ID OPENVAS:1361412562310861958 Type openvas Reporter Copyright (c) 2010 Greenbone Networks GmbH Modified 2018-01-16T00:00:00
Description
Check for the Version of texlive
###############################################################################
# OpenVAS Vulnerability Test
#
# Fedora Update for texlive FEDORA-2010-8242
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "TeXLive is an implementation of TeX for Linux or UNIX systems. TeX takes
a text file and a set of formatting commands as input and creates a
printable file as output. Usually, TeX is used in conjunction with
a higher level formatting package like LaTeX or PlainTeX, since TeX by
itself is not very user-friendly.
Install texlive if you want to use the TeX text formatting system. Consider
to install texlive-latex (a higher level formatting package which provides
an easier-to-use interface for TeX).
The TeX documentation is located in the texlive-doc package.";
tag_solution = "Please Install the Updated Packages.";
tag_affected = "texlive on Fedora 12";
if(description)
{
script_xref(name : "URL" , value : "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041567.html");
script_oid("1.3.6.1.4.1.25623.1.0.861958");
script_version("$Revision: 8438 $");
script_tag(name:"last_modification", value:"$Date: 2018-01-16 18:38:23 +0100 (Tue, 16 Jan 2018) $");
script_tag(name:"creation_date", value:"2010-05-28 10:00:59 +0200 (Fri, 28 May 2010)");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_xref(name: "FEDORA", value: "2010-8242");
script_cve_id("CVE-2010-0739", "CVE-2010-1440", "CVE-2010-0829");
script_name("Fedora Update for texlive FEDORA-2010-8242");
script_tag(name: "summary" , value: "Check for the Version of texlive");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "FC12")
{
if ((res = isrpmvuln(pkg:"texlive", rpm:"texlive~2007~48.fc12", rls:"FC12")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
{"id": "OPENVAS:1361412562310861958", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for texlive FEDORA-2010-8242", "description": "Check for the Version of texlive", "published": "2010-05-28T00:00:00", "modified": "2018-01-16T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861958", "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041567.html", "2010-8242"], "cvelist": ["CVE-2010-0829", "CVE-2010-1440", "CVE-2010-0739"], "lastseen": "2018-01-17T11:05:33", "viewCount": 0, "enchantments": {"score": {"value": 6.0, "vector": "NONE", "modified": "2018-01-17T11:05:33", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-0829", "CVE-2010-0739", "CVE-2010-1440"]}, {"type": "openvas", "idList": ["OPENVAS:861970", "OPENVAS:1361412562310831037", "OPENVAS:840430", "OPENVAS:861958", "OPENVAS:1361412562310830923", "OPENVAS:831037", "OPENVAS:1361412562310840430", "OPENVAS:830923", "OPENVAS:136141256231071554", "OPENVAS:1361412562310861970"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:10824", "SECURITYVULNS:DOC:23813", "SECURITYVULNS:DOC:23812"]}, {"type": "nessus", "idList": ["SUSE_11_TEXLIVE-100504.NASL", "FEDORA_2010-8242.NASL", "SUSE_TE_AMS-7020.NASL", "SUSE_11_0_TEXLIVE-100503.NASL", "MANDRIVA_MDVSA-2010-094.NASL", "GENTOO_GLSA-201206-28.NASL", "SUSE_11_2_TEXLIVE-100504.NASL", "FEDORA_2010-8273.NASL", "FEDORA_2010-8314.NASL", "SUSE_11_1_TEXLIVE-100503.NASL"]}, {"type": "ubuntu", "idList": ["USN-937-1", "USN-936-1"]}, {"type": "gentoo", "idList": ["GLSA-201412-08", "GLSA-201206-28"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2048-1:88701"]}, {"type": "seebug", "idList": ["SSV:19595", "SSV:19597", "SSV:19596"]}, {"type": "redhat", "idList": ["RHSA-2010:0399", "RHSA-2010:0401", "RHSA-2010:0400"]}, {"type": "centos", "idList": ["CESA-2010:0401", "CESA-2010:0400", "CESA-2010:0399"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0400", "ELSA-2010-0399", "ELSA-2010-0401"]}], "modified": "2018-01-17T11:05:33", "rev": 2}, "vulnersScore": 6.0}, "pluginID": "1361412562310861958", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for texlive FEDORA-2010-8242\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"TeXLive is an implementation of TeX for Linux or UNIX systems. TeX takes\n a text file and a set of formatting commands as input and creates a\n printable file as output. Usually, TeX is used in conjunction with\n a higher level formatting package like LaTeX or PlainTeX, since TeX by\n itself is not very user-friendly.\n\n Install texlive if you want to use the TeX text formatting system. Consider\n to install texlive-latex (a higher level formatting package which provides\n an easier-to-use interface for TeX).\n \n The TeX documentation is located in the texlive-doc package.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"texlive on Fedora 12\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041567.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861958\");\n script_version(\"$Revision: 8438 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-16 18:38:23 +0100 (Tue, 16 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-28 10:00:59 +0200 (Fri, 28 May 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-8242\");\n script_cve_id(\"CVE-2010-0739\", \"CVE-2010-1440\", \"CVE-2010-0829\");\n script_name(\"Fedora Update for texlive FEDORA-2010-8242\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of texlive\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"texlive\", rpm:\"texlive~2007~48.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks"}
{"cve": [{"lastseen": "2020-10-03T11:57:22", "description": "Multiple array index errors in set.c in dvipng 1.11 and 1.12, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed DVI file.", "edition": 3, "cvss3": {}, "published": "2010-05-07T18:24:00", "title": "CVE-2010-0829", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0829"], "modified": "2017-09-19T01:30:00", "cpe": ["cpe:/a:jan-ake_larsson:dvipng:1.12", "cpe:/a:jan-ake_larsson:dvipng:1.11", "cpe:/a:tug:tetex:*"], "id": "CVE-2010-0829", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0829", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:jan-ake_larsson:dvipng:1.11:*:*:*:*:*:*:*", "cpe:2.3:a:jan-ake_larsson:dvipng:1.12:*:*:*:*:*:*:*", "cpe:2.3:a:tug:tetex:*:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:38", "description": "Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live 2009 and earlier, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a special command in a DVI file, related to the (1) predospecial and (2) bbdospecial functions, a different vulnerability than CVE-2010-0739.", "edition": 5, "cvss3": {}, "published": "2010-05-07T18:24:00", "title": "CVE-2010-1440", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1440"], "modified": "2017-09-19T01:30:00", "cpe": ["cpe:/a:tug:tex_live:2009", "cpe:/a:tug:tex_live:2003", "cpe:/a:tug:tetex:*", "cpe:/a:tug:tex_live:2007", "cpe:/a:tug:tex_live:2008", "cpe:/a:tug:tex_live:1999", "cpe:/a:tug:tex_live:2004", "cpe:/a:tug:tex_live:2001", "cpe:/a:tug:tex_live:2005", "cpe:/a:tug:tex_live:1998", "cpe:/a:tug:tex_live:2000", "cpe:/a:tug:tex_live:1996", "cpe:/a:tug:tex_live:2002"], "id": "CVE-2010-1440", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1440", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:tug:tex_live:2001:*:*:*:*:*:*:*", "cpe:2.3:a:tug:tex_live:2007:*:*:*:*:*:*:*", "cpe:2.3:a:tug:tex_live:1996:*:*:*:*:*:*:*", "cpe:2.3:a:tug:tex_live:2005:*:*:*:*:*:*:*", "cpe:2.3:a:tug:tex_live:2003:*:*:*:*:*:*:*", "cpe:2.3:a:tug:tex_live:2009:*:*:*:*:*:*:*", "cpe:2.3:a:tug:tex_live:2000:*:*:*:*:*:*:*", "cpe:2.3:a:tug:tex_live:1998:*:*:*:*:*:*:*", "cpe:2.3:a:tug:tex_live:2008:*:*:*:*:*:*:*", "cpe:2.3:a:tug:tex_live:2004:*:*:*:*:*:*:*", "cpe:2.3:a:tug:tex_live:1999:*:*:*:*:*:*:*", "cpe:2.3:a:tug:tex_live:2002:*:*:*:*:*:*:*", "cpe:2.3:a:tug:tetex:*:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:57:22", "description": "Integer overflow in the predospecial function in dospecial.c in dvips in (1) TeX Live and (2) teTeX might allow user-assisted remote attackers to execute arbitrary code via a crafted DVI file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.", "edition": 3, "cvss3": {}, "published": "2010-04-16T18:30:00", "title": "CVE-2010-0739", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0739"], "modified": "2017-09-19T01:30:00", "cpe": ["cpe:/a:tug:tex_live:*", "cpe:/a:tug:tetex:*"], "id": "CVE-2010-0739", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0739", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:tug:tex_live:*:*:*:*:*:*:*:*", "cpe:2.3:a:tug:tetex:*:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-12-20T13:18:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0829", "CVE-2010-1440", "CVE-2010-0739"], "description": "Check for the Version of texlive", "modified": "2017-12-19T00:00:00", "published": "2010-05-28T00:00:00", "id": "OPENVAS:861958", "href": "http://plugins.openvas.org/nasl.php?oid=861958", "type": "openvas", "title": "Fedora Update for texlive FEDORA-2010-8242", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for texlive FEDORA-2010-8242\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"TeXLive is an implementation of TeX for Linux or UNIX systems. TeX takes\n a text file and a set of formatting commands as input and creates a\n printable file as output. Usually, TeX is used in conjunction with\n a higher level formatting package like LaTeX or PlainTeX, since TeX by\n itself is not very user-friendly.\n\n Install texlive if you want to use the TeX text formatting system. Consider\n to install texlive-latex (a higher level formatting package which provides\n an easier-to-use interface for TeX).\n \n The TeX documentation is located in the texlive-doc package.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"texlive on Fedora 12\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041567.html\");\n script_id(861958);\n script_version(\"$Revision: 8164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-28 10:00:59 +0200 (Fri, 28 May 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-8242\");\n script_cve_id(\"CVE-2010-0739\", \"CVE-2010-1440\", \"CVE-2010-0829\");\n script_name(\"Fedora Update for texlive FEDORA-2010-8242\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of texlive\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"texlive\", rpm:\"texlive~2007~48.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-20T13:17:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0829", "CVE-2010-1440", "CVE-2010-0739", "CVE-2009-1284"], "description": "Check for the Version of texlive", "modified": "2017-12-19T00:00:00", "published": "2010-05-28T00:00:00", "id": "OPENVAS:861970", "href": "http://plugins.openvas.org/nasl.php?oid=861970", "type": "openvas", "title": "Fedora Update for texlive FEDORA-2010-8273", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for texlive FEDORA-2010-8273\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"TeXLive is an implementation of TeX for Linux or UNIX systems. TeX takes\n a text file and a set of formatting commands as input and creates a\n printable file as output. Usually, TeX is used in conjunction with\n a higher level formatting package like LaTeX or PlainTeX, since TeX by\n itself is not very user-friendly.\n\n Install texlive if you want to use the TeX text formatting system. Consider\n to install texlive-latex (a higher level formatting package which provides\n an easier-to-use interface for TeX).\n \n The TeX documentation is located in the texlive-doc package.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"texlive on Fedora 11\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041573.html\");\n script_id(861970);\n script_version(\"$Revision: 8164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-28 10:00:59 +0200 (Fri, 28 May 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-8273\");\n script_cve_id(\"CVE-2010-0739\", \"CVE-2010-1440\", \"CVE-2010-0829\", \"CVE-2009-1284\");\n script_name(\"Fedora Update for texlive FEDORA-2010-8273\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of texlive\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"texlive\", rpm:\"texlive~2007~47.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-17T11:05:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0829", "CVE-2010-1440", "CVE-2010-0739", "CVE-2009-1284"], "description": "Check for the Version of texlive", "modified": "2018-01-16T00:00:00", "published": "2010-05-28T00:00:00", "id": "OPENVAS:1361412562310861970", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861970", "type": "openvas", "title": "Fedora Update for texlive FEDORA-2010-8273", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for texlive FEDORA-2010-8273\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"TeXLive is an implementation of TeX for Linux or UNIX systems. TeX takes\n a text file and a set of formatting commands as input and creates a\n printable file as output. Usually, TeX is used in conjunction with\n a higher level formatting package like LaTeX or PlainTeX, since TeX by\n itself is not very user-friendly.\n\n Install texlive if you want to use the TeX text formatting system. Consider\n to install texlive-latex (a higher level formatting package which provides\n an easier-to-use interface for TeX).\n \n The TeX documentation is located in the texlive-doc package.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"texlive on Fedora 11\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041573.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861970\");\n script_version(\"$Revision: 8438 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-16 18:38:23 +0100 (Tue, 16 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-28 10:00:59 +0200 (Fri, 28 May 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-8273\");\n script_cve_id(\"CVE-2010-0739\", \"CVE-2010-1440\", \"CVE-2010-0829\", \"CVE-2009-1284\");\n script_name(\"Fedora Update for texlive FEDORA-2010-8273\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of texlive\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"texlive\", rpm:\"texlive~2007~47.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-18T11:05:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3608", "CVE-2010-0829", "CVE-2010-1440", "CVE-2010-0827", "CVE-2010-0739", "CVE-2009-1284"], "description": "Check for the Version of nufw", "modified": "2018-01-17T00:00:00", "published": "2010-03-12T00:00:00", "id": "OPENVAS:1361412562310830923", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830923", "type": "openvas", "title": "Mandriva Update for nufw MDVA-2010:094 (nufw)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for nufw MDVA-2010:094 (nufw)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"nufw on Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\ntag_insight = \"This update provides the latest version of nufw software suite,\n with many bugfixes and usage improvements.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-03/msg00012.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830923\");\n script_version(\"$Revision: 8447 $\");\n script_cve_id(\"CVE-2009-1284\", \"CVE-2009-3608\", \"CVE-2010-0827\", \"CVE-2010-0829\",\n \"CVE-2010-0739\", \"CVE-2010-1440\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:12:19 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-12 17:02:32 +0100 (Fri, 12 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVA\", value: \"2010:094\");\n script_name(\"Mandriva Update for nufw MDVA-2010:094 (nufw)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of nufw\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnuclient1\", rpm:\"libnuclient1~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnufw-devel\", rpm:\"libnufw-devel~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nuface\", rpm:\"nuface~2.0.16~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nufw\", rpm:\"nufw~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nufw-nuauth\", rpm:\"nufw-nuauth~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nufw-nuauth-auth-ldap\", rpm:\"nufw-nuauth-auth-ldap~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nufw-nuauth-auth-mysql\", rpm:\"nufw-nuauth-auth-mysql~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nufw-nuauth-log-mysql\", rpm:\"nufw-nuauth-log-mysql~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nufw-nuauth-log-pgsql\", rpm:\"nufw-nuauth-log-pgsql~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nufw-nuauth-log-prelude\", rpm:\"nufw-nuauth-log-prelude~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nufw-nutcpc\", rpm:\"nufw-nutcpc~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nufw-utils\", rpm:\"nufw-utils~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nulog\", rpm:\"nulog~2.1.5~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pam_nufw\", rpm:\"pam_nufw~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-nufw\", rpm:\"python-nufw~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nufw\", rpm:\"nufw~2.4.0~0.1mdvmes2009.0\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nuclient1\", rpm:\"lib64nuclient1~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nufw-devel\", rpm:\"lib64nufw-devel~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-21T11:33:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3608", "CVE-2010-0829", "CVE-2010-1440", "CVE-2010-0827", "CVE-2010-0739", "CVE-2009-1284"], "description": "Check for the Version of nufw", "modified": "2017-12-20T00:00:00", "published": "2010-03-12T00:00:00", "id": "OPENVAS:830923", "href": "http://plugins.openvas.org/nasl.php?oid=830923", "type": "openvas", "title": "Mandriva Update for nufw MDVA-2010:094 (nufw)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for nufw MDVA-2010:094 (nufw)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"nufw on Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\ntag_insight = \"This update provides the latest version of nufw software suite,\n with many bugfixes and usage improvements.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-03/msg00012.php\");\n script_id(830923);\n script_version(\"$Revision: 8186 $\");\n script_cve_id(\"CVE-2009-1284\", \"CVE-2009-3608\", \"CVE-2010-0827\", \"CVE-2010-0829\",\n \"CVE-2010-0739\", \"CVE-2010-1440\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 07:30:34 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-12 17:02:32 +0100 (Fri, 12 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVA\", value: \"2010:094\");\n script_name(\"Mandriva Update for nufw MDVA-2010:094 (nufw)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of nufw\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnuclient1\", rpm:\"libnuclient1~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnufw-devel\", rpm:\"libnufw-devel~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nuface\", rpm:\"nuface~2.0.16~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nufw\", rpm:\"nufw~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nufw-nuauth\", rpm:\"nufw-nuauth~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nufw-nuauth-auth-ldap\", rpm:\"nufw-nuauth-auth-ldap~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nufw-nuauth-auth-mysql\", rpm:\"nufw-nuauth-auth-mysql~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nufw-nuauth-log-mysql\", rpm:\"nufw-nuauth-log-mysql~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nufw-nuauth-log-pgsql\", rpm:\"nufw-nuauth-log-pgsql~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nufw-nuauth-log-prelude\", rpm:\"nufw-nuauth-log-prelude~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nufw-nutcpc\", rpm:\"nufw-nutcpc~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nufw-utils\", rpm:\"nufw-utils~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nulog\", rpm:\"nulog~2.1.5~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pam_nufw\", rpm:\"pam_nufw~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-nufw\", rpm:\"python-nufw~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nufw\", rpm:\"nufw~2.4.0~0.1mdvmes2009.0\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nuclient1\", rpm:\"lib64nuclient1~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nufw-devel\", rpm:\"lib64nufw-devel~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-25T10:54:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3608", "CVE-2010-0829", "CVE-2010-1440", "CVE-2010-0827", "CVE-2010-0739", "CVE-2009-1284"], "description": "Check for the Version of tetex", "modified": "2018-01-24T00:00:00", "published": "2010-05-17T00:00:00", "id": "OPENVAS:1361412562310831037", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831037", "type": "openvas", "title": "Mandriva Update for tetex MDVSA-2010:094 (tetex)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for tetex MDVSA-2010:094 (tetex)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been discovered and fixed in tetex:\n\n Buffer overflow in BibTeX 0.99 allows context-dependent attackers to\n cause a denial of service (memory corruption and crash) via a long\n .bib bibliography file (CVE-2009-1284).