion through XML entities, resulting in information\ndisclosure.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/raptor\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2438\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the raptor packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.4.21-2+squeeze1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:raptor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libraptor1\", reference:\"1.4.21-2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libraptor1-dbg\", reference:\"1.4.21-2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libraptor1-dev\", reference:\"1.4.21-2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libraptor1-doc\", reference:\"1.4.21-2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"raptor-utils\", reference:\"1.4.21-2+squeeze1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:16:25", "bulletinFamily": "scanner", "description": "Specially crafted XML files could have allowed XML External Entity (XXE) attacks resulting in file theft and a loss of user privacy. This has been fixed.", "modified": "2013-10-25T00:00:00", "id": "SUSE_11_LIBRAPTOR-DEVEL-120217.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=58479", "published": "2012-03-26T00:00:00", "title": "SuSE 11.1 Security Update : libraptor (SAT Patch Number 5836)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58479);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2013/10/25 23:52:01 $\");\n\n script_cve_id(\"CVE-2012-0037\");\n\n script_name(english:\"SuSE 11.1 Security Update : libraptor (SAT Patch Number 5836)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted XML files could have allowed XML External Entity\n(XXE) attacks resulting in file theft and a loss of user privacy. This\nhas been fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=745298\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0037.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 5836.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libraptor1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:raptor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libraptor1-1.4.18-28.23.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"raptor-1.4.18-28.23.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libraptor1-1.4.18-28.23.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"raptor-1.4.18-28.23.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libraptor1-1.4.18-28.23.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:16:25", "bulletinFamily": "scanner", "description": "Updated openoffice.org packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nOpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program.\nOpenOffice.org embeds a copy of Raptor, which provides parsers for Resource Description Framework (RDF) files.\n\nAn XML External Entity expansion flaw was found in the way Raptor processed RDF files. If OpenOffice.org were to open a specially crafted file (such as an OpenDocument Format or OpenDocument Presentation file), it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running OpenOffice.org had access to. A bug in the way Raptor handled external entities could cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org.\n(CVE-2012-0037)\n\nRed Hat would like to thank Timothy D. Morgan of VSR for reporting this issue.\n\nAll OpenOffice.org users are advised to upgrade to these updated packages, which contain backported patches to correct this issue. All running instances of OpenOffice.org applications must be restarted for this update to take effect.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2012-0411.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=58458", "published": "2012-03-26T00:00:00", "title": "CentOS 5 : openoffice.org (CESA-2012:0411)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0411 and \n# CentOS Errata and Security Advisory 2012:0411 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58458);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/10 11:49:30\");\n\n script_cve_id(\"CVE-2012-0037\");\n script_bugtraq_id(52681);\n script_xref(name:\"RHSA\", value:\"2012:0411\");\n\n script_name(english:\"CentOS 5 : openoffice.org (CESA-2012:0411)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openoffice.org packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nOpenOffice.org is an office productivity suite that includes desktop\napplications, such as a word processor, spreadsheet application,\npresentation manager, formula editor, and a drawing program.\nOpenOffice.org embeds a copy of Raptor, which provides parsers for\nResource Description Framework (RDF) files.\n\nAn XML External Entity expansion flaw was found in the way Raptor\nprocessed RDF files. If OpenOffice.org were to open a specially\ncrafted file (such as an OpenDocument Format or OpenDocument\nPresentation file), it could possibly allow a remote attacker to\nobtain a copy of an arbitrary local file that the user running\nOpenOffice.org had access to. A bug in the way Raptor handled external\nentities could cause OpenOffice.org to crash or, possibly, execute\narbitrary code with the privileges of the user running OpenOffice.org.\n(CVE-2012-0037)\n\nRed Hat would like to thank Timothy D. Morgan of VSR for reporting\nthis issue.\n\nAll OpenOffice.org users are advised to upgrade to these updated\npackages, which contain backported patches to correct this issue. All\nrunning instances of OpenOffice.org applications must be restarted for\nthis update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-March/018519.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c89817fb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openoffice.org packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-calc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-draw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-emailmerge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-graphicfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-impress\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-javafilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-af_ZA\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-as_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-bg_BG\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-bn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-ca_ES\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-cs_CZ\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-cy_GB\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-da_DK\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-el_GR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-et_EE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-eu_ES\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-fi_FI\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-ga_IE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-gl_ES\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-gu_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-he_IL\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-hi_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-hr_HR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-hu_HU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-ja_JP\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-kn_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-ko_KR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-lt_LT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-ml_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-mr_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-ms_MY\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-nb_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-nn_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-nr_ZA\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-nso_ZA\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-or_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-pa_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-pl_PL\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-pt_BR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-pt_PT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-sk_SK\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-sl_SI\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-sr_CS\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-ss_ZA\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-st_ZA\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-ta_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-te_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-th_TH\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-tn_ZA\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-tr_TR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-ts_ZA\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-ur\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-ve_ZA\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-xh_ZA\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-langpack-zu_ZA\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-math\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-pyuno\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-sdk-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-testtools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-ure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-writer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-xsltfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-base-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-calc-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-core-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-draw-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-emailmerge-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-graphicfilter-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-headless-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-impress-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-javafilter-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-af_ZA-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-ar-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-as_IN-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-bg_BG-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-bn-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-ca_ES-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-cs_CZ-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-cy_GB-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-da_DK-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-de-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-el_GR-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-es-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-et_EE-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-eu_ES-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-fi_FI-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-fr-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-ga_IE-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-gl_ES-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-gu_IN-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-he_IL-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-hi_IN-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-hr_HR-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-hu_HU-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-it-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-ja_JP-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-kn_IN-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-ko_KR-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-lt_LT-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-ml_IN-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-mr_IN-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-ms_MY-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-nb_NO-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-nl-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-nn_NO-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-nr_ZA-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-nso_ZA-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-or_IN-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-pa_IN-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-pl_PL-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-pt_BR-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-pt_PT-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-ru-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-sk_SK-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-sl_SI-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-sr_CS-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-ss_ZA-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-st_ZA-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-sv-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-ta_IN-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-te_IN-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-th_TH-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-tn_ZA-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-tr_TR-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-ts_ZA-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-ur-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-ve_ZA-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-xh_ZA-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-zh_CN-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-zh_TW-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-langpack-zu_ZA-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-math-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-pyuno-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-sdk-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-sdk-doc-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-testtools-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-ure-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-writer-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openoffice.org-xsltfilter-3.1.1-19.10.el5_8.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "debian": [{"lastseen": "2019-05-30T02:21:42", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2438-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMarch 22, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : raptor\nVulnerability : programming error\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-0037\n\nIt was discovered that Raptor, a RDF parser and serializer library,\nallows file inclusion through XML entities, resulting in information\ndisclosure.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.4.21-2+squeeze1.\n\nFor the unstable distribution (sid), this problem will be fixed soon.\n\nWe recommend that you upgrade your raptor packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2012-03-22T17:03:08", "published": "2012-03-22T17:03:08", "id": "DEBIAN:DSA-2438-1:5F194", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00066.html", "title": "[SECURITY] [DSA 2438-1] raptor security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:51", "bulletinFamily": "unix", "description": "\nTimothy D. Morgan reports:\n\nIn December 2011, VSR identified a vulnerability in multiple open\n\t source office products (including OpenOffice, LibreOffice, KOffice,\n\t and AbiWord) due to unsafe interpretation of XML files with custom\n\t entity declarations. Deeper analysis revealed that the\n\t vulnerability was caused by acceptance of external entities by the\n\t libraptor library, which is used by librdf and is in turn used by\n\t these office products.\nIn the context of office applications, these vulnerabilities could\n\t allow for XML External Entity (XXE) attacks resulting in file theft\n\t and a loss of user privacy when opening potentially malicious ODF\n\t documents. For other applications which depend on librdf or\n\t libraptor, potentially serious consequences could result from\n\t accepting RDF/XML content from untrusted sources, though the impact\n\t may vary widely depending on the context.\n\n", "modified": "2012-03-24T00:00:00", "published": "2012-03-24T00:00:00", "id": "60F81AF3-7690-11E1-9423-00235A5F2C9A", "href": "https://vuxml.freebsd.org/freebsd/60f81af3-7690-11e1-9423-00235a5f2c9a.html", "title": "raptor/raptor2 -- XXE in RDF/XML File Interpretation", "type": "freebsd", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "centos": [{"lastseen": "2019-05-29T18:34:44", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2012:0411\n\n\nOpenOffice.org is an office productivity suite that includes desktop\napplications, such as a word processor, spreadsheet application,\npresentation manager, formula editor, and a drawing program. OpenOffice.org\nembeds a copy of Raptor, which provides parsers for Resource Description\nFramework (RDF) files.\n\nAn XML External Entity expansion flaw was found in the way Raptor processed\nRDF files. If OpenOffice.org were to open a specially-crafted file (such\nas an OpenDocument Format or OpenDocument Presentation file), it could\npossibly allow a remote attacker to obtain a copy of an arbitrary local\nfile that the user running OpenOffice.org had access to. A bug in the way\nRaptor handled external entities could cause OpenOffice.org to crash or,\npossibly, execute arbitrary code with the privileges of the user running \nOpenOffice.org. (CVE-2012-0037)\n\nRed Hat would like to thank Timothy D. Morgan of VSR for reporting this\nissue.\n\nAll OpenOffice.org users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct this issue. All running\ninstances of OpenOffice.org applications must be restarted for this update\nto take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-March/018519.html\n\n**Affected packages:**\nopenoffice.org\nopenoffice.org-base\nopenoffice.org-calc\nopenoffice.org-core\nopenoffice.org-draw\nopenoffice.org-emailmerge\nopenoffice.org-graphicfilter\nopenoffice.org-headless\nopenoffice.org-impress\nopenoffice.org-javafilter\nopenoffice.org-langpack-af_ZA\nopenoffice.org-langpack-ar\nopenoffice.org-langpack-as_IN\nopenoffice.org-langpack-bg_BG\nopenoffice.org-langpack-bn\nopenoffice.org-langpack-ca_ES\nopenoffice.org-langpack-cs_CZ\nopenoffice.org-langpack-cy_GB\nopenoffice.org-langpack-da_DK\nopenoffice.org-langpack-de\nopenoffice.org-langpack-el_GR\nopenoffice.org-langpack-es\nopenoffice.org-langpack-et_EE\nopenoffice.org-langpack-eu_ES\nopenoffice.org-langpack-fi_FI\nopenoffice.org-langpack-fr\nopenoffice.org-langpack-ga_IE\nopenoffice.org-langpack-gl_ES\nopenoffice.org-langpack-gu_IN\nopenoffice.org-langpack-he_IL\nopenoffice.org-langpack-hi_IN\nopenoffice.org-langpack-hr_HR\nopenoffice.org-langpack-hu_HU\nopenoffice.org-langpack-it\nopenoffice.org-langpack-ja_JP\nopenoffice.org-langpack-kn_IN\nopenoffice.org-langpack-ko_KR\nopenoffice.org-langpack-lt_LT\nopenoffice.org-langpack-ml_IN\nopenoffice.org-langpack-mr_IN\nopenoffice.org-langpack-ms_MY\nopenoffice.org-langpack-nb_NO\nopenoffice.org-langpack-nl\nopenoffice.org-langpack-nn_NO\nopenoffice.org-langpack-nr_ZA\nopenoffice.org-langpack-nso_ZA\nopenoffice.org-langpack-or_IN\nopenoffice.org-langpack-pa_IN\nopenoffice.org-langpack-pl_PL\nopenoffice.org-langpack-pt_BR\nopenoffice.org-langpack-pt_PT\nopenoffice.org-langpack-ru\nopenoffice.org-langpack-sk_SK\nopenoffice.org-langpack-sl_SI\nopenoffice.org-langpack-sr_CS\nopenoffice.org-langpack-ss_ZA\nopenoffice.org-langpack-st_ZA\nopenoffice.org-langpack-sv\nopenoffice.org-langpack-ta_IN\nopenoffice.org-langpack-te_IN\nopenoffice.org-langpack-th_TH\nopenoffice.org-langpack-tn_ZA\nopenoffice.org-langpack-tr_TR\nopenoffice.org-langpack-ts_ZA\nopenoffice.org-langpack-ur\nopenoffice.org-langpack-ve_ZA\nopenoffice.org-langpack-xh_ZA\nopenoffice.org-langpack-zh_CN\nopenoffice.org-langpack-zh_TW\nopenoffice.org-langpack-zu_ZA\nopenoffice.org-math\nopenoffice.org-pyuno\nopenoffice.org-sdk\nopenoffice.org-sdk-doc\nopenoffice.org-testtools\nopenoffice.org-ure\nopenoffice.org-writer\nopenoffice.org-xsltfilter\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0411.html", "modified": "2012-03-23T14:34:12", "published": "2012-03-23T14:34:12", "href": "http://lists.centos.org/pipermail/centos-announce/2012-March/018519.html", "id": "CESA-2012:0411", "title": "openoffice.org security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:35:47", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2012:0410\n\n\nRaptor provides parsers for Resource Description Framework (RDF) files.\n\nAn XML External Entity expansion flaw was found in the way Raptor processed\nRDF files. If an application linked against Raptor were to open a \nspecially-crafted RDF file, it could possibly allow a remote attacker to \nobtain a copy of an arbitrary local file that the user running the\napplication had access to. A bug in the way Raptor handled external\nentities could cause that application to crash or, possibly, execute\narbitrary code with the privileges of the user running the application.\n(CVE-2012-0037)\n\nRed Hat would like to thank Timothy D. Morgan of VSR for reporting this\nissue.\n\nAll Raptor users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running applications\nlinked against Raptor must be restarted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-March/018518.html\n\n**Affected packages:**\nraptor\nraptor-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0410.html", "modified": "2012-03-22T16:07:09", "published": "2012-03-22T16:07:09", "href": "http://lists.centos.org/pipermail/centos-announce/2012-March/018518.html", "id": "CESA-2012:0410", "title": "raptor security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:55", "bulletinFamily": "unix", "description": "### Background\n\nLibreOffice is a full office productivity suite.\n\n### Description\n\nMultiple vulnerabilities have been found in LibreOffice:\n\n * The Microsoft Word Document parser contains an out-of-bounds read error (CVE-2011-2713). \n * The Raptor RDF parser contains an XML External Entity expansion error (CVE-2012-0037). \n * The graphic loading parser contains an integer overflow error which could cause a heap-based buffer overflow (CVE-2012-1149). \n * Multiple errors in the XML manifest handling code could cause a heap-based buffer overflow (CVE-2012-2665). \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted document file using LibreOffice, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll LibreOffice users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-office/libreoffice-3.5.5.3\"\n \n\nAll users of the LibreOffice binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=app-office/libreoffice-bin-3.5.5.3\"", "modified": "2012-09-24T00:00:00", "published": "2012-09-24T00:00:00", "id": "GLSA-201209-05", "href": "https://security.gentoo.org/glsa/201209-05", "type": "gentoo", "title": "LibreOffice: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-06T19:46:15", "bulletinFamily": "unix", "description": "### Background\n\nOpenOffice is the open source version of StarOffice, a full office productivity suite. LibreOffice is a fork of OpenOffice. \n\n### Description\n\nMultiple vulnerabilities have been discovered in OpenOffice and Libreoffice. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted file using OpenOffice, possibly resulting in execution of arbitrary code with the privileges of the process, a Denial of Service condition, execution of arbitrary Python code, authentication bypass, or reading and writing of arbitrary files. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll OpenOffice (binary) users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=app-office/openoffice-bin-3.5.5.3\"\n \n\nAll LibreOffice users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-office/libreoffice-4.2.5.2\"\n \n\nAll LibreOffice (binary) users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=app-office/libreoffice-bin-4.2.5.2\"\n \n\nWe recommend that users unmerge OpenOffice:\n \n \n # emerge --unmerge \"app-office/openoffice\"", "modified": "2014-08-31T00:00:00", "published": "2014-08-31T00:00:00", "id": "GLSA-201408-19", "href": "https://security.gentoo.org/glsa/201408-19", "type": "gentoo", "title": "OpenOffice, LibreOffice: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