\n \n Integer overflow in the ObjectStream::ObjectStream function in XRef.cc\n in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in\n GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote\n attackers to execute arbitrary code via a crafted PDF document that\n triggers a heap-based buffer overflow (CVE-2009-3608).\n \n Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX,\n allows remote attackers to cause a denial of service (application\n crash) or possibly execute arbitrary code via a crafted virtual font\n (VF) file associated with a DVI file (CVE-2010-0827).\n \n Multiple array index errors in set.c in dvipng 1.11 and 1.12, and\n teTeX, allow remote attackers to cause a denial of service (application\n crash) or possibly execute arbitrary code via a malformed DVI file\n (CVE-2010-0829).\n \n Integer overflow in the predospecial function in dospecial.c in\n dvips in (1) TeX Live and (2) teTeX might allow user-assisted remote\n attackers to execute arbitrary code via a crafted DVI file that\n triggers a heap-based buffer overflow. NOTE: some of these details\n are obtained from third party information (CVE-2010-0739).\n \n Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live\n 2009 and earlier, and teTeX, allow remote attackers to cause a denial\n of service (application crash) or possibly execute arbitrary code via\n a special command in a DVI file, related to the (1) predospecial and\n (2) bbdospecial functions, a different vulnerability than CVE-2010-0739\n (CVE-2010-1440).\n \n Packages for 2008.0 and 2009.0 are provided due to the Extended\n Maintenance Program for those products.\n \n The corrected packages solves these problems.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tetex on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-05/msg00013.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831037\");\n script_version(\"$Revision: 8510 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 08:57:42 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-17 16:00:10 +0200 (Mon, 17 May 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2010:094\");\n script_cve_id(\"CVE-2009-1284\", \"CVE-2009-3608\", \"CVE-2010-0827\", \"CVE-2010-0829\", \"CVE-2010-0739\", \"CVE-2010-1440\");\n script_name(\"Mandriva Update for tetex MDVSA-2010:094 (tetex)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tetex\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"jadetex\", rpm:\"jadetex~3.12~136.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex\", rpm:\"tetex~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-afm\", rpm:\"tetex-afm~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-context\", rpm:\"tetex-context~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-devel\", rpm:\"tetex-devel~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-doc\", rpm:\"tetex-doc~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvilj\", rpm:\"tetex-dvilj~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvipdfm\", rpm:\"tetex-dvipdfm~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvips\", rpm:\"tetex-dvips~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-latex\", rpm:\"tetex-latex~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-mfwin\", rpm:\"tetex-mfwin~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-texi2html\", rpm:\"tetex-texi2html~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-usrlocal\", rpm:\"tetex-usrlocal~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-xdvi\", rpm:\"tetex-xdvi~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xmltex\", rpm:\"xmltex~1.9~84.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"jadetex\", rpm:\"jadetex~3.12~145.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex\", rpm:\"tetex~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-afm\", rpm:\"tetex-afm~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-context\", rpm:\"tetex-context~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-devel\", rpm:\"tetex-devel~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-doc\", rpm:\"tetex-doc~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvilj\", rpm:\"tetex-dvilj~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvipdfm\", rpm:\"tetex-dvipdfm~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvips\", rpm:\"tetex-dvips~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-latex\", rpm:\"tetex-latex~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-mfwin\", rpm:\"tetex-mfwin~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-texi2html\", rpm:\"tetex-texi2html~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-usrlocal\", rpm:\"tetex-usrlocal~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-xdvi\", rpm:\"tetex-xdvi~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xmltex\", rpm:\"xmltex~1.9~93.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"jadetex\", rpm:\"jadetex~3.12~147.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex\", rpm:\"tetex~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-afm\", rpm:\"tetex-afm~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-context\", rpm:\"tetex-context~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-devel\", rpm:\"tetex-devel~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-doc\", rpm:\"tetex-doc~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvilj\", rpm:\"tetex-dvilj~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvipdfm\", rpm:\"tetex-dvipdfm~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvips\", rpm:\"tetex-dvips~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-latex\", rpm:\"tetex-latex~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-mfwin\", rpm:\"tetex-mfwin~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-texi2html\", rpm:\"tetex-texi2html~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-usrlocal\", rpm:\"tetex-usrlocal~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-xdvi\", rpm:\"tetex-xdvi~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xmltex\", rpm:\"xmltex~1.9~95.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"jadetex\", rpm:\"jadetex~3.12~146.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex\", rpm:\"tetex~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-afm\", rpm:\"tetex-afm~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-context\", rpm:\"tetex-context~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-devel\", rpm:\"tetex-devel~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-doc\", rpm:\"tetex-doc~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvilj\", rpm:\"tetex-dvilj~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvipdfm\", rpm:\"tetex-dvipdfm~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvips\", rpm:\"tetex-dvips~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-latex\", rpm:\"tetex-latex~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-mfwin\", rpm:\"tetex-mfwin~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-texi2html\", rpm:\"tetex-texi2html~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-usrlocal\", rpm:\"tetex-usrlocal~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-xdvi\", rpm:\"tetex-xdvi~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xmltex\", rpm:\"xmltex~1.9~94.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"jadetex\", rpm:\"jadetex~3.12~145.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex\", rpm:\"tetex~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-afm\", rpm:\"tetex-afm~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-context\", rpm:\"tetex-context~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-devel\", rpm:\"tetex-devel~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-doc\", rpm:\"tetex-doc~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvilj\", rpm:\"tetex-dvilj~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvipdfm\", rpm:\"tetex-dvipdfm~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvips\", rpm:\"tetex-dvips~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-latex\", rpm:\"tetex-latex~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-mfwin\", rpm:\"tetex-mfwin~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-texi2html\", rpm:\"tetex-texi2html~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-usrlocal\", rpm:\"tetex-usrlocal~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-xdvi\", rpm:\"tetex-xdvi~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xmltex\", rpm:\"xmltex~1.9~93.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3608", "CVE-2010-0829", "CVE-2010-1440", "CVE-2010-0827", "CVE-2010-0739", "CVE-2009-1284"], "description": "Check for the Version of tetex", "modified": "2017-12-25T00:00:00", "published": "2010-05-17T00:00:00", "id": "OPENVAS:831037", "href": "http://plugins.openvas.org/nasl.php?oid=831037", "type": "openvas", "title": "Mandriva Update for tetex MDVSA-2010:094 (tetex)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for tetex MDVSA-2010:094 (tetex)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been discovered and fixed in tetex:\n\n Buffer overflow in BibTeX 0.99 allows context-dependent attackers to\n cause a denial of service (memory corruption and crash) via a long\n .bib bibliography file (CVE-2009-1284).\n \n Integer overflow in the ObjectStream::ObjectStream function in XRef.cc\n in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in\n GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote\n attackers to execute arbitrary code via a crafted PDF document that\n triggers a heap-based buffer overflow (CVE-2009-3608).\n \n Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX,\n allows remote attackers to cause a denial of service (application\n crash) or possibly execute arbitrary code via a crafted virtual font\n (VF) file associated with a DVI file (CVE-2010-0827).\n \n Multiple array index errors in set.c in dvipng 1.11 and 1.12, and\n teTeX, allow remote attackers to cause a denial of service (application\n crash) or possibly execute arbitrary code via a malformed DVI file\n (CVE-2010-0829).\n \n Integer overflow in the predospecial function in dospecial.c in\n dvips in (1) TeX Live and (2) teTeX might allow user-assisted remote\n attackers to execute arbitrary code via a crafted DVI file that\n triggers a heap-based buffer overflow. NOTE: some of these details\n are obtained from third party information (CVE-2010-0739).\n \n Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live\n 2009 and earlier, and teTeX, allow remote attackers to cause a denial\n of service (application crash) or possibly execute arbitrary code via\n a special command in a DVI file, related to the (1) predospecial and\n (2) bbdospecial functions, a different vulnerability than CVE-2010-0739\n (CVE-2010-1440).\n \n Packages for 2008.0 and 2009.0 are provided due to the Extended\n Maintenance Program for those products.\n \n The corrected packages solves these problems.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tetex on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-05/msg00013.php\");\n script_id(831037);\n script_version(\"$Revision: 8243 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-25 07:30:04 +0100 (Mon, 25 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-17 16:00:10 +0200 (Mon, 17 May 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2010:094\");\n script_cve_id(\"CVE-2009-1284\", \"CVE-2009-3608\", \"CVE-2010-0827\", \"CVE-2010-0829\", \"CVE-2010-0739\", \"CVE-2010-1440\");\n script_name(\"Mandriva Update for tetex MDVSA-2010:094 (tetex)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tetex\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"jadetex\", rpm:\"jadetex~3.12~136.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex\", rpm:\"tetex~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-afm\", rpm:\"tetex-afm~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-context\", rpm:\"tetex-context~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-devel\", rpm:\"tetex-devel~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-doc\", rpm:\"tetex-doc~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvilj\", rpm:\"tetex-dvilj~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvipdfm\", rpm:\"tetex-dvipdfm~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvips\", rpm:\"tetex-dvips~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-latex\", rpm:\"tetex-latex~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-mfwin\", rpm:\"tetex-mfwin~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-texi2html\", rpm:\"tetex-texi2html~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-usrlocal\", rpm:\"tetex-usrlocal~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-xdvi\", rpm:\"tetex-xdvi~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xmltex\", rpm:\"xmltex~1.9~84.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"jadetex\", rpm:\"jadetex~3.12~145.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex\", rpm:\"tetex~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-afm\", rpm:\"tetex-afm~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-context\", rpm:\"tetex-context~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-devel\", rpm:\"tetex-devel~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-doc\", rpm:\"tetex-doc~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvilj\", rpm:\"tetex-dvilj~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvipdfm\", rpm:\"tetex-dvipdfm~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvips\", rpm:\"tetex-dvips~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-latex\", rpm:\"tetex-latex~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-mfwin\", rpm:\"tetex-mfwin~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-texi2html\", rpm:\"tetex-texi2html~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-usrlocal\", rpm:\"tetex-usrlocal~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-xdvi\", rpm:\"tetex-xdvi~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xmltex\", rpm:\"xmltex~1.9~93.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"jadetex\", rpm:\"jadetex~3.12~147.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex\", rpm:\"tetex~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-afm\", rpm:\"tetex-afm~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-context\", rpm:\"tetex-context~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-devel\", rpm:\"tetex-devel~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-doc\", rpm:\"tetex-doc~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvilj\", rpm:\"tetex-dvilj~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvipdfm\", rpm:\"tetex-dvipdfm~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvips\", rpm:\"tetex-dvips~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-latex\", rpm:\"tetex-latex~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-mfwin\", rpm:\"tetex-mfwin~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-texi2html\", rpm:\"tetex-texi2html~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-usrlocal\", rpm:\"tetex-usrlocal~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-xdvi\", rpm:\"tetex-xdvi~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xmltex\", rpm:\"xmltex~1.9~95.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"jadetex\", rpm:\"jadetex~3.12~146.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex\", rpm:\"tetex~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-afm\", rpm:\"tetex-afm~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-context\", rpm:\"tetex-context~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-devel\", rpm:\"tetex-devel~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-doc\", rpm:\"tetex-doc~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvilj\", rpm:\"tetex-dvilj~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvipdfm\", rpm:\"tetex-dvipdfm~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvips\", rpm:\"tetex-dvips~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-latex\", rpm:\"tetex-latex~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-mfwin\", rpm:\"tetex-mfwin~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-texi2html\", rpm:\"tetex-texi2html~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-usrlocal\", rpm:\"tetex-usrlocal~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-xdvi\", rpm:\"tetex-xdvi~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xmltex\", rpm:\"xmltex~1.9~94.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"jadetex\", rpm:\"jadetex~3.12~145.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex\", rpm:\"tetex~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-afm\", rpm:\"tetex-afm~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-context\", rpm:\"tetex-context~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-devel\", rpm:\"tetex-devel~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-doc\", rpm:\"tetex-doc~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvilj\", rpm:\"tetex-dvilj~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvipdfm\", rpm:\"tetex-dvipdfm~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvips\", rpm:\"tetex-dvips~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-latex\", rpm:\"tetex-latex~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-mfwin\", rpm:\"tetex-mfwin~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-texi2html\", rpm:\"tetex-texi2html~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-usrlocal\", rpm:\"tetex-usrlocal~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-xdvi\", rpm:\"tetex-xdvi~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xmltex\", rpm:\"xmltex~1.9~93.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-21T11:33:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1440", "CVE-2010-0827", "CVE-2010-0739", "CVE-2009-1284"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-937-1", "modified": "2017-12-20T00:00:00", "published": "2010-05-07T00:00:00", "id": "OPENVAS:1361412562310840430", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840430", "type": "openvas", "title": "Ubuntu Update for texlive-bin vulnerabilities USN-937-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_937_1.nasl 8187 2017-12-20 07:30:09Z teissa $\n#\n# Ubuntu Update for texlive-bin vulnerabilities USN-937-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that TeX Live incorrectly handled certain long .bib\n bibliography files. If a user or automated system were tricked into\n processing a specially crafted bib file, an attacker could cause a denial\n of service via application crash. This issue only affected Ubuntu 8.04 LTS,\n 9.04 and 9.10. (CVE-2009-1284)\n\n Marc Schoenefeld, Karel Šrot and Ludwig Nussel discovered that TeX Live\n incorrectly handled certain malformed dvi files. If a user or automated\n system were tricked into processing a specially crafted dvi file, an\n attacker could cause a denial of service via application crash, or possibly\n execute arbitrary code with the privileges of the user invoking the\n program. (CVE-2010-0739, CVE-2010-1440)\n \n Dan Rosenberg discovered that TeX Live incorrectly handled certain\n malformed dvi files. If a user or automated system were tricked into\n processing a specially crafted dvi file, an attacker could cause a denial\n of service via application crash, or possibly execute arbitrary code with\n the privileges of the user invoking the program. (CVE-2010-0827)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-937-1\";\ntag_affected = \"texlive-bin vulnerabilities on Ubuntu 8.04 LTS ,\n Ubuntu 9.04 ,\n Ubuntu 9.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-937-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840430\");\n script_version(\"$Revision: 8187 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 08:30:09 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-07 15:42:01 +0200 (Fri, 07 May 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"937-1\");\n script_cve_id(\"CVE-2009-1284\", \"CVE-2010-0739\", \"CVE-2010-0827\", \"CVE-2010-1440\");\n script_name(\"Ubuntu Update for texlive-bin vulnerabilities USN-937-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libkpathsea-dev\", ver:\"2007.dfsg.2-7ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkpathsea4\", ver:\"2007.dfsg.2-7ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-base-bin-doc\", ver:\"2007.dfsg.2-7ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-base-bin\", ver:\"2007.dfsg.2-7ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-extra-utils\", ver:\"2007.dfsg.2-7ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-font-utils\", ver:\"2007.dfsg.2-7ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-lang-indic\", ver:\"2007.dfsg.2-7ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-metapost-doc\", ver:\"2007.dfsg.2-7ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-metapost\", ver:\"2007.dfsg.2-7ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-music\", ver:\"2007.dfsg.2-7ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-omega\", ver:\"2007.dfsg.2-7ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-xetex\", ver:\"2007.dfsg.2-7ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libkpathsea-dev\", ver:\"2007.dfsg.2-4ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkpathsea4\", ver:\"2007.dfsg.2-4ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-base-bin-doc\", ver:\"2007.dfsg.2-4ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-base-bin\", ver:\"2007.dfsg.2-4ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-extra-utils\", ver:\"2007.dfsg.2-4ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-font-utils\", ver:\"2007.dfsg.2-4ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-lang-indic\", ver:\"2007.dfsg.2-4ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-metapost-doc\", ver:\"2007.dfsg.2-4ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-xetex\", ver:\"2007.dfsg.2-4ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-metapost\", ver:\"2007.dfsg.2-4ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-music\", ver:\"2007.dfsg.2-4ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-omega\", ver:\"2007.dfsg.2-4ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libkpathsea-dev\", ver:\"2007.dfsg.1-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkpathsea4\", ver:\"2007.dfsg.1-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-base-bin-doc\", ver:\"2007.dfsg.1-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-base-bin\", ver:\"2007.dfsg.1-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-extra-utils\", ver:\"2007.dfsg.1-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-font-utils\", ver:\"2007.dfsg.1-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-lang-indic\", ver:\"2007.dfsg.1-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-metapost-doc\", ver:\"2007.dfsg.1-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-metapost\", ver:\"2007.dfsg.1-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-music\", ver:\"2007.dfsg.1-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-omega\", ver:\"2007.dfsg.1-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-xetex\", ver:\"2007.dfsg.1-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1440", "CVE-2010-0827", "CVE-2010-0739", "CVE-2009-1284"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201206-28.", "modified": "2018-10-12T00:00:00", "published": "2012-08-10T00:00:00", "id": "OPENVAS:136141256231071554", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071554", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201206-28 (TeX Live)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201206_28.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71554\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2009-1284\", \"CVE-2010-0739\", \"CVE-2010-0827\", \"CVE-2010-1440\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-10 03:22:53 -0400 (Fri, 10 Aug 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201206-28 (TeX Live)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities were found in texlive-core, allowing\nattackers to execute arbitrary code.\");\n script_tag(name:\"solution\", value:\"All texlive-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-text/texlive-core-2009-r2'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201206-28\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=264598\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=324019\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201206-28.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"app-text/texlive-core\", unaffected: make_list(\"ge 2009-r2\"), vulnerable: make_list(\"lt 2009-r2\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-12-04T11:18:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1440", "CVE-2010-0827", "CVE-2010-0739", "CVE-2009-1284"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-937-1", "modified": "2017-12-01T00:00:00", "published": "2010-05-07T00:00:00", "id": "OPENVAS:840430", "href": "http://plugins.openvas.org/nasl.php?oid=840430", "type": "openvas", "title": "Ubuntu Update for texlive-bin vulnerabilities USN-937-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_937_1.nasl 7965 2017-12-01 07:38:25Z santu $\n#\n# Ubuntu Update for texlive-bin vulnerabilities USN-937-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that TeX Live incorrectly handled certain long .bib\n bibliography files. If a user or automated system were tricked into\n processing a specially crafted bib file, an attacker could cause a denial\n of service via application crash. This issue only affected Ubuntu 8.04 LTS,\n 9.04 and 9.10. (CVE-2009-1284)\n\n Marc Schoenefeld, Karel Šrot and Ludwig Nussel discovered that TeX Live\n incorrectly handled certain malformed dvi files. If a user or automated\n system were tricked into processing a specially crafted dvi file, an\n attacker could cause a denial of service via application crash, or possibly\n execute arbitrary code with the privileges of the user invoking the\n program. (CVE-2010-0739, CVE-2010-1440)\n \n Dan Rosenberg discovered that TeX Live incorrectly handled certain\n malformed dvi files. If a user or automated system were tricked into\n processing a specially crafted dvi file, an attacker could cause a denial\n of service via application crash, or possibly execute arbitrary code with\n the privileges of the user invoking the program. (CVE-2010-0827)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-937-1\";\ntag_affected = \"texlive-bin vulnerabilities on Ubuntu 8.04 LTS ,\n Ubuntu 9.04 ,\n Ubuntu 9.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-937-1/\");\n script_id(840430);\n script_version(\"$Revision: 7965 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:38:25 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-07 15:42:01 +0200 (Fri, 07 May 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"937-1\");\n script_cve_id(\"CVE-2009-1284\", \"CVE-2010-0739\", \"CVE-2010-0827\", \"CVE-2010-1440\");\n script_name(\"Ubuntu Update for texlive-bin vulnerabilities USN-937-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libkpathsea-dev\", ver:\"2007.dfsg.2-7ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkpathsea4\", ver:\"2007.dfsg.2-7ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-base-bin-doc\", ver:\"2007.dfsg.2-7ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-base-bin\", ver:\"2007.dfsg.2-7ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-extra-utils\", ver:\"2007.dfsg.2-7ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-font-utils\", ver:\"2007.dfsg.2-7ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-lang-indic\", ver:\"2007.dfsg.2-7ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-metapost-doc\", ver:\"2007.dfsg.2-7ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-metapost\", ver:\"2007.dfsg.2-7ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-music\", ver:\"2007.dfsg.2-7ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-omega\", ver:\"2007.dfsg.2-7ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-xetex\", ver:\"2007.dfsg.2-7ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libkpathsea-dev\", ver:\"2007.dfsg.2-4ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkpathsea4\", ver:\"2007.dfsg.2-4ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-base-bin-doc\", ver:\"2007.dfsg.2-4ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-base-bin\", ver:\"2007.dfsg.2-4ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-extra-utils\", ver:\"2007.dfsg.2-4ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-font-utils\", ver:\"2007.dfsg.2-4ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-lang-indic\", ver:\"2007.dfsg.2-4ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-metapost-doc\", ver:\"2007.dfsg.2-4ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-xetex\", ver:\"2007.dfsg.2-4ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-metapost\", ver:\"2007.dfsg.2-4ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-music\", ver:\"2007.dfsg.2-4ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-omega\", ver:\"2007.dfsg.2-4ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libkpathsea-dev\", ver:\"2007.dfsg.1-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkpathsea4\", ver:\"2007.dfsg.1-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-base-bin-doc\", ver:\"2007.dfsg.1-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-base-bin\", ver:\"2007.dfsg.1-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-extra-utils\", ver:\"2007.dfsg.1-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-font-utils\", ver:\"2007.dfsg.1-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-lang-indic\", ver:\"2007.dfsg.1-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-metapost-doc\", ver:\"2007.dfsg.1-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-metapost\", ver:\"2007.dfsg.1-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-music\", ver:\"2007.dfsg.1-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-omega\", ver:\"2007.dfsg.1-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-xetex\", ver:\"2007.dfsg.1-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0739", "CVE-2010-0829", "CVE-2010-1440"], "description": "TeXLive is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a printable file as output. Usually, TeX is used in conjunction with a higher level formatting package like LaTeX or PlainTeX, since TeX by itself is not very user-friendly. Install texlive if you want to use the TeX text formatting system. Consider to install texlive-latex (a higher level formatting package which provides an easier-to-use interface for TeX). The TeX documentation is located in the texlive-doc package. ", "modified": "2010-05-18T21:44:16", "published": "2010-05-18T21:44:16", "id": "FEDORA:A440F1114E9", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: texlive-2007-51.fc13", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0739", "CVE-2010-0829", "CVE-2010-1440"], "description": "TeXLive is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a printable file as output. Usually, TeX is used in conjunction with a higher level formatting package like LaTeX or PlainTeX, since TeX by itself is not very user-friendly. Install texlive if you want to use the TeX text formatting system. Consider to install texlive-latex (a higher level formatting package which provides an easier-to-use interface for TeX). The TeX documentation is located in the texlive-doc package. ", "modified": "2010-05-18T21:49:45", "published": "2010-05-18T21:49:45", "id": "FEDORA:280C5110805", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: texlive-2007-48.fc12", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1284", "CVE-2010-0739", "CVE-2010-0829", "CVE-2010-1440"], "description": "TeXLive is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a printable file as output. Usually, TeX is used in conjunction with a higher level formatting package like LaTeX or PlainTeX, since TeX by itself is not very user-friendly. Install texlive if you want to use the TeX text formatting system. Consider to install texlive-latex (a higher level formatting package which provides an easier-to-use interface for TeX). The TeX documentation is located in the texlive-doc package. ", "modified": "2010-05-18T21:51:53", "published": "2010-05-18T21:51:53", "id": "FEDORA:DB73D110819", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: texlive-2007-47.fc11", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0829"], "description": "This program makes PNG and/or GIF graphics from DVI files as obtained from TeX and its relatives. It is intended to produce anti-aliased screen-resolution images as fast as is possible. The target audience is people who need to generate and regenerate many images again and again. ", "modified": "2010-05-18T21:54:05", "published": "2010-05-18T21:54:05", "id": "FEDORA:482031114D4", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: dvipng-1.13-1.fc12", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0829"], "description": "This program makes PNG and/or GIF graphics from DVI files as obtained from TeX and its relatives. It is intended to produce anti-aliased screen-resolution images as fast as is possible. The target audience is people who need to generate and regenerate many images again and again. ", "modified": "2010-05-18T21:58:14", "published": "2010-05-18T21:58:14", "id": "FEDORA:30C1510F80C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: dvipng-1.13-1.fc13", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0829"], "description": "This program makes PNG and/or GIF graphics from DVI files as obtained from TeX and its relatives. It is intended to produce anti-aliased screen-resolution images as fast as is possible. The target audience is people who need to generate and regenerate many images again and again. ", "modified": "2010-05-18T21:57:22", "published": "2010-05-18T21:57:22", "id": "FEDORA:3167D111537", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: dvipng-1.13-1.fc11", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:36", "bulletinFamily": "software", "cvelist": ["CVE-2010-0829", "CVE-2010-1440", "CVE-2010-0827", "CVE-2010-0739"], "description": "Memory corruption on DVI files processing.", "edition": 1, "modified": "2010-05-11T00:00:00", "published": "2010-05-11T00:00:00", "id": "SECURITYVULNS:VULN:10824", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10824", "title": "dvipng / TeX Live memory corruption", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:34", "bulletinFamily": "software", "cvelist": ["CVE-2010-1440", "CVE-2010-0827", "CVE-2010-0739", "CVE-2009-1284"], "description": "===========================================================\r\nUbuntu Security Notice USN-937-1 May 06, 2010\r\ntexlive-bin vulnerabilities\r\nCVE-2009-1284, CVE-2010-0739, CVE-2010-0827, CVE-2010-1440\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 8.04 LTS\r\nUbuntu 9.04\r\nUbuntu 9.10\r\nUbuntu 10.04 LTS\r\n\r\nThis advisory also applies to the corresponding versions of\r\nKubuntu, Edubuntu, and Xubuntu.\r\n\r\nThe problem can be corrected by upgrading your system to the\r\nfollowing package versions:\r\n\r\nUbuntu 8.04 LTS:\r\n texlive-base-bin 2007.dfsg.1-2ubuntu0.1\r\n\r\nUbuntu 9.04:\r\n texlive-base-bin 2007.dfsg.2-4ubuntu2.1\r\n\r\nUbuntu 9.10:\r\n texlive-base-bin 2007.dfsg.2-7ubuntu1.1\r\n\r\nUbuntu 10.04 LTS:\r\n texlive-binaries 2009-5ubuntu0.1\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nDetails follow:\r\n\r\nIt was discovered that TeX Live incorrectly handled certain long .bib\r\nbibliography files. If a user or automated system were tricked into\r\nprocessing a specially crafted bib file, an attacker could cause a denial\r\nof service via application crash. This issue only affected Ubuntu 8.04 LTS,\r\n9.04 and 9.10. (CVE-2009-1284)\r\n\r\nMarc Schoenefeld, Karel Srot and Ludwig Nussel discovered that TeX Live\r\nincorrectly handled certain malformed dvi files. If a user or automated\r\nsystem were tricked into processing a specially crafted dvi file, an\r\nattacker could cause a denial of service via application crash, or possibly\r\nexecute arbitrary code with the privileges of the user invoking the\r\nprogram. (CVE-2010-0739, CVE-2010-1440)\r\n\r\nDan Rosenberg discovered that TeX Live incorrectly handled certain\r\nmalformed dvi files. If a user or automated system were tricked into\r\nprocessing a specially crafted dvi file, an attacker could cause a denial\r\nof service via application crash, or possibly execute arbitrary code with\r\nthe privileges of the user invoking the program. (CVE-2010-0827)\r\n\r\n\r\nUpdated packages for Ubuntu 8.04 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-bin_2007.dfsg.1-2ubuntu0.1.diff.gz\r\n Size/MD5: 232440 57916604c614689a01685a191e88258e\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-bin_2007.dfsg.1-2ubuntu0.1.dsc\r\n Size/MD5: 1324 c99680c940f5ce0a8a637f923958b5e0\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-bin_2007.dfsg.1.orig.tar.gz\r\n Size/MD5: 70262321 8c96d9dee6574a23f35982a60f75a8e9\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.1-2ubuntu0.1_amd64.deb\r\n Size/MD5: 157496 3a443c0f131af32761ef10a328aa33b5\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.1-2ubuntu0.1_amd64.deb\r\n Size/MD5: 114660 d512aa89320da7e075ff88696521d8d5\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.1-2ubuntu0.1_amd64.deb\r\n Size/MD5: 8602760 e04ed21100816cb8ce4dc3848cfbb38b\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.1-2ubuntu0.1_amd64.deb\r\n Size/MD5: 2647322 b39c2559fa087fd60a44b44a08230d4e\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.1-2ubuntu0.1_amd64.deb\r\n Size/MD5: 649320 3eaf463fcfd40368859f012bdae17008\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.1-2ubuntu0.1_amd64.deb\r\n Size/MD5: 996998 c51066459d553d1eaf1e9007e9d2ccda\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.1-2ubuntu0.1_amd64.deb\r\n Size/MD5: 6703196 92632c178473fa99243dece1a5d74666\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.1-2ubuntu0.1_amd64.deb\r\n Size/MD5: 6792992 911838b2a3c6f0b218902f1ff39a50c1\r\n http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-metapost_2007.dfsg.1-2ubuntu0.1_amd64.deb\r\n Size/MD5: 598294 4cff95b67706ac3a232886d501dd2eec\r\n http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-music_2007.dfsg.1-2ubuntu0.1_amd64.deb\r\n Size/MD5: 1715496 fac485d66754efb7e748d7f53a790995\r\n http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-omega_2007.dfsg.1-2ubuntu0.1_amd64.deb\r\n Size/MD5: 2789356 455b37232463313ad5bbf714b074d086\r\n http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-xetex_2007.dfsg.1-2ubuntu0.1_amd64.deb\r\n Size/MD5: 6454074 559ef95a4a1a9ed3f3a9ffcd9a99c94c\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.1-2ubuntu0.1_i386.deb\r\n Size/MD5: 150322 3e37c5adef9280b413ad7b989a61e516\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.1-2ubuntu0.1_i386.deb\r\n Size/MD5: 112434 ae90b53a790619fa4fc577fb1ed1ce87\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.1-2ubuntu0.1_i386.deb\r\n Size/MD5: 8602774 23891dd633d999e49e44b08f8039d7d0\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.1-2ubuntu0.1_i386.deb\r\n Size/MD5: 2383998 eb537ea2278c63a775319374f8087f15\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.1-2ubuntu0.1_i386.deb\r\n Size/MD5: 573342 767840105483b1f79ee7bb48557bd3f5\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.1-2ubuntu0.1_i386.deb\r\n Size/MD5: 961696 47331bf706c24204db28d401a508c568\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.1-2ubuntu0.1_i386.deb\r\n Size/MD5: 6701628 3655d2cae86230bdee8e9aacb6f4d1f5\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.1-2ubuntu0.1_i386.deb\r\n Size/MD5: 6793020 98f36babea9b2acdd5844678964ee425\r\n http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-metapost_2007.dfsg.1-2ubuntu0.1_i386.deb\r\n Size/MD5: 561102 6a114628b024d0c91ac9ed4a87c06e69\r\n http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-music_2007.dfsg.1-2ubuntu0.1_i386.deb\r\n Size/MD5: 1715506 4c128393a8a1727cd643147001ca3940\r\n http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-omega_2007.dfsg.1-2ubuntu0.1_i386.deb\r\n Size/MD5: 2669080 c005c81fecfaf5593ae934b2fbf01b7c\r\n http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-xetex_2007.dfsg.1-2ubuntu0.1_i386.deb\r\n Size/MD5: 6366524 65e43069198910abba054179cc631f30\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.1-2ubuntu0.1_lpia.deb\r\n Size/MD5: 150368 56df65d9c356de18d998943644e7cfca\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.1-2ubuntu0.1_lpia.deb\r\n Size/MD5: 112256 28ba175b7bd8845f80b419dcad183bc2\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.1-2ubuntu0.1_lpia.deb\r\n Size/MD5: 8602762 e1a47383a9a26768c3506e375bd0b7b6\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.1-2ubuntu0.1_lpia.deb\r\n Size/MD5: 2414550 54a4860933c6260481a5e1d0f55a1a2f\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.1-2ubuntu0.1_lpia.deb\r\n Size/MD5: 578348 c5ba4294373053e647a454887baec414\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.1-2ubuntu0.1_lpia.deb\r\n Size/MD5: 964394 9b9d8a643ab69f883617555f11eb0efe\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.1-2ubuntu0.1_lpia.deb\r\n Size/MD5: 6701594 e08701287186bae099e0e8c217b091cb\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.1-2ubuntu0.1_lpia.deb\r\n Size/MD5: 6792974 5e61f08e1b6aee8705f12a06e5effa2d\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-metapost_2007.dfsg.1-2ubuntu0.1_lpia.deb\r\n Size/MD5: 565580 1484ed100b6c35cff8440c023f88be79\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-music_2007.dfsg.1-2ubuntu0.1_lpia.deb\r\n Size/MD5: 1715520 1a92d33826216d4ed7dbeeddeff783e2\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-omega_2007.dfsg.1-2ubuntu0.1_lpia.deb\r\n Size/MD5: 2682388 3f3a0b899f73c2e62203a17ae6c96d34\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-xetex_2007.dfsg.1-2ubuntu0.1_lpia.deb\r\n Size/MD5: 6387538 e55ab6b582618a560dc734d16d0ab578\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.1-2ubuntu0.1_powerpc.deb\r\n Size/MD5: 159804 0b558b82f36793540fca99839c8feb0f\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.1-2ubuntu0.1_powerpc.deb\r\n Size/MD5: 119658 ef3446c9ece96c8aa44ab93297637a0e\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.1-2ubuntu0.1_powerpc.deb\r\n Size/MD5: 8602764 a1db480b79a602217ea89be5a93bd370\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.1-2ubuntu0.1_powerpc.deb\r\n Size/MD5: 2660712 e8dfdc6959ff7bacb4f845a4a24f6f48\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.1-2ubuntu0.1_powerpc.deb\r\n Size/MD5: 698106 36c371a5ff37a5de7cd427ea877a77c8\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.1-2ubuntu0.1_powerpc.deb\r\n Size/MD5: 1017276 fdb2a9654a990795c8d3c57368fafe77\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.1-2ubuntu0.1_powerpc.deb\r\n Size/MD5: 6704498 4709a0f302f5346a3d6ab5c3fbcc2082\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.1-2ubuntu0.1_powerpc.deb\r\n Size/MD5: 6793068 28ae564353f52010ad92a7338d30ab06\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-metapost_2007.dfsg.1-2ubuntu0.1_powerpc.deb\r\n Size/MD5: 604766 5600c51f97b0771d855e77cc700c8ba8\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-music_2007.dfsg.1-2ubuntu0.1_powerpc.deb\r\n Size/MD5: 1715544 42d9701b7ae5b4b1ae321319d007da87\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-omega_2007.dfsg.1-2ubuntu0.1_powerpc.deb\r\n Size/MD5: 2777364 ce1b6c68fa568cc2f91087fe9f4ed5f5\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-xetex_2007.dfsg.1-2ubuntu0.1_powerpc.deb\r\n Size/MD5: 6574064 b62fe7def1df5581d2f4c4c89dc2990b\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.1-2ubuntu0.1_sparc.deb\r\n Size/MD5: 155430 5f7a48c2c5c736030c3df948f1d0c362\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.1-2ubuntu0.1_sparc.deb\r\n Size/MD5: 114680 709b660a1e0cbf3ba90a33c6fd4ae9a6\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.1-2ubuntu0.1_sparc.deb\r\n Size/MD5: 8602826 678335c487ebdcc9f5d7b4ae6eaa6989\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.1-2ubuntu0.1_sparc.deb\r\n Size/MD5: 2516432 fe8d7e4b51df322ec8b52e8dff6f352a\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.1-2ubuntu0.1_sparc.deb\r\n Size/MD5: 619554 3a81871a23af2c8853f224a07413bb47\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.1-2ubuntu0.1_sparc.deb\r\n Size/MD5: 985088 1e6bcd5a9a680c39717f5e9350769d62\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.1-2ubuntu0.1_sparc.deb\r\n Size/MD5: 6703370 cc8073eb404d5e90f0189479d601faed\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.1-2ubuntu0.1_sparc.deb\r\n Size/MD5: 6793070 4dd9b3a4103cd52b8b429467f90176d9\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-metapost_2007.dfsg.1-2ubuntu0.1_sparc.deb\r\n Size/MD5: 580058 94e31f98e5fbede1ee2880d28eea0c6f\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-music_2007.dfsg.1-2ubuntu0.1_sparc.deb\r\n Size/MD5: 1715528 7d97f730d78769c8b217e530020ab723\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-omega_2007.dfsg.1-2ubuntu0.1_sparc.deb\r\n Size/MD5: 2739914 3c3bc39c03cb142937920cf9b0a1abff\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-xetex_2007.dfsg.1-2ubuntu0.1_sparc.deb\r\n Size/MD5: 6466140 e97ad23b5187f27548a90c9b0e579593\r\n\r\nUpdated packages for Ubuntu 9.04:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-bin_2007.dfsg.2-4ubuntu2.1.diff.gz\r\n Size/MD5: 359647 ce7d11c058bd0b30d450f4281623f580\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-bin_2007.dfsg.2-4ubuntu2.1.dsc\r\n Size/MD5: 1815 3e997ed5b8f14b354bf9846219f0d0a2\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-bin_2007.dfsg.2.orig.tar.gz\r\n Size/MD5: 70727055 9b62b03b38f157b1ca9bfbd05d6c8bc7\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.2-4ubuntu2.1_amd64.deb\r\n Size/MD5: 165462 c817fb7834cf85cb859931aca146e3cd\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.2-4ubuntu2.1_amd64.deb\r\n Size/MD5: 122884 223add751ec5b893ab499cc1464a4888\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.2-4ubuntu2.1_amd64.deb\r\n Size/MD5: 8610450 a05c656c36efb82967f1f9e351de3329\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.2-4ubuntu2.1_amd64.deb\r\n Size/MD5: 2628888 fea20d04f52deae0eea6fbb08dd9706c\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.2-4ubuntu2.1_amd64.deb\r\n Size/MD5: 683604 32214e7ecfb3668a82c583a3345dbf3a\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.2-4ubuntu2.1_amd64.deb\r\n Size/MD5: 1292308 37c669c3635066d40161fdcc74981619\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.2-4ubuntu2.1_amd64.deb\r\n Size/MD5: 6715016 f07f790ed5c6199252590d00c33001d7\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.2-4ubuntu2.1_amd64.deb\r\n Size/MD5: 6801110 e76f67e032106485253f72fbfdb27e2d\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-xetex_2007.dfsg.2-4ubuntu2.1_amd64.deb\r\n Size/MD5: 6420210 ef6acde6a45526a5b06c0d3a1d91f552\r\n http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-metapost_2007.dfsg.2-4ubuntu2.1_amd64.deb\r\n Size/MD5: 639724 34625c6efff225b6846035c315c00173\r\n http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-music_2007.dfsg.2-4ubuntu2.1_amd64.deb\r\n Size/MD5: 1723142 8ceff3c7256459df5146e9856bbe4d32\r\n http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-omega_2007.dfsg.2-4ubuntu2.1_amd64.deb\r\n Size/MD5: 2804494 8c3cc43e5a886821314ee15f320bdc92\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.2-4ubuntu2.1_i386.deb\r\n Size/MD5: 158696 6cbaee28329477e85d325b4214545422\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.2-4ubuntu2.1_i386.deb\r\n Size/MD5: 120528 8ad1ef6ea506d14da2418c5908dace84\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.2-4ubuntu2.1_i386.deb\r\n Size/MD5: 8610434 c67cbb7fe9950d2502d9c4869e7e2bec\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.2-4ubuntu2.1_i386.deb\r\n Size/MD5: 2358188 48b81b354a9b153aa44994e61c8eeef8\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.2-4ubuntu2.1_i386.deb\r\n Size/MD5: 602656 ab0e3e7585904e847905926de77e916e\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.2-4ubuntu2.1_i386.deb\r\n Size/MD5: 1257916 bf8b83d35185c652fd408849d00e80dd\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.2-4ubuntu2.1_i386.deb\r\n Size/MD5: 6713590 f910e4b330e046046fe617eba15753e0\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.2-4ubuntu2.1_i386.deb\r\n Size/MD5: 6801202 bc4bb99b7f092bf225d9c1d580af11ee\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-xetex_2007.dfsg.2-4ubuntu2.1_i386.deb\r\n Size/MD5: 6331334 a394cc5265c45034c159c13fd4cfa903\r\n http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-metapost_2007.dfsg.2-4ubuntu2.1_i386.deb\r\n Size/MD5: 601138 ad3b552fdc809748f6f77fbd0eadf721\r\n http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-music_2007.dfsg.2-4ubuntu2.1_i386.deb\r\n Size/MD5: 1723202 4c99b2415fc6aa4ff813ffd6b065321a\r\n http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-omega_2007.dfsg.2-4ubuntu2.1_i386.deb\r\n Size/MD5: 2681266 e3643f3fae0aea8735159920b61409b4\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.2-4ubuntu2.1_lpia.deb\r\n Size/MD5: 158538 3394295db6e6b2e624b1b8094285fc81\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.2-4ubuntu2.1_lpia.deb\r\n Size/MD5: 120194 98f7d9213ab74efec2d0b0aca2f89217\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.2-4ubuntu2.1_lpia.deb\r\n Size/MD5: 8610432 2f85c50fe52afd0b08092e3453cf8ad1\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.2-4ubuntu2.1_lpia.deb\r\n Size/MD5: 2383522 0bf8158dd496feb21060e61a4219c01c\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.2-4ubuntu2.1_lpia.deb\r\n Size/MD5: 607334 0615e2d622882c0b75177b2d48ae8468\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.2-4ubuntu2.1_lpia.deb\r\n Size/MD5: 1258184 e8e43208babe597dc2a30f42a0837efa\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.2-4ubuntu2.1_lpia.deb\r\n Size/MD5: 6713338 624151e54f2d71aebf361512c4e08bb0\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.2-4ubuntu2.1_lpia.deb\r\n Size/MD5: 6801166 541c05d3830c65911ec941cbe4528fcb\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-xetex_2007.dfsg.2-4ubuntu2.1_lpia.deb\r\n Size/MD5: 6345048 ee44eca565f27dd958cbcf416471a541\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-metapost_2007.dfsg.2-4ubuntu2.1_lpia.deb\r\n Size/MD5: 604260 922572ebe9bd103e55f3cf5366a16b9f\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-music_2007.dfsg.2-4ubuntu2.1_lpia.deb\r\n Size/MD5: 1723164 90c80aabe55eebee6a63cad6e18bb5cf\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-omega_2007.dfsg.2-4ubuntu2.1_lpia.deb\r\n Size/MD5: 2691874 135d72612887efab28fe228cf353d759\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.2-4ubuntu2.1_powerpc.deb\r\n Size/MD5: 167846 c2169ce87edd90661f12b1ec7b15b2ae\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.2-4ubuntu2.1_powerpc.deb\r\n Size/MD5: 127588 af7826c61138a00cb549fd59a22a0b36\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.2-4ubuntu2.1_powerpc.deb\r\n Size/MD5: 8610442 ec732d26794f3cc951c652f9135e8622\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.2-4ubuntu2.1_powerpc.deb\r\n Size/MD5: 2638622 6d217ff5c2a102dc7c67f1ede2fd9ea1\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.2-4ubuntu2.1_powerpc.deb\r\n Size/MD5: 731882 2e9e52f438dca627348af8eb56c24bed\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.2-4ubuntu2.1_powerpc.deb\r\n Size/MD5: 1311134 d565efc064aa1434e4e8504073261f9e\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.2-4ubuntu2.1_powerpc.deb\r\n Size/MD5: 6716338 634cd359de98ff217de9d041c2750360\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.2-4ubuntu2.1_powerpc.deb\r\n Size/MD5: 6801182 cc26651bd2934deec7c414993d9953fe\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-xetex_2007.dfsg.2-4ubuntu2.1_powerpc.deb\r\n Size/MD5: 6516376 6223a1c13952a27f16156e69619985c9\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-metapost_2007.dfsg.2-4ubuntu2.1_powerpc.deb\r\n Size/MD5: 646888 138369532005cdf4fb8dc77092f2675d\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-music_2007.dfsg.2-4ubuntu2.1_powerpc.deb\r\n Size/MD5: 1723222 15692ba2f697b346b575318988a3a3eb\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-omega_2007.dfsg.2-4ubuntu2.1_powerpc.deb\r\n Size/MD5: 2801028 db37ae73b09217bac67aa646e0eddcfc\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.2-4ubuntu2.1_sparc.deb\r\n Size/MD5: 162516 46d6aeeeb7f60c4fa62301ce6014794e\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.2-4ubuntu2.1_sparc.deb\r\n Size/MD5: 122296 0c31ba4660bf3370a4b22430e2cd02c1\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.2-4ubuntu2.1_sparc.deb\r\n Size/MD5: 8610424 4581c1e196deaba2ce3eb393962c15d4\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.2-4ubuntu2.1_sparc.deb\r\n Size/MD5: 2510782 13ce8627e986faae459e46fddeab4d73\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.2-4ubuntu2.1_sparc.deb\r\n Size/MD5: 655056 598254effdef393fbadc496403c80c74\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.2-4ubuntu2.1_sparc.deb\r\n Size/MD5: 1282340 d2d6536cab4823046ed2897dd7d87e1c\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.2-4ubuntu2.1_sparc.deb\r\n Size/MD5: 6715418 25246b96532482e88a2721e7c1d3d092\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.2-4ubuntu2.1_sparc.deb\r\n Size/MD5: 6801150 9a45197f73432a6d138dbe9d99baac25\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-xetex_2007.dfsg.2-4ubuntu2.1_sparc.deb\r\n Size/MD5: 6423334 74025318f610fc7bdd2a7846bd8dea4b\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-metapost_2007.dfsg.2-4ubuntu2.1_sparc.deb\r\n Size/MD5: 623424 a38c5e791237fb744e395f4e2f25c88e\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-music_2007.dfsg.2-4ubuntu2.1_sparc.deb\r\n Size/MD5: 1723168 fee6884712e6a17f49eb9cc420188129\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-omega_2007.dfsg.2-4ubuntu2.1_sparc.deb\r\n Size/MD5: 2761884 af3d208b33668f96d3729a1ceb691407\r\n\r\nUpdated packages for Ubuntu 9.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-bin_2007.dfsg.2-7ubuntu1.1.diff.gz\r\n Size/MD5: 370730 9e066108c7e5cf93566bd2ed967d39e2\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-bin_2007.dfsg.2-7ubuntu1.1.dsc\r\n Size/MD5: 1833 d03412d12872c44154681014b4d11149\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-bin_2007.dfsg.2.orig.tar.gz\r\n Size/MD5: 70727055 9b62b03b38f157b1ca9bfbd05d6c8bc7\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.2-7ubuntu1.1_amd64.deb\r\n Size/MD5: 166956 7beb18240a1289e778e2ec6143bb9646\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.2-7ubuntu1.1_amd64.deb\r\n Size/MD5: 123954 4f23d93c385f2c7dabb1a17819274c0f\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.2-7ubuntu1.1_amd64.deb\r\n Size/MD5: 8611244 9ca303b561835bff9b44545e153a4254\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.2-7ubuntu1.1_amd64.deb\r\n Size/MD5: 2642970 5d920272d4441a8ddc7c94f1fb4ed9cd\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.2-7ubuntu1.1_amd64.deb\r\n Size/MD5: 688900 22677e66b377c4b7f8bfbccf6c1fd3f4\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.2-7ubuntu1.1_amd64.deb\r\n Size/MD5: 1294376 c29b1149f7a1bb9bd98e080bd892b3f1\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.2-7ubuntu1.1_amd64.deb\r\n Size/MD5: 6716782 b3467d6c0ad4b4d7ff3a9f89eabfbea4\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.2-7ubuntu1.1_amd64.deb\r\n Size/MD5: 6802130 66e264a87fa4938d921ff7b4fae86340\r\n http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-metapost_2007.dfsg.2-7ubuntu1.1_amd64.deb\r\n Size/MD5: 642528 b0acbc78377c0eea74f3be5777d0b8db\r\n http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-music_2007.dfsg.2-7ubuntu1.1_amd64.deb\r\n Size/MD5: 1724582 862ca8fdb69668bc1e7ea928935aa8ee\r\n http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-omega_2007.dfsg.2-7ubuntu1.1_amd64.deb\r\n Size/MD5: 2820784 b9f834a83e123795380922e921b10a2d\r\n http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-xetex_2007.dfsg.2-7ubuntu1.1_amd64.deb\r\n Size/MD5: 6427404 5a202cd0a74c169d28d7b1aa3148c98e\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.2-7ubuntu1.1_i386.deb\r\n Size/MD5: 159870 18c3b66218a960c3c6b47efab46ac449\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.2-7ubuntu1.1_i386.deb\r\n Size/MD5: 121558 5611c6ec2670890a4c687fff5d0650ea\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.2-7ubuntu1.1_i386.deb\r\n Size/MD5: 8611212 99d0d42ac5afd0b274889b9044870f30\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.2-7ubuntu1.1_i386.deb\r\n Size/MD5: 2367810 9d5c16f1bc7208af4465168dee23fa9f\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.2-7ubuntu1.1_i386.deb\r\n Size/MD5: 605434 004837c3975cf7c3ca7243f865d95b28\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.2-7ubuntu1.1_i386.deb\r\n Size/MD5: 1259760 29cdfcd16d5edf0615037b9ee542daaa\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.2-7ubuntu1.1_i386.deb\r\n Size/MD5: 6715130 15b3dcf4c64b9df8b807094b96db5f99\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.2-7ubuntu1.1_i386.deb\r\n Size/MD5: 6802102 16cd6032d7f45e89071bddb4e68f1469\r\n http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-metapost_2007.dfsg.2-7ubuntu1.1_i386.deb\r\n Size/MD5: 604348 a76b3019dc8b62a6aa4bac64af76b798\r\n http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-music_2007.dfsg.2-7ubuntu1.1_i386.deb\r\n Size/MD5: 1724588 082d700e3dfabfd766b069d940a36c1a\r\n http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-omega_2007.dfsg.2-7ubuntu1.1_i386.deb\r\n Size/MD5: 2689608 36a0589de9187ecedb5005da147f27f1\r\n http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-xetex_2007.dfsg.2-7ubuntu1.1_i386.deb\r\n Size/MD5: 6344260 7a0e09629e9b321efb53d26811130c4a\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.2-7ubuntu1.1_lpia.deb\r\n Size/MD5: 160122 5282f8875c9282ad555082a1601dfe69\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.2-7ubuntu1.1_lpia.deb\r\n Size/MD5: 121490 7d134d12cd865f3d7fca3d9c3a1f177a\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.2-7ubuntu1.1_lpia.deb\r\n Size/MD5: 8611222 e091d389a556cca704344bb20968421c\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.2-7ubuntu1.1_lpia.deb\r\n Size/MD5: 2396624 6a5fd16ae2cbf32be0d486747fb98840\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.2-7ubuntu1.1_lpia.deb\r\n Size/MD5: 613542 76562d6d7e532d389230be20631220fd\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.2-7ubuntu1.1_lpia.deb\r\n Size/MD5: 1261552 ff48bf063ceac134c105bbd8ce71ca57\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.2-7ubuntu1.1_lpia.deb\r\n Size/MD5: 6715096 a671997d9a583eea45932eec174a5626\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.2-7ubuntu1.1_lpia.deb\r\n Size/MD5: 6802070 3b6e991e99c7adff752c51ec38018818\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-metapost_2007.dfsg.2-7ubuntu1.1_lpia.deb\r\n Size/MD5: 607050 d374ff9bc32b7031044b219fa1a30f37\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-music_2007.dfsg.2-7ubuntu1.1_lpia.deb\r\n Size/MD5: 1724564 9cbc738ee795248deda534aa214465df\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-omega_2007.dfsg.2-7ubuntu1.1_lpia.deb\r\n Size/MD5: 2700382 8443f051013aae76e719578593e71269\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-xetex_2007.dfsg.2-7ubuntu1.1_lpia.deb\r\n Size/MD5: 6364862 d0cd9ce5f585567d24730091ef6d565c\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.2-7ubuntu1.1_powerpc.deb\r\n Size/MD5: 168978 85932e4da91439d9dacfa15b1ff5682e\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.2-7ubuntu1.1_powerpc.deb\r\n Size/MD5: 126782 03f317aa0dbdd25b9b0bb451056d40b6\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.2-7ubuntu1.1_powerpc.deb\r\n Size/MD5: 8611240 f5ad329721ccc8e562a7765a3fd09801\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.2-7ubuntu1.1_powerpc.deb\r\n Size/MD5: 2629582 1b2fa0a47fe6d9b3c0a6aff57bac390a\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.2-7ubuntu1.1_powerpc.deb\r\n Size/MD5: 690706 a8d7dc6cd84f1e0f658f5bc5767ff310\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.2-7ubuntu1.1_powerpc.deb\r\n Size/MD5: 1298892 8be54cb778f442972df790197e154a9a\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.2-7ubuntu1.1_powerpc.deb\r\n Size/MD5: 6717706 2dff2dd873dddfec3cf1061b52e46462\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.2-7ubuntu1.1_powerpc.deb\r\n Size/MD5: 6802168 ebea7d5953bea8b58d0923f298e111aa\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-metapost_2007.dfsg.2-7ubuntu1.1_powerpc.deb\r\n Size/MD5: 642434 2aadc64b89f37a05565c5b223219e4ea\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-music_2007.dfsg.2-7ubuntu1.1_powerpc.deb\r\n Size/MD5: 1724614 7d35dd8508af5fe54a3513b959a4274e\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-omega_2007.dfsg.2-7ubuntu1.1_powerpc.deb\r\n Size/MD5: 2811298 6cfb8b827a1652833aab098b25947599\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-xetex_2007.dfsg.2-7ubuntu1.1_powerpc.deb\r\n Size/MD5: 6539956 d0ed00a6db36c6489fcd2937b0a3f452\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.2-7ubuntu1.1_sparc.deb\r\n Size/MD5: 164164 67aee948a311c661ee74089a3427199c\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.2-7ubuntu1.1_sparc.deb\r\n Size/MD5: 123424 0130484dd9f760ea8c2395824c472c59\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.2-7ubuntu1.1_sparc.deb\r\n Size/MD5: 8611262 0c0658b8cc2817837323a9feb0e36955\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.2-7ubuntu1.1_sparc.deb\r\n Size/MD5: 2538114 ffb48cf196cfd29d53e855cf27432d3c\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.2-7ubuntu1.1_sparc.deb\r\n Size/MD5: 661460 98dc295912e1cf3638a21ad909f7d5e1\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.2-7ubuntu1.1_sparc.deb\r\n Size/MD5: 1286810 42e759df9d13a617bebd35087525aeef\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.2-7ubuntu1.1_sparc.deb\r\n Size/MD5: 6717180 42303b589783218058fa4c0f59692ca0\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.2-7ubuntu1.1_sparc.deb\r\n Size/MD5: 6802166 2dabc0967441fa71986f600327080d6e\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-metapost_2007.dfsg.2-7ubuntu1.1_sparc.deb\r\n Size/MD5: 626820 92491a7eb12538f07c6afb27226b5c2e\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-music_2007.dfsg.2-7ubuntu1.1_sparc.deb\r\n Size/MD5: 1724548 b570f989ae99b4b9d380c1078628b5fe\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-omega_2007.dfsg.2-7ubuntu1.1_sparc.deb\r\n Size/MD5: 2796746 d723644351e8bc28efb8cd6aad4ab4ff\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-xetex_2007.dfsg.2-7ubuntu1.1_sparc.deb\r\n Size/MD5: 6450038 2268c573218e176cb6fc7e7ca85f01a2\r\n\r\nUpdated packages for Ubuntu 10.04:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-bin_2009-5ubuntu0.1.diff.gz\r\n Size/MD5: 57878 49fe58e3077e23c178b5582cbbef48b4\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-bin_2009-5ubuntu0.1.dsc\r\n Size/MD5: 1504 15db436e0f5230b811304c9271766a72\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-bin_2009.orig.tar.gz\r\n Size/MD5: 51837345 71e96632cff062dd8d9e4aa4973c2d8e\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea-dev_2009-5ubuntu0.1_amd64.deb\r\n Size/MD5: 176952 398d7696f52e07f9cf30f434e90d1542\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea5_2009-5ubuntu0.1_amd64.deb\r\n Size/MD5: 133308 d6a7b2bf463f52efc6534a11f9d76613\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-binaries_2009-5ubuntu0.1_amd64.deb\r\n Size/MD5: 8072588 91f8a29153b18eded17d91011557901a\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea-dev_2009-5ubuntu0.1_i386.deb\r\n Size/MD5: 169134 e830e2a965117ca001588630bcc58a2d\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea5_2009-5ubuntu0.1_i386.deb\r\n Size/MD5: 129520 4c61c76d596df4cb659aa80cbc2520fb\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-binaries_2009-5ubuntu0.1_i386.deb\r\n Size/MD5: 7438860 9f7e5f31da6d7fec3d60ebe363c797e0\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea-dev_2009-5ubuntu0.1_powerpc.deb\r\n Size/MD5: 178184 d6f96d0aeff12315b26a795ce5a7b780\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea5_2009-5ubuntu0.1_powerpc.deb\r\n Size/MD5: 134874 b272fee16f29d5313a8e72826b67db0c\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-binaries_2009-5ubuntu0.1_powerpc.deb\r\n Size/MD5: 8317828 6e8d0e13b31c3527ba7c3f592fe9074d\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea-dev_2009-5ubuntu0.1_sparc.deb\r\n Size/MD5: 173162 1b9f36e89af28691f4cded591d98185d\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea5_2009-5ubuntu0.1_sparc.deb\r\n Size/MD5: 131604 52775233b790ce1648770202f6ca6a8a\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-binaries_2009-5ubuntu0.1_sparc.deb\r\n Size/MD5: 8162802 c1c70e46ce659cbcd4150b299eee618f\r\n\r\n\r\n", "edition": 1, "modified": "2010-05-11T00:00:00", "published": "2010-05-11T00:00:00", "id": "SECURITYVULNS:DOC:23813", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23813", "title": "[USN-937-1] TeX Live vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:34", "bulletinFamily": "software", "cvelist": ["CVE-2010-0829"], "description": "===========================================================\r\nUbuntu Security Notice USN-936-1 May 06, 2010\r\ndvipng vulnerability\r\nCVE-2010-0829\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 9.04\r\nUbuntu 9.10\r\nUbuntu 10.04 LTS\r\n\r\nThis advisory also applies to the corresponding versions of\r\nKubuntu, Edubuntu, and Xubuntu.\r\n\r\nThe problem can be corrected by upgrading your system to the\r\nfollowing package versions:\r\n\r\nUbuntu 9.04:\r\n dvipng 1.11-1ubuntu0.9.04.1\r\n\r\nUbuntu 9.10:\r\n dvipng 1.11-1ubuntu0.9.10.1\r\n\r\nUbuntu 10.04 LTS:\r\n dvipng 1.12-3ubuntu0.1\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nDetails follow:\r\n\r\nDan Rosenberg discovered that dvipng incorrectly handled certain malformed\r\ndvi files. If a user or automated system were tricked into processing a\r\nspecially crafted dvi file, an attacker could cause a denial of service via\r\napplication crash, or possibly execute arbitrary code with the privileges\r\nof the user invoking the program.\r\n\r\n\r\nUpdated packages for Ubuntu 9.04:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.04.1.diff.gz\r\n Size/MD5: 5637 dabdea489ab5eb30b69d29a32b25a8d3\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.04.1.dsc\r\n Size/MD5: 1359 639e1723ccc0ff923d3172d43bc62d41\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11.orig.tar.gz\r\n Size/MD5: 167331 6afa95aec70e4c5934268cff0443f89c\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.04.1_amd64.deb\r\n Size/MD5: 81990 37a793d70ba97eb31c2905b1ccc5022e\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.04.1_i386.deb\r\n Size/MD5: 78506 49d6f36271ae60ef9de6d51c64758c12\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.04.1_lpia.deb\r\n Size/MD5: 78906 ed6c1393fbab607bc0a74823a771f438\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.04.1_powerpc.deb\r\n Size/MD5: 86220 048fecd5ab09ad94bc6478bcb32d6d8a\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.04.1_sparc.deb\r\n Size/MD5: 80010 a4b43b1a6213ecc7355ab2956459c87b\r\n\r\nUpdated packages for Ubuntu 9.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.10.1.diff.gz\r\n Size/MD5: 5641 3dafdf50218a6269ef6fddcc0a21e6f8\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.10.1.dsc\r\n Size/MD5: 1359 1023698785011a4d5ea940e4a88dbb50\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11.orig.tar.gz\r\n Size/MD5: 167331 6afa95aec70e4c5934268cff0443f89c\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.10.1_amd64.deb\r\n Size/MD5: 82752 e6bcc7f9620e5e41db0358fb83b5aa0a\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.10.1_i386.deb\r\n Size/MD5: 77646 0f0464056a785b77388bec0f4b6999ef\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.10.1_lpia.deb\r\n Size/MD5: 77802 3953c9bc7c276e9e9796f9beaa6c809a\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.10.1_powerpc.deb\r\n Size/MD5: 85848 1ad664271069cfc80ddfea5d79f54910\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.10.1_sparc.deb\r\n Size/MD5: 82060 e7d8269582cd2e0e0616a84199cc5f62\r\n\r\nUpdated packages for Ubuntu 10.04:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.12-3ubuntu0.1.diff.gz\r\n Size/MD5: 5701 a4a8c25123f44e6f975775b651a851ad\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.12-3ubuntu0.1.dsc\r\n Size/MD5: 1285 3fad39f6fd7c4354e2197a28d799222c\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.12.orig.tar.gz\r\n Size/MD5: 168196 0925fb516cdf6b2207138781a4b3076e\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.12-3ubuntu0.1_amd64.deb\r\n Size/MD5: 90440 21750b0a43906006e18fb0a57cbb861b\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.12-3ubuntu0.1_i386.deb\r\n Size/MD5: 85282 b229656ab335dc77d682b195e3021e06\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.12-3ubuntu0.1_powerpc.deb\r\n Size/MD5: 93626 c5d5b932dddb9b78c90c87478c14878c\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.12-3ubuntu0.1_sparc.deb\r\n Size/MD5: 91402 fc79245fa0cbc7719c7dd9b28776af09\r\n\r\n\r\n", "edition": 1, "modified": "2010-05-11T00:00:00", "published": "2010-05-11T00:00:00", "id": "SECURITYVULNS:DOC:23812", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23812", "title": "[USN-936-1] dvipng vulnerability", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-17T14:03:45", "description": "Specially crafted dvi files could cause buffer overflows in dvips and\ndvipng (CVE-2010-0827, CVE-2010-0829, CVE-2010-0739, CVE-2010-1440).", "edition": 24, "published": "2010-05-15T00:00:00", "title": "openSUSE Security Update : texlive (openSUSE-SU-2010:0251-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0829", "CVE-2010-1440", "CVE-2010-0827", "CVE-2010-0739"], "modified": "2010-05-15T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:texlive-dvilj", "p-cpe:/a:novell:opensuse:texlive-tex4ht", "p-cpe:/a:novell:opensuse:texlive-cjk", "p-cpe:/a:novell:opensuse:texlive-metapost", "cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:texlive", "p-cpe:/a:novell:opensuse:texlive-xetex", "p-cpe:/a:novell:opensuse:texlive-omega", "p-cpe:/a:novell:opensuse:texlive-xmltex", "p-cpe:/a:novell:opensuse:texlive-latex", "p-cpe:/a:novell:opensuse:texlive-ppower4", "p-cpe:/a:novell:opensuse:texlive-arab", "p-cpe:/a:novell:opensuse:texlive-nfs", "p-cpe:/a:novell:opensuse:texlive-bin", "p-cpe:/a:novell:opensuse:texlive-tools", "p-cpe:/a:novell:opensuse:texlive-musictex", "p-cpe:/a:novell:opensuse:texlive-devel", "p-cpe:/a:novell:opensuse:texlive-jadetex", "p-cpe:/a:novell:opensuse:texlive-context"], "id": "SUSE_11_0_TEXLIVE-100503.NASL", "href": "https://www.tenable.com/plugins/nessus/46340", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update texlive-2392.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46340);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0739\", \"CVE-2010-0827\", \"CVE-2010-0829\", \"CVE-2010-1440\");\n\n script_name(english:\"openSUSE Security Update : texlive (openSUSE-SU-2010:0251-1)\");\n script_summary(english:\"Check for the texlive-2392 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted dvi files could cause buffer overflows in dvips and\ndvipng (CVE-2010-0827, CVE-2010-0829, CVE-2010-0739, CVE-2010-1440).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=587794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-05/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected texlive packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-arab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-cjk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-context\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-dvilj\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-jadetex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-latex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-metapost\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-musictex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-nfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-omega\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-ppower4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-tex4ht\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-xetex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-xmltex\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"texlive-2007-177.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"texlive-arab-2007-177.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"texlive-bin-2007-176.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"texlive-cjk-2007-177.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"texlive-context-2007-177.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"texlive-devel-2007-177.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"texlive-dvilj-2007-177.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"texlive-jadetex-2007-177.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"texlive-latex-2007-177.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"texlive-metapost-2007-177.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"texlive-musictex-2007-177.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"texlive-nfs-2007-177.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"texlive-omega-2007-177.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"texlive-ppower4-2007-177.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"texlive-tex4ht-2007-177.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"texlive-tools-2007-177.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"texlive-xetex-2007-177.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"texlive-xmltex-2007-177.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"texlive / texlive-arab / texlive-bin / texlive-cjk / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:05:09", "description": "Specially crafted dvi files could cause buffer overflows in dvips and\ndvipng (CVE-2010-0827, CVE-2010-0829, CVE-2010-0739, CVE-2010-1440).", "edition": 24, "published": "2010-05-15T00:00:00", "title": "openSUSE Security Update : texlive (openSUSE-SU-2010:0251-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0829", "CVE-2010-1440", "CVE-2010-0827", "CVE-2010-0739"], "modified": "2010-05-15T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:texlive-dvilj", "p-cpe:/a:novell:opensuse:texlive-tex4ht", "p-cpe:/a:novell:opensuse:texlive-cjk", "p-cpe:/a:novell:opensuse:texlive-metapost", "p-cpe:/a:novell:opensuse:texlive", "p-cpe:/a:novell:opensuse:texlive-xetex", "p-cpe:/a:novell:opensuse:texlive-omega", "p-cpe:/a:novell:opensuse:texlive-xmltex", "cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:texlive-latex", "p-cpe:/a:novell:opensuse:texlive-ppower4", "p-cpe:/a:novell:opensuse:texlive-arab", "p-cpe:/a:novell:opensuse:texlive-nfs", "p-cpe:/a:novell:opensuse:texlive-bin", "p-cpe:/a:novell:opensuse:texlive-tools", "p-cpe:/a:novell:opensuse:texlive-musictex", "p-cpe:/a:novell:opensuse:texlive-devel", "p-cpe:/a:novell:opensuse:texlive-jadetex", "p-cpe:/a:novell:opensuse:texlive-context"], "id": "SUSE_11_1_TEXLIVE-100503.NASL", "href": "https://www.tenable.com/plugins/nessus/46342", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update texlive-2392.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46342);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0739\", \"CVE-2010-0827\", \"CVE-2010-0829\", \"CVE-2010-1440\");\n\n script_name(english:\"openSUSE Security Update : texlive (openSUSE-SU-2010:0251-1)\");\n script_summary(english:\"Check for the texlive-2392 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted dvi files could cause buffer overflows in dvips and\ndvipng (CVE-2010-0827, CVE-2010-0829, CVE-2010-0739, CVE-2010-1440).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=587794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-05/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected texlive packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-arab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-cjk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-context\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-dvilj\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-jadetex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-latex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-metapost\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-musictex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-nfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-omega\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-ppower4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-tex4ht\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-xetex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-xmltex\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"texlive-2007-219.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"texlive-arab-2007-219.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"texlive-bin-2007-219.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"texlive-cjk-2007-219.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"texlive-context-2007-219.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"texlive-devel-2007-219.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"texlive-dvilj-2007-219.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"texlive-jadetex-2007-219.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"texlive-latex-2007-219.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"texlive-metapost-2007-219.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"texlive-musictex-2007-219.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"texlive-nfs-2007-219.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"texlive-omega-2007-219.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"texlive-ppower4-2007-219.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"texlive-tex4ht-2007-219.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"texlive-tools-2007-219.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"texlive-xetex-2007-219.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"texlive-xmltex-2007-219.7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"texlive / texlive-arab / texlive-bin / texlive-cjk / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:06:41", "description": "Specially crafted dvi files could cause buffer overflows in dvips and\ndvipng (CVE-2010-0827, CVE-2010-0829, CVE-2010-0739, CVE-2010-1440).", "edition": 24, "published": "2010-05-15T00:00:00", "title": "openSUSE Security Update : texlive (openSUSE-SU-2010:0251-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0829", "CVE-2010-1440", "CVE-2010-0827", "CVE-2010-0739"], "modified": "2010-05-15T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:texlive-dvilj", "p-cpe:/a:novell:opensuse:texlive-tex4ht", "p-cpe:/a:novell:opensuse:texlive-cjk", "p-cpe:/a:novell:opensuse:texlive-metapost", "p-cpe:/a:novell:opensuse:texlive", "p-cpe:/a:novell:opensuse:texlive-xetex", "p-cpe:/a:novell:opensuse:texlive-omega", "p-cpe:/a:novell:opensuse:texlive-xmltex", "p-cpe:/a:novell:opensuse:texlive-latex", "p-cpe:/a:novell:opensuse:texlive-ppower4", "cpe:/o:novell:opensuse:11.2", "p-cpe:/a:novell:opensuse:texlive-arab", "p-cpe:/a:novell:opensuse:texlive-nfs", "p-cpe:/a:novell:opensuse:texlive-bin", "p-cpe:/a:novell:opensuse:texlive-tools", "p-cpe:/a:novell:opensuse:texlive-musictex", "p-cpe:/a:novell:opensuse:texlive-devel", "p-cpe:/a:novell:opensuse:texlive-jadetex", "p-cpe:/a:novell:opensuse:texlive-context"], "id": "SUSE_11_2_TEXLIVE-100504.NASL", "href": "https://www.tenable.com/plugins/nessus/46344", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update texlive-2392.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46344);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0739\", \"CVE-2010-0827\", \"CVE-2010-0829\", \"CVE-2010-1440\");\n\n script_name(english:\"openSUSE Security Update : texlive (openSUSE-SU-2010:0251-1)\");\n script_summary(english:\"Check for the texlive-2392 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted dvi files could cause buffer overflows in dvips and\ndvipng (CVE-2010-0827, CVE-2010-0829, CVE-2010-0739, CVE-2010-1440).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=587794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-05/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected texlive packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-arab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-cjk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-context\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-dvilj\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-jadetex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-latex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-metapost\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-musictex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-nfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-omega\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-ppower4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-tex4ht\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-xetex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-xmltex\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"texlive-2008-13.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"texlive-arab-2008-13.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"texlive-bin-2008-13.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"texlive-cjk-2008-13.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"texlive-context-2008-13.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"texlive-devel-2008-13.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"texlive-dvilj-2008-13.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"texlive-jadetex-2008-13.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"texlive-latex-2008-13.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"texlive-metapost-2008-13.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"texlive-musictex-2008-13.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"texlive-nfs-2008-13.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"texlive-omega-2008-13.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"texlive-ppower4-2008-13.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"texlive-tex4ht-2008-13.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"texlive-tools-2008-13.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"texlive-xetex-2008-13.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"texlive-xmltex-2008-13.18.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"texlive / texlive-arab / texlive-bin / texlive-cjk / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:47:12", "description": "Specially crafted dvi files could cause buffer overflows in dvips and\ndvipng (CVE-2010-0827 / CVE-2010-0829 / CVE-2010-0739 /\nCVE-2010-1440). This has been fixed.", "edition": 23, "published": "2011-01-27T00:00:00", "title": "SuSE 10 Security Update : TeX (ZYPP Patch Number 7020)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0829", "CVE-2010-1440", "CVE-2010-0827", "CVE-2010-0739"], "modified": "2011-01-27T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_TE_AMS-7020.NASL", "href": "https://www.tenable.com/plugins/nessus/51761", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51761);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0739\", \"CVE-2010-0827\", \"CVE-2010-0829\", \"CVE-2010-1440\");\n\n script_name(english:\"SuSE 10 Security Update : TeX (ZYPP Patch Number 7020)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted dvi files could cause buffer overflows in dvips and\ndvipng (CVE-2010-0827 / CVE-2010-0829 / CVE-2010-0739 /\nCVE-2010-1440). This has been fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0739.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0827.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1440.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7020.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"te_ams-3.0-37.13.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"te_cont-3.0-37.13.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"te_dvilj-3.0-37.13.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"te_eplai-3.0-37.13.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"te_kpath-3.0-37.13.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"te_latex-3.0-37.13.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"te_mpost-3.0-37.13.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"te_omega-3.0-37.13.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"te_ptex-3.0-37.13.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"te_web-3.0-37.13.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"tetex-3.0-37.13.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:13:55", "description": "Specially crafted dvi files could cause buffer overflows in dvips and\ndvipng (CVE-2010-0827 / CVE-2010-0829 / CVE-2010-0739 /\nCVE-2010-1440). This has been fixed.", "edition": 23, "published": "2010-12-02T00:00:00", "title": "SuSE 11 Security Update : TeX (SAT Patch Number 2393)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0829", "CVE-2010-1440", "CVE-2010-0827", "CVE-2010-0739"], "modified": "2010-12-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:texlive-latex", "p-cpe:/a:novell:suse_linux:11:texlive-jadetex", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:texlive-tools", "p-cpe:/a:novell:suse_linux:11:texlive", "p-cpe:/a:novell:suse_linux:11:texlive-cjk"], "id": "SUSE_11_TEXLIVE-100504.NASL", "href": "https://www.tenable.com/plugins/nessus/50963", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50963);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0739\", \"CVE-2010-0827\", \"CVE-2010-0829\", \"CVE-2010-1440\");\n\n script_name(english:\"SuSE 11 Security Update : TeX (SAT Patch Number 2393)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted dvi files could cause buffer overflows in dvips and\ndvipng (CVE-2010-0827 / CVE-2010-0829 / CVE-2010-0739 /\nCVE-2010-1440). This has been fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=587794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0739.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0827.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1440.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 2393.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:texlive\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:texlive-cjk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:texlive-jadetex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:texlive-latex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:texlive-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"texlive-2007-219.32.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"texlive-cjk-2007-219.32.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"texlive-jadetex-2007-219.32.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"texlive-latex-2007-219.32.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"texlive-tools-2007-219.32.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"texlive-2007-219.32.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"texlive-cjk-2007-219.32.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"texlive-jadetex-2007-219.32.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"texlive-latex-2007-219.32.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"texlive-tools-2007-219.32.13.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:08:52", "description": "Changes in this update: * fixes for CVE-2010-0739 and CVE-2010-1440 *\nadds missing defattr to filelists * fixes directory ownership of\n/var/lib/texmf/web2c * uses official tarball for jpatch * fixes\npost/postun scriptlets\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2010-07-01T00:00:00", "title": "Fedora 11 : texlive-2007-47.fc11 (2010-8273)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1440", "CVE-2010-0739"], "modified": "2010-07-01T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:texlive", "cpe:/o:fedoraproject:fedora:11"], "id": "FEDORA_2010-8273.NASL", "href": "https://www.tenable.com/plugins/nessus/47481", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-8273.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47481);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-0739\", \"CVE-2010-1440\");\n script_bugtraq_id(34332, 39500);\n script_xref(name:\"FEDORA\", value:\"2010-8273\");\n\n script_name(english:\"Fedora 11 : texlive-2007-47.fc11 (2010-8273)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Changes in this update: * fixes for CVE-2010-0739 and CVE-2010-1440 *\nadds missing defattr to filelists * fixes directory ownership of\n/var/lib/texmf/web2c * uses official tarball for jpatch * fixes\npost/postun scriptlets\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=572941\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=586819\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-May/041573.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?806d8474\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected texlive package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:texlive\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"texlive-2007-47.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"texlive\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:08:52", "description": "Changes in this update: * fixes for CVE-2010-0739 and CVE-2010-1440 *\nadds missing defattr to filelists * fixes directory ownership of\n/var/lib/texmf/web2c * uses official tarball for jpatch * fixes\npost/postun scriptlets\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2010-07-01T00:00:00", "title": "Fedora 12 : texlive-2007-48.fc12 (2010-8242)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1440", "CVE-2010-0739"], "modified": "2010-07-01T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:texlive", "cpe:/o:fedoraproject:fedora:12"], "id": "FEDORA_2010-8242.NASL", "href": "https://www.tenable.com/plugins/nessus/47479", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-8242.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47479);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-0739\", \"CVE-2010-1440\");\n script_bugtraq_id(39500);\n script_xref(name:\"FEDORA\", value:\"2010-8242\");\n\n script_name(english:\"Fedora 12 : texlive-2007-48.fc12 (2010-8242)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Changes in this update: * fixes for CVE-2010-0739 and CVE-2010-1440 *\nadds missing defattr to filelists * fixes directory ownership of\n/var/lib/texmf/web2c * uses official tarball for jpatch * fixes\npost/postun scriptlets\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=572941\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=586819\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-May/041567.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2d91fe83\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected texlive package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:texlive\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"texlive-2007-48.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"texlive\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:08:53", "description": "Changes in this update: * fixes for CVE-2010-0739 and CVE-2010-1440 *\nadds missing defattr to filelists * fixes directory ownership of\n/var/lib/texmf/web2c * uses official tarball for jpatch * fixes\npost/postun scriptlets\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2010-07-01T00:00:00", "title": "Fedora 13 : texlive-2007-51.fc13 (2010-8314)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1440", "CVE-2010-0739"], "modified": "2010-07-01T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:texlive", "cpe:/o:fedoraproject:fedora:13"], "id": "FEDORA_2010-8314.NASL", "href": "https://www.tenable.com/plugins/nessus/47485", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-8314.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47485);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-0739\", \"CVE-2010-1440\");\n script_bugtraq_id(39500);\n script_xref(name:\"FEDORA\", value:\"2010-8314\");\n\n script_name(english:\"Fedora 13 : texlive-2007-51.fc13 (2010-8314)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Changes in this update: * fixes for CVE-2010-0739 and CVE-2010-1440 *\nadds missing defattr to filelists * fixes directory ownership of\n/var/lib/texmf/web2c * uses official tarball for jpatch * fixes\npost/postun scriptlets\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=572941\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=586819\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-May/041556.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e0f14093\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected texlive package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:texlive\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"texlive-2007-51.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"texlive\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:52:40", "description": "Multiple vulnerabilities has been discovered and fixed in tetex :\n\nBuffer overflow in BibTeX 0.99 allows context-dependent attackers to\ncause a denial of service (memory corruption and crash) via a long\n.bib bibliography file (CVE-2009-1284).\n\nInteger overflow in the ObjectStream::ObjectStream function in XRef.cc\nin Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf,\nkdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote\nattackers to execute arbitrary code via a crafted PDF document that\ntriggers a heap-based buffer overflow (CVE-2009-3608).\n\nInteger overflow in dvips in TeX Live 2009 and earlier, and teTeX,\nallows remote attackers to cause a denial of service (application\ncrash) or possibly execute arbitrary code via a crafted virtual font\n(VF) file associated with a DVI file (CVE-2010-0827).\n\nMultiple array index errors in set.c in dvipng 1.11 and 1.12, and\nteTeX, allow remote attackers to cause a denial of service\n(application crash) or possibly execute arbitrary code via a malformed\nDVI file (CVE-2010-0829).\n\nInteger overflow in the predospecial function in dospecial.c in dvips\nin (1) TeX Live and (2) teTeX might allow user-assisted remote\nattackers to execute arbitrary code via a crafted DVI file that\ntriggers a heap-based buffer overflow. NOTE: some of these details are\nobtained from third-party information (CVE-2010-0739).\n\nMultiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live\n2009 and earlier, and teTeX, allow remote attackers to cause a denial\nof service (application crash) or possibly execute arbitrary code via\na special command in a DVI file, related to the (1) predospecial and\n(2) bbdospecial functions, a different vulnerability than\nCVE-2010-0739 (CVE-2010-1440).\n\nPackages for 2008.0 and 2009.0 are provided due to the Extended\nMaintenance Program for those products.\n\nThe corrected packages solves these problems.", "edition": 26, "published": "2010-05-13T00:00:00", "title": "Mandriva Linux Security Advisory : tetex (MDVSA-2010:094)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3608", "CVE-2010-0829", "CVE-2010-1440", "CVE-2010-0827", "CVE-2010-0739", "CVE-2009-1284"], "modified": "2010-05-13T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:tetex-dvips", "p-cpe:/a:mandriva:linux:jadetex", "p-cpe:/a:mandriva:linux:tetex-afm", "p-cpe:/a:mandriva:linux:xmltex", "p-cpe:/a:mandriva:linux:tetex", "p-cpe:/a:mandriva:linux:tetex-usrlocal", "cpe:/o:mandriva:linux:2009.0", "p-cpe:/a:mandriva:linux:tetex-context", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:tetex-texi2html", "p-cpe:/a:mandriva:linux:tetex-xdvi", "p-cpe:/a:mandriva:linux:tetex-mfwin", "cpe:/o:mandriva:linux:2009.1", "p-cpe:/a:mandriva:linux:tetex-devel", "p-cpe:/a:mandriva:linux:tetex-dvilj", "p-cpe:/a:mandriva:linux:tetex-dvipdfm", "cpe:/o:mandriva:linux:2010.0", "p-cpe:/a:mandriva:linux:tetex-doc", "p-cpe:/a:mandriva:linux:tetex-latex"], "id": "MANDRIVA_MDVSA-2010-094.NASL", "href": "https://www.tenable.com/plugins/nessus/46330", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:094. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46330);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2009-1284\",\n \"CVE-2009-3608\",\n \"CVE-2010-0739\",\n \"CVE-2010-0827\",\n \"CVE-2010-0829\",\n \"CVE-2010-1440\"\n );\n script_bugtraq_id(\n 34332,\n 36703,\n 39500,\n 39966,\n 39969\n );\n script_xref(name:\"MDVSA\", value:\"2010:094\");\n\n script_name(english:\"Mandriva Linux Security Advisory : tetex (MDVSA-2010:094)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been discovered and fixed in tetex :\n\nBuffer overflow in BibTeX 0.99 allows context-dependent attackers to\ncause a denial of service (memory corruption and crash) via a long\n.bib bibliography file (CVE-2009-1284).\n\nInteger overflow in the ObjectStream::ObjectStream function in XRef.cc\nin Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf,\nkdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote\nattackers to execute arbitrary code via a crafted PDF document that\ntriggers a heap-based buffer overflow (CVE-2009-3608).\n\nInteger overflow in dvips in TeX Live 2009 and earlier, and teTeX,\nallows remote attackers to cause a denial of service (application\ncrash) or possibly execute arbitrary code via a crafted virtual font\n(VF) file associated with a DVI file (CVE-2010-0827).\n\nMultiple array index errors in set.c in dvipng 1.11 and 1.12, and\nteTeX, allow remote attackers to cause a denial of service\n(application crash) or possibly execute arbitrary code via a malformed\nDVI file (CVE-2010-0829).\n\nInteger overflow in the predospecial function in dospecial.c in dvips\nin (1) TeX Live and (2) teTeX might allow user-assisted remote\nattackers to execute arbitrary code via a crafted DVI file that\ntriggers a heap-based buffer overflow. NOTE: some of these details are\nobtained from third-party information (CVE-2010-0739).\n\nMultiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live\n2009 and earlier, and teTeX, allow remote attackers to cause a denial\nof service (application crash) or possibly execute arbitrary code via\na special command in a DVI file, related to the (1) predospecial and\n(2) bbdospecial functions, a different vulnerability than\nCVE-2010-0739 (CVE-2010-1440).\n\nPackages for 2008.0 and 2009.0 are provided due to the Extended\nMaintenance Program for those products.\n\nThe corrected packages solves these problems.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:jadetex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tetex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tetex-afm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tetex-context\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tetex-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tetex-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tetex-dvilj\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tetex-dvipdfm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tetex-dvips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tetex-latex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tetex-mfwin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tetex-texi2html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tetex-usrlocal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tetex-xdvi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xmltex\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"jadetex-3.12-136.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tetex-3.0-38.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tetex-afm-3.0-38.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tetex-context-3.0-38.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tetex-devel-3.0-38.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tetex-doc-3.0-38.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tetex-dvilj-3.0-38.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tetex-dvipdfm-3.0-38.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tetex-dvips-3.0-38.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tetex-latex-3.0-38.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tetex-mfwin-3.0-38.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tetex-texi2html-3.0-38.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tetex-usrlocal-3.0-38.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tetex-xdvi-3.0-38.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xmltex-1.9-84.2mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", reference:\"jadetex-3.12-145.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tetex-3.0-47.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tetex-afm-3.0-47.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tetex-context-3.0-47.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tetex-devel-3.0-47.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tetex-doc-3.0-47.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tetex-dvilj-3.0-47.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tetex-dvipdfm-3.0-47.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tetex-dvips-3.0-47.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tetex-latex-3.0-47.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tetex-mfwin-3.0-47.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tetex-texi2html-3.0-47.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tetex-usrlocal-3.0-47.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tetex-xdvi-3.0-47.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"xmltex-1.9-93.1mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.1\", reference:\"jadetex-3.12-146.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tetex-3.0-48.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tetex-afm-3.0-48.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tetex-context-3.0-48.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tetex-devel-3.0-48.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tetex-doc-3.0-48.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tetex-dvilj-3.0-48.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tetex-dvipdfm-3.0-48.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tetex-dvips-3.0-48.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tetex-latex-3.0-48.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tetex-mfwin-3.0-48.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tetex-texi2html-3.0-48.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tetex-usrlocal-3.0-48.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tetex-xdvi-3.0-48.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"xmltex-1.9-94.1mdv2009.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.0\", reference:\"jadetex-3.12-147.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tetex-3.0-49.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tetex-afm-3.0-49.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tetex-context-3.0-49.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tetex-devel-3.0-49.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tetex-doc-3.0-49.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tetex-dvilj-3.0-49.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tetex-dvipdfm-3.0-49.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tetex-dvips-3.0-49.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tetex-latex-3.0-49.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tetex-mfwin-3.0-49.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tetex-texi2html-3.0-49.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tetex-usrlocal-3.0-49.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tetex-xdvi-3.0-49.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"xmltex-1.9-95.1mdv2010.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:54:22", "description": "The remote host is affected by the vulnerability described in GLSA-201206-28\n(TeX Live: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in texlive-core. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n These vulnerabilities might allow user-assisted remote attackers to\n execute arbitrary code via a specially crafted DVI file, or cause a\n Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 21, "published": "2012-06-26T00:00:00", "title": "GLSA-201206-28 : TeX Live: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1440", "CVE-2010-0827", "CVE-2010-0739", "CVE-2009-1284"], "modified": "2012-06-26T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:texlive-core", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201206-28.NASL", "href": "https://www.tenable.com/plugins/nessus/59701", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201206-28.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59701);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-1284\", \"CVE-2010-0739\", \"CVE-2010-0827\", \"CVE-2010-1440\");\n script_bugtraq_id(34332, 39500, 39966, 39971);\n script_xref(name:\"GLSA\", value:\"201206-28\");\n\n script_name(english:\"GLSA-201206-28 : TeX Live: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201206-28\n(TeX Live: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in texlive-core. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n These vulnerabilities might allow user-assisted remote attackers to\n execute arbitrary code via a specially crafted DVI file, or cause a\n Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201206-28\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All texlive-core users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-text/texlive-core-2009-r2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:texlive-core\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-text/texlive-core\", unaffected:make_list(\"ge 2009-r2\"), vulnerable:make_list(\"lt 2009-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"TeX Live\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-09T00:30:11", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1440", "CVE-2010-0827", "CVE-2010-0739", "CVE-2009-1284"], "description": "It was discovered that TeX Live incorrectly handled certain long .bib \nbibliography files. If a user or automated system were tricked into \nprocessing a specially crafted bib file, an attacker could cause a denial \nof service via application crash. This issue only affected Ubuntu 8.04 LTS, \n9.04 and 9.10. (CVE-2009-1284)\n\nMarc Schoenefeld, Karel \u0160rot and Ludwig Nussel discovered that TeX Live \nincorrectly handled certain malformed dvi files. If a user or automated \nsystem were tricked into processing a specially crafted dvi file, an \nattacker could cause a denial of service via application crash, or possibly \nexecute arbitrary code with the privileges of the user invoking the \nprogram. (CVE-2010-0739, CVE-2010-1440)\n\nDan Rosenberg discovered that TeX Live incorrectly handled certain \nmalformed dvi files. If a user or automated system were tricked into \nprocessing a specially crafted dvi file, an attacker could cause a denial \nof service via application crash, or possibly execute arbitrary code with \nthe privileges of the user invoking the program. (CVE-2010-0827)", "edition": 68, "modified": "2010-05-06T00:00:00", "published": "2010-05-06T00:00:00", "id": "USN-937-1", "href": "https://ubuntu.com/security/notices/USN-937-1", "title": "TeX Live vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-09T00:31:38", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0829"], "description": "Dan Rosenberg discovered that dvipng incorrectly handled certain malformed \ndvi files. If a user or automated system were tricked into processing a \nspecially crafted dvi file, an attacker could cause a denial of service via \napplication crash, or possibly execute arbitrary code with the privileges \nof the user invoking the program.", "edition": 5, "modified": "2010-05-06T00:00:00", "published": "2010-05-06T00:00:00", "id": "USN-936-1", "href": "https://ubuntu.com/security/notices/USN-936-1", "title": "dvipng vulnerability", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:42", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1440", "CVE-2010-0827", "CVE-2010-0739", "CVE-2009-1284"], "edition": 1, "description": "### Background\n\nTeX Live is a complete TeX distribution.\n\n### Description\n\nMultiple vulnerabilities have been discovered in texlive-core. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nThese vulnerabilities might allow user-assisted remote attackers to execute arbitrary code via a specially-crafted DVI file, or cause a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll texlive-core users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/texlive-core-2009-r2\"", "modified": "2012-06-25T00:00:00", "published": "2012-06-25T00:00:00", "id": "GLSA-201206-28", "href": "https://security.gentoo.org/glsa/201206-28", "type": "gentoo", "title": "TeX Live: Multiple vulnerabilities", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-06T19:46:16", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2060", "CVE-2009-4411", "CVE-2008-0553", "CVE-2009-0946", "CVE-2010-1511", "CVE-2009-0361", "CVE-2008-6218", "CVE-2008-5907", "CVE-2010-0436", "CVE-2010-1205", "CVE-2007-2741", "CVE-2010-0829", "CVE-2009-4896", "CVE-2010-2945", "CVE-2010-2809", "CVE-2009-0040", "CVE-2010-2192", "CVE-2010-2056", "CVE-2009-2042", "CVE-2010-0001", "CVE-2008-6661", "CVE-2010-2529", "CVE-2009-4029", "CVE-2006-3005", "CVE-2010-2251", "CVE-2009-0360", "CVE-2010-0732", "CVE-2008-1382", "CVE-2009-3736", "CVE-2010-1000", "CVE-2009-2624"], "description": "### Background\n\nFor more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. \n\n### Description\n\nVulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. \n\n * Insight\n * Perl Tk Module\n * Source-Navigator\n * Tk\n * Partimage\n * Mlmmj\n * acl\n * Xinit\n * gzip\n * ncompress\n * liblzw\n * splashutils\n * GNU M4\n * KDE Display Manager\n * GTK+\n * KGet\n * dvipng\n * Beanstalk\n * Policy Mount\n * pam_krb5\n * GNU gv\n * LFTP\n * Uzbl\n * Slim\n * Bitdefender Console\n * iputils\n * DVBStreamer\n\n### Impact\n\nA context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. \n\n### Workaround\n\nThere are no known workarounds at this time.\n\n### Resolution\n\nAll Insight users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-util/insight-6.7.1-r1\"\n \n\nAll Perl Tk Module users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-perl/perl-tk-804.028-r2\"\n \n\nAll Source-Navigator users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-util/sourcenav-5.1.4\"\n \n\nAll Tk users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/tk-8.4.18-r1\"\n \n\nAll Partimage users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-block/partimage-0.6.8\"\n \n\nAll Mlmmj users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-mail/mlmmj-1.2.17.1\"\n \n\nAll acl users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-apps/acl-2.2.49\"\n \n\nAll Xinit users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-apps/xinit-1.2.0-r4\"\n \n\nAll gzip users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-arch/gzip-1.4\"\n \n\nAll ncompress users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-arch/ncompress-4.2.4.3\"\n \n\nAll liblzw users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/liblzw-0.2\"\n \n\nAll splashutils users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=media-gfx/splashutils-1.5.4.3-r3\"\n \n\nAll GNU M4 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-devel/m4-1.4.14-r1\"\n \n\nAll KDE Display Manager users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=kde-base/kdm-4.3.5-r1\"\n \n\nAll GTK+ users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-libs/gtk+-2.18.7\"\n \n\nAll KGet 4.3 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=kde-base/kget-4.3.5-r1\"\n \n\nAll dvipng users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/dvipng-1.13\"\n \n\nAll Beanstalk users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-misc/beanstalkd-1.4.6\"\n \n\nAll Policy Mount users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-apps/pmount-0.9.23\"\n \n\nAll pam_krb5 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-auth/pam_krb5-4.3\"\n \n\nAll GNU gv users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/gv-3.7.1\"\n \n\nAll LFTP users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-ftp/lftp-4.0.6\"\n \n\nAll Uzbl users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/uzbl-2010.08.05\"\n \n\nAll Slim users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-misc/slim-1.3.2\"\n \n\nAll iputils users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/iputils-20100418\"\n \n\nAll DVBStreamer users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-tv/dvbstreamer-1.1-r1\"\n \n\nGentoo has discontinued support for Bitdefender Console. We recommend that users unmerge Bitdefender Console: \n \n \n # emerge --unmerge \"app-antivirus/bitdefender-console\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures have been available since 2011. It is likely that your system is already no longer affected by these issues.", "edition": 1, "modified": "2014-12-11T00:00:00", "published": "2014-12-11T00:00:00", "id": "GLSA-201412-08", "href": "https://security.gentoo.org/glsa/201412-08", "type": "gentoo", "title": "Multiple packages, Multiple vulnerabilities fixed in 2010", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T18:11:51", "description": "BUGTRAQ ID: 39966\r\nCVE(CAN) ID: CVE-2010-1440\r\n\r\nTeX Live\u662f\u7528\u4e8e\u521b\u5efaTeX\u6392\u7248\u7cfb\u7edf\u7684\u5de5\u5177\u3002\r\n\r\nTeX Live\u7684dospecial.c\u6587\u4ef6\u4e2d\u7684bbdospecial()\u51fd\u6570\u4e2d\u5b58\u5728\u6700\u7ec8\u53ef\u5bfc\u81f4\u5806\u6ea2\u51fa\u7684\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u3002\u7528\u6237\u53d7\u9a97\u6253\u5f00\u4e86\u7578\u5f62\u7684.dvi\u6587\u4ef6\u5c31\u53ef\u4ee5\u89e6\u53d1\u8fd9\u4e2a\u6ea2\u51fa\uff0c\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n\nTeX Live 2009\r\nTeX Live 2008\r\nTeX Live 2007\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nRedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08RHSA-2010:0401-01\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nRHSA-2010:0401-01\uff1aModerate: tetex security update\r\n\u94fe\u63a5\uff1ahttps://www.redhat.com/support/errata/RHSA-2010-0401.html\r\n\r\nUbuntu\r\n------\r\nUbuntu\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08USN-937-1\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nUSN-937-1\uff1atexlive-bin vulnerabilities\r\n\u94fe\u63a5\uff1ahttp://www.ubuntu.com/usn/USN-937-1\r\n\r\nTeX Live\r\n--------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.tug.org/svn/texlive?view=revision&revision=18095", "published": "2010-05-12T00:00:00", "type": "seebug", "title": "Tex Live bbdospecial()\u51fd\u6570\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-1440"], "modified": "2010-05-12T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-19595", "id": "SSV:19595", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-11-19T18:11:55", "description": "BUGTRAQ ID: 39969\r\nCVE(CAN) ID: CVE-2010-0829\r\n\r\ndvipng\u662fTeX Live\u6240\u4f7f\u7528\u7684\u4eceDVI\u6587\u4ef6\u751f\u6210PNG\u6216GIF\u56fe\u5f62\u7684\u5de5\u5177\u3002\r\n \r\ndvipng\u5de5\u5177\u4e2d\u5b58\u5728\u591a\u4e2a\u6570\u7ec4\u7d22\u5f15\u9519\u8bef\u3002\u5728texlive-bin-2007.dfsg.2/build/source/texk/dvipng /draw.c\u6587\u4ef6\u4e2d\uff0cSetChar()\u51fd\u6570\u4f7f\u7528\u4e86\u53d7dvi\u6587\u4ef6\u7684\u521b\u5efa\u8005\u63a7\u5236\u7684\u7d22\u5f15\u5e76\u5c06\u5176\u7d22\u5f15\u5230\u4e86\u6570\u7ec4\u4e2d\u3002\u5982\u679c\u8d8a\u8fc7\u4e86\u6570\u7ec4\u7684\u8fb9\u754c\uff0c\u653b\u51fb\u8005\u5c31\u53ef\u4ee5\u8bbe\u7f6e\u6307\u5411\u4efb\u610f\u503c\u7684\u6307\u9488\uff0c\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\ntexlive-bin-2007.dfsg.2/build/source/texk/dvipng/vf.c\u6587\u4ef6\u4e2d\u7684SetVF()\u51fd\u6570\u548cset.c \u6587\u4ef6\u4e2d\u7684SetGlyph()\u51fd\u6570\u4e5f\u5b58\u5728\u7c7b\u4f3c\u7684\u95ee\u9898\u3002\n\nJan-Ake Larsson dvipng 1.12\r\nJan-Ake Larsson dvipng 1.11\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nRedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08RHSA-2010:0400-01\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nRHSA-2010:0400-01\uff1aModerate: tetex security update\r\n\u94fe\u63a5\uff1ahttps://www.redhat.com/support/errata/RHSA-2010-0400.html\r\n\r\nUbuntu\r\n------\r\nUbuntu\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08USN-936-1\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nUSN-936-1\uff1advipng vulnerability\r\n\u94fe\u63a5\uff1ahttp://www.ubuntu.com/usn/USN-936-1", "published": "2010-05-12T00:00:00", "type": "seebug", "title": "Tex Live dvipng\u5de5\u5177\u6570\u7ec4\u7d22\u5f15\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-0829"], "modified": "2010-05-12T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-19596", "id": "SSV:19596", "sourceData": "", "sourceHref": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-11-19T18:12:10", "description": "BUGTRAQ ID: 39500\r\nCVE(CAN) ID: CVE-2010-0739\r\n\r\nTeX Live\u662f\u7528\u4e8e\u521b\u5efaTeX\u6392\u7248\u7cfb\u7edf\u7684\u5de5\u5177\u3002\r\n\r\nTeX Live\u7684dospecial.c\u6587\u4ef6\u4e2d\u7684predospecial()\u51fd\u6570\u5728\u5904\u7406.dvi\u6587\u4ef6\u65f6\u5b58\u5728\u6700\u7ec8\u53ef\u5bfc\u81f4\u5806\u6ea2\u51fa\u7684\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u3002\u7528\u6237\u53d7\u9a97\u6253\u5f00\u4e86\u7578\u5f62\u7684.dvi\u6587\u4ef6\u5c31\u53ef\u4ee5\u89e6\u53d1\u8fd9\u4e2a\u6ea2\u51fa\uff0c\u5bfc\u81f4\u4ee5\u8fd0\u884c\u5e94\u7528\u7a0b\u5e8f\u7528\u6237\u7684\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n\nTeX Live 3.0\r\nTeX Live 2008\r\nTeX Live 2007\r\nTeX Live 2.0\r\nTeX Live 1.0\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nRedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08RHSA-2010:0401-01\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nRHSA-2010:0401-01\uff1aModerate: tetex security update\r\n\u94fe\u63a5\uff1ahttps://www.redhat.com/support/errata/RHSA-2010-0401.html\r\n\r\nUbuntu\r\n------\r\nUbuntu\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08USN-937-1\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nUSN-937-1\uff1atexlive-bin vulnerabilities\r\n\u94fe\u63a5\uff1ahttp://www.ubuntu.com/usn/USN-937-1\r\n\r\nTeX Live\r\n--------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-stable.git;a=blob;f=source/xapps-extra/tetex/texlive-CVE-2010-0739-int-overflow.patch", "published": "2010-05-12T00:00:00", "type": "seebug", "title": "TeX Live predospecial()\u51fd\u6570.dvi\u6587\u4ef6\u89e3\u6790\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-0739"], "modified": "2010-05-12T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-19597", "id": "SSV:19597", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2020-08-12T01:09:26", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0829"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2048-1 security@debian.org\nhttp://www.debian.org/security/ S\u00e9bastien Delafond\nMay 22, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : dvipng\nVulnerability : buffer overflow\nProblem type : remote (local)\nDebian-specific: no\nCVE Id : CVE-2010-0829\nDebian Bug : 580628\n\nDan Rosenberg discovered that in dvipng, a utility that converts DVI\nfiles to PNG graphics, several array index errors allow context-dependent\nattackers, via a specially crafted DVI file, to cause a denial of\nservice (crash of the application), and possibly arbitrary code \nexecution.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion dvipng_1.11-1+lenny1.\n\nFor the testing distribution (squeeze), this problem has been fixed in\nversion 1.13-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.13-1.\n\nWe recommend that you upgrade your dvipng package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/d/dvipng/dvipng_1.11-1+lenny1.dsc\n Size/MD5 checksum: 1247 5fd57a58d4a2ad2f181b40d62a82209b\n http://security.debian.org/pool/updates/main/d/dvipng/dvipng_1.11.orig.tar.gz\n Size/MD5 checksum: 167331 6afa95aec70e4c5934268cff0443f89c\n http://security.debian.org/pool/updates/main/d/dvipng/dvipng_1.11-1+lenny1.diff.gz\n Size/MD5 checksum: 5339 2571009cb2724cfe45b5fe94db251f0b\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/d/dvipng/dvipng_1.11-1+lenny1_alpha.deb\n Size/MD5 checksum: 93636 16b8ca63a96aecc12bd6e309c6a608f8\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/d/dvipng/dvipng_1.11-1+lenny1_amd64.deb\n Size/MD5 checksum: 87770 b07729747b5dcb1c933d97d1f94e90cc\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/d/dvipng/dvipng_1.11-1+lenny1_arm.deb\n Size/MD5 checksum: 85636 cc66a026f0689c667950fefa2eb29769\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/d/dvipng/dvipng_1.11-1+lenny1_armel.deb\n Size/MD5 checksum: 89092 3e96d086253f9f7fa56bb9ede4796ece\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/d/dvipng/dvipng_1.11-1+lenny1_hppa.deb\n Size/MD5 checksum: 92524 4f81645ecf4c52b1d7f7fc60c03db55d\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/d/dvipng/dvipng_1.11-1+lenny1_i386.deb\n Size/MD5 checksum: 84348 d4566ba776a65898e062fc236439dbef\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/d/dvipng/dvipng_1.11-1+lenny1_ia64.deb\n Size/MD5 checksum: 117128 03e4493aaa27aec9dd91794155259d2f\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/d/dvipng/dvipng_1.11-1+lenny1_mipsel.deb\n Size/MD5 checksum: 90266 ce828f225b7a34dd9ad28cf42fef53cf\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/d/dvipng/dvipng_1.11-1+lenny1_s390.deb\n Size/MD5 checksum: 90216 18cab555f94d090eb7bfdfe53afbbf6c\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/d/dvipng/dvipng_1.11-1+lenny1_sparc.deb\n Size/MD5 checksum: 85972 bfcdd63e7dfb2d87a0c4e15719d01a9c\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 6, "modified": "2010-05-23T17:46:36", "published": "2010-05-23T17:46:36", "id": "DEBIAN:DSA-2048-1:88701", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00091.html", "title": "[SECURITY] [DSA 2048-1] New dvipng packages fix arbitrary code execution", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:45:19", "bulletinFamily": "unix", "cvelist": ["CVE-2007-5935", "CVE-2009-0791", "CVE-2009-3609", "CVE-2010-0739", "CVE-2010-0827", "CVE-2010-1440"], "description": "teTeX is an implementation of TeX. TeX takes a text file and a set of\nformatting commands as input, and creates a typesetter-independent DeVice\nIndependent (DVI) file as output.\n\nA buffer overflow flaw was found in the way teTeX processed virtual font\nfiles when converting DVI files into PostScript. An attacker could create a\nmalicious DVI file that would cause the dvips executable to crash or,\npotentially, execute arbitrary code. (CVE-2010-0827)\n\nMultiple integer overflow flaws were found in the way teTeX processed\nspecial commands when converting DVI files into PostScript. An attacker\ncould create a malicious DVI file that would cause the dvips executable to\ncrash or, potentially, execute arbitrary code. (CVE-2010-0739,\nCVE-2010-1440)\n\nA stack-based buffer overflow flaw was found in the way teTeX processed DVI\nfiles containing HyperTeX references with long titles, when converting them\ninto PostScript. An attacker could create a malicious DVI file that would\ncause the dvips executable to crash. (CVE-2007-5935)\n\nteTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF)\nfile viewer, to allow adding images in PDF format to the generated PDF\ndocuments. The following issues affect Xpdf code:\n\nMultiple integer overflow flaws were found in Xpdf. If a local user\ngenerated a PDF file from a TeX document, referencing a specially-crafted\nPDF file, it would cause Xpdf to crash or, potentially, execute arbitrary\ncode with the privileges of the user running pdflatex. (CVE-2009-0791,\nCVE-2009-3609)\n\nAll users of tetex are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n", "modified": "2018-05-26T04:26:18", "published": "2010-05-06T04:00:00", "id": "RHSA-2010:0401", "href": "https://access.redhat.com/errata/RHSA-2010:0401", "type": "redhat", "title": "(RHSA-2010:0401) Moderate: tetex security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:44:41", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0146", "CVE-2009-0147", "CVE-2009-0166", "CVE-2009-0195", "CVE-2009-0791", "CVE-2009-0799", "CVE-2009-0800", "CVE-2009-1179", "CVE-2009-1180", "CVE-2009-1181", "CVE-2009-1182", "CVE-2009-1183", "CVE-2009-3608", "CVE-2009-3609", "CVE-2010-0739", "CVE-2010-0829", "CVE-2010-1440"], "description": "teTeX is an implementation of TeX. TeX takes a text file and a set of\nformatting commands as input, and creates a typesetter-independent DeVice\nIndependent (DVI) file as output.\n\nMultiple integer overflow flaws were found in the way teTeX processed\nspecial commands when converting DVI files into PostScript. An attacker\ncould create a malicious DVI file that would cause the dvips executable to\ncrash or, potentially, execute arbitrary code. (CVE-2010-0739,\nCVE-2010-1440)\n\nMultiple array index errors were found in the way teTeX converted DVI files\ninto the Portable Network Graphics (PNG) format. An attacker could create a\nmalicious DVI file that would cause the dvipng executable to crash.\n(CVE-2010-0829)\n\nteTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF)\nfile viewer, to allow adding images in PDF format to the generated PDF\ndocuments. The following issues affect Xpdf code:\n\nMultiple integer overflow flaws were found in Xpdf's JBIG2 decoder. If a\nlocal user generated a PDF file from a TeX document, referencing a\nspecially-crafted PDF file, it would cause Xpdf to crash or, potentially,\nexecute arbitrary code with the privileges of the user running pdflatex.\n(CVE-2009-0147, CVE-2009-1179)\n\nMultiple integer overflow flaws were found in Xpdf. If a local user\ngenerated a PDF file from a TeX document, referencing a specially-crafted\nPDF file, it would cause Xpdf to crash or, potentially, execute arbitrary\ncode with the privileges of the user running pdflatex. (CVE-2009-0791,\nCVE-2009-3608, CVE-2009-3609)\n\nA heap-based buffer overflow flaw was found in Xpdf's JBIG2 decoder. If a\nlocal user generated a PDF file from a TeX document, referencing a\nspecially-crafted PDF file, it would cause Xpdf to crash or, potentially,\nexecute arbitrary code with the privileges of the user running pdflatex.\n(CVE-2009-0195)\n\nMultiple buffer overflow flaws were found in Xpdf's JBIG2 decoder. If a\nlocal user generated a PDF file from a TeX document, referencing a\nspecially-crafted PDF file, it would cause Xpdf to crash or, potentially,\nexecute arbitrary code with the privileges of the user running pdflatex.\n(CVE-2009-0146, CVE-2009-1182)\n\nMultiple flaws were found in Xpdf's JBIG2 decoder that could lead to the\nfreeing of arbitrary memory. If a local user generated a PDF file from a\nTeX document, referencing a specially-crafted PDF file, it would cause\nXpdf to crash or, potentially, execute arbitrary code with the privileges\nof the user running pdflatex. (CVE-2009-0166, CVE-2009-1180)\n\nMultiple input validation flaws were found in Xpdf's JBIG2 decoder. If a\nlocal user generated a PDF file from a TeX document, referencing a\nspecially-crafted PDF file, it would cause Xpdf to crash or, potentially,\nexecute arbitrary code with the privileges of the user running pdflatex.\n(CVE-2009-0800)\n\nMultiple denial of service flaws were found in Xpdf's JBIG2 decoder. If a\nlocal user generated a PDF file from a TeX document, referencing a\nspecially-crafted PDF file, it would cause Xpdf to crash. (CVE-2009-0799,\nCVE-2009-1181, CVE-2009-1183)\n\nRed Hat would like to thank Braden Thomas and Drew Yao of the Apple Product\nSecurity team, Will Dormann of the CERT/CC, Alin Rad Pop of Secunia\nResearch, and Chris Rohlf, for responsibly reporting the Xpdf flaws.\n\nAll users of tetex are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n", "modified": "2017-09-08T11:49:27", "published": "2010-05-06T04:00:00", "id": "RHSA-2010:0400", "href": "https://access.redhat.com/errata/RHSA-2010:0400", "type": "redhat", "title": "(RHSA-2010:0400) Moderate: tetex security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:59", "bulletinFamily": "unix", "cvelist": ["CVE-2007-5935", "CVE-2009-0146", "CVE-2009-0147", "CVE-2009-0166", "CVE-2009-0195", "CVE-2009-0791", "CVE-2009-0799", "CVE-2009-0800", "CVE-2009-1179", "CVE-2009-1180", "CVE-2009-1181", "CVE-2009-1182", "CVE-2009-1183", "CVE-2009-3609", "CVE-2010-0739", "CVE-2010-0827", "CVE-2010-1440"], "description": "teTeX is an implementation of TeX. TeX takes a text file and a set of\nformatting commands as input, and creates a typesetter-independent DeVice\nIndependent (DVI) file as output.\n\nA buffer overflow flaw was found in the way teTeX processed virtual font\nfiles when converting DVI files into PostScript. An attacker could create a\nmalicious DVI file that would cause the dvips executable to crash or,\npotentially, execute arbitrary code. (CVE-2010-0827)\n\nMultiple integer overflow flaws were found in the way teTeX processed\nspecial commands when converting DVI files into PostScript. An attacker\ncould create a malicious DVI file that would cause the dvips executable to\ncrash or, potentially, execute arbitrary code. (CVE-2010-0739,\nCVE-2010-1440)\n\nA stack-based buffer overflow flaw was found in the way teTeX processed DVI\nfiles containing HyperTeX references with long titles, when converting them\ninto PostScript. An attacker could create a malicious DVI file that would\ncause the dvips executable to crash. (CVE-2007-5935)\n\nteTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF)\nfile viewer, to allow adding images in PDF format to the generated PDF\ndocuments. The following issues affect Xpdf code:\n\nMultiple integer overflow flaws were found in Xpdf's JBIG2 decoder. If a\nlocal user generated a PDF file from a TeX document, referencing a\nspecially-crafted PDF file, it would cause Xpdf to crash or, potentially,\nexecute arbitrary code with the privileges of the user running pdflatex.\n(CVE-2009-0147, CVE-2009-1179)\n\nMultiple integer overflow flaws were found in Xpdf. If a local user\ngenerated a PDF file from a TeX document, referencing a specially-crafted\nPDF file, it would cause Xpdf to crash or, potentially, execute arbitrary\ncode with the privileges of the user running pdflatex. (CVE-2009-0791,\nCVE-2009-3609)\n\nA heap-based buffer overflow flaw was found in Xpdf's JBIG2 decoder. If a\nlocal user generated a PDF file from a TeX document, referencing a\nspecially-crafted PDF file, it would cause Xpdf to crash or, potentially,\nexecute arbitrary code with the privileges of the user running pdflatex.\n(CVE-2009-0195)\n\nMultiple buffer overflow flaws were found in Xpdf's JBIG2 decoder. If a\nlocal user generated a PDF file from a TeX document, referencing a\nspecially-crafted PDF file, it would cause Xpdf to crash or, potentially,\nexecute arbitrary code with the privileges of the user running pdflatex.\n(CVE-2009-0146, CVE-2009-1182)\n\nMultiple flaws were found in Xpdf's JBIG2 decoder that could lead to the\nfreeing of arbitrary memory. If a local user generated a PDF file from a\nTeX document, referencing a specially-crafted PDF file, it would cause\nXpdf to crash or, potentially, execute arbitrary code with the privileges\nof the user running pdflatex. (CVE-2009-0166, CVE-2009-1180)\n\nMultiple input validation flaws were found in Xpdf's JBIG2 decoder. If a\nlocal user generated a PDF file from a TeX document, referencing a\nspecially-crafted PDF file, it would cause Xpdf to crash or, potentially,\nexecute arbitrary code with the privileges of the user running pdflatex.\n(CVE-2009-0800)\n\nMultiple denial of service flaws were found in Xpdf's JBIG2 decoder. If a\nlocal user generated a PDF file from a TeX document, referencing a\nspecially-crafted PDF file, it would cause Xpdf to crash. (CVE-2009-0799,\nCVE-2009-1181, CVE-2009-1183)\n\nRed Hat would like to thank Braden Thomas and Drew Yao of the Apple Product\nSecurity team, Will Dormann of the CERT/CC, and Alin Rad Pop of Secunia\nResearch, for responsibly reporting the Xpdf flaws.\n\nAll users of tetex are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n", "modified": "2017-09-08T11:58:52", "published": "2010-05-06T04:00:00", "id": "RHSA-2010:0399", "href": "https://access.redhat.com/errata/RHSA-2010:0399", "type": "redhat", "title": "(RHSA-2010:0399) Moderate: tetex security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:25:43", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0791", "CVE-2010-1440", "CVE-2010-0827", "CVE-2009-3609", "CVE-2010-0739", "CVE-2007-5935"], "description": "**CentOS Errata and Security Advisory** CESA-2010:0401\n\n\nteTeX is an implementation of TeX. TeX takes a text file and a set of\nformatting commands as input, and creates a typesetter-independent DeVice\nIndependent (DVI) file as output.\n\nA buffer overflow flaw was found in the way teTeX processed virtual font\nfiles when converting DVI files into PostScript. An attacker could create a\nmalicious DVI file that would cause the dvips executable to crash or,\npotentially, execute arbitrary code. (CVE-2010-0827)\n\nMultiple integer overflow flaws were found in the way teTeX processed\nspecial commands when converting DVI files into PostScript. An attacker\ncould create a malicious DVI file that would cause the dvips executable to\ncrash or, potentially, execute arbitrary code. (CVE-2010-0739,\nCVE-2010-1440)\n\nA stack-based buffer overflow flaw was found in the way teTeX processed DVI\nfiles containing HyperTeX references with long titles, when converting them\ninto PostScript. An attacker could create a malicious DVI file that would\ncause the dvips executable to crash. (CVE-2007-5935)\n\nteTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF)\nfile viewer, to allow adding images in PDF format to the generated PDF\ndocuments. The following issues affect Xpdf code:\n\nMultiple integer overflow flaws were found in Xpdf. If a local user\ngenerated a PDF file from a TeX document, referencing a specially-crafted\nPDF file, it would cause Xpdf to crash or, potentially, execute arbitrary\ncode with the privileges of the user running pdflatex. (CVE-2009-0791,\nCVE-2009-3609)\n\nAll users of tetex are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-May/028671.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-May/028672.html\n\n**Affected packages:**\ntetex\ntetex-afm\ntetex-doc\ntetex-dvips\ntetex-fonts\ntetex-latex\ntetex-xdvi\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0401.html", "edition": 4, "modified": "2010-05-07T22:13:32", "published": "2010-05-07T22:13:10", "href": "http://lists.centos.org/pipermail/centos-announce/2010-May/028671.html", "id": "CESA-2010:0401", "title": "tetex security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-20T18:28:08", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3608", "CVE-2009-1181", "CVE-2009-0791", "CVE-2009-1180", "CVE-2009-0195", "CVE-2010-0829", "CVE-2010-1440", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-3609", "CVE-2009-0147", "CVE-2010-0739", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "description": "**CentOS Errata and Security Advisory** CESA-2010:0400\n\n\nteTeX is an implementation of TeX. TeX takes a text file and a set of\nformatting commands as input, and creates a typesetter-independent DeVice\nIndependent (DVI) file as output.\n\nMultiple integer overflow flaws were found in the way teTeX processed\nspecial commands when converting DVI files into PostScript. An attacker\ncould create a malicious DVI file that would cause the dvips executable to\ncrash or, potentially, execute arbitrary code. (CVE-2010-0739,\nCVE-2010-1440)\n\nMultiple array index errors were found in the way teTeX converted DVI files\ninto the Portable Network Graphics (PNG) format. An attacker could create a\nmalicious DVI file that would cause the dvipng executable to crash.\n(CVE-2010-0829)\n\nteTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF)\nfile viewer, to allow adding images in PDF format to the generated PDF\ndocuments. The following issues affect Xpdf code:\n\nMultiple integer overflow flaws were found in Xpdf's JBIG2 decoder. If a\nlocal user generated a PDF file from a TeX document, referencing a\nspecially-crafted PDF file, it would cause Xpdf to crash or, potentially,\nexecute arbitrary code with the privileges of the user running pdflatex.\n(CVE-2009-0147, CVE-2009-1179)\n\nMultiple integer overflow flaws were found in Xpdf. If a local user\ngenerated a PDF file from a TeX document, referencing a specially-crafted\nPDF file, it would cause Xpdf to crash or, potentially, execute arbitrary\ncode with the privileges of the user running pdflatex. (CVE-2009-0791,\nCVE-2009-3608, CVE-2009-3609)\n\nA heap-based buffer overflow flaw was found in Xpdf's JBIG2 decoder. If a\nlocal user generated a PDF file from a TeX document, referencing a\nspecially-crafted PDF file, it would cause Xpdf to crash or, potentially,\nexecute arbitrary code with the privileges of the user running pdflatex.\n(CVE-2009-0195)\n\nMultiple buffer overflow flaws were found in Xpdf's JBIG2 decoder. If a\nlocal user generated a PDF file from a TeX document, referencing a\nspecially-crafted PDF file, it would cause Xpdf to crash or, potentially,\nexecute arbitrary code with the privileges of the user running pdflatex.\n(CVE-2009-0146, CVE-2009-1182)\n\nMultiple flaws were found in Xpdf's JBIG2 decoder that could lead to the\nfreeing of arbitrary memory. If a local user generated a PDF file from a\nTeX document, referencing a specially-crafted PDF file, it would cause\nXpdf to crash or, potentially, execute arbitrary code with the privileges\nof the user running pdflatex. (CVE-2009-0166, CVE-2009-1180)\n\nMultiple input validation flaws were found in Xpdf's JBIG2 decoder. If a\nlocal user generated a PDF file from a TeX document, referencing a\nspecially-crafted PDF file, it would cause Xpdf to crash or, potentially,\nexecute arbitrary code with the privileges of the user running pdflatex.\n(CVE-2009-0800)\n\nMultiple denial of service flaws were found in Xpdf's JBIG2 decoder. If a\nlocal user generated a PDF file from a TeX document, referencing a\nspecially-crafted PDF file, it would cause Xpdf to crash. (CVE-2009-0799,\nCVE-2009-1181, CVE-2009-1183)\n\nRed Hat would like to thank Braden Thomas and Drew Yao of the Apple Product\nSecurity team, Will Dormann of the CERT/CC, Alin Rad Pop of Secunia\nResearch, and Chris Rohlf, for responsibly reporting the Xpdf flaws.\n\nAll users of tetex are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-May/028699.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-May/028700.html\n\n**Affected packages:**\ntetex\ntetex-afm\ntetex-doc\ntetex-dvips\ntetex-fonts\ntetex-latex\ntetex-xdvi\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0400.html", "edition": 3, "modified": "2010-05-28T10:47:02", "published": "2010-05-28T10:47:02", "href": "http://lists.centos.org/pipermail/centos-announce/2010-May/028699.html", "id": "CESA-2010:0400", "title": "tetex security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:27:41", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1181", "CVE-2009-0791", "CVE-2009-1180", "CVE-2009-0195", "CVE-2010-1440", "CVE-2010-0827", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-3609", "CVE-2009-0147", "CVE-2010-0739", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2007-5935", "CVE-2009-1179"], "description": "**CentOS Errata and Security Advisory** CESA-2010:0399\n\n\nteTeX is an implementation of TeX. TeX takes a text file and a set of\nformatting commands as input, and creates a typesetter-independent DeVice\nIndependent (DVI) file as output.\n\nA buffer overflow flaw was found in the way teTeX processed virtual font\nfiles when converting DVI files into PostScript. An attacker could create a\nmalicious DVI file that would cause the dvips executable to crash or,\npotentially, execute arbitrary code. (CVE-2010-0827)\n\nMultiple integer overflow flaws were found in the way teTeX processed\nspecial commands when converting DVI files into PostScript. An attacker\ncould create a malicious DVI file that would cause the dvips executable to\ncrash or, potentially, execute arbitrary code. (CVE-2010-0739,\nCVE-2010-1440)\n\nA stack-based buffer overflow flaw was found in the way teTeX processed DVI\nfiles containing HyperTeX references with long titles, when converting them\ninto PostScript. An attacker could create a malicious DVI file that would\ncause the dvips executable to crash. (CVE-2007-5935)\n\nteTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF)\nfile viewer, to allow adding images in PDF format to the generated PDF\ndocuments. The following issues affect Xpdf code:\n\nMultiple integer overflow flaws were found in Xpdf's JBIG2 decoder. If a\nlocal user generated a PDF file from a TeX document, referencing a\nspecially-crafted PDF file, it would cause Xpdf to crash or, potentially,\nexecute arbitrary code with the privileges of the user running pdflatex.\n(CVE-2009-0147, CVE-2009-1179)\n\nMultiple integer overflow flaws were found in Xpdf. If a local user\ngenerated a PDF file from a TeX document, referencing a specially-crafted\nPDF file, it would cause Xpdf to crash or, potentially, execute arbitrary\ncode with the privileges of the user running pdflatex. (CVE-2009-0791,\nCVE-2009-3609)\n\nA heap-based buffer overflow flaw was found in Xpdf's JBIG2 decoder. If a\nlocal user generated a PDF file from a TeX document, referencing a\nspecially-crafted PDF file, it would cause Xpdf to crash or, potentially,\nexecute arbitrary code with the privileges of the user running pdflatex.\n(CVE-2009-0195)\n\nMultiple buffer overflow flaws were found in Xpdf's JBIG2 decoder. If a\nlocal user generated a PDF file from a TeX document, referencing a\nspecially-crafted PDF file, it would cause Xpdf to crash or, potentially,\nexecute arbitrary code with the privileges of the user running pdflatex.\n(CVE-2009-0146, CVE-2009-1182)\n\nMultiple flaws were found in Xpdf's JBIG2 decoder that could lead to the\nfreeing of arbitrary memory. If a local user generated a PDF file from a\nTeX document, referencing a specially-crafted PDF file, it would cause\nXpdf to crash or, potentially, execute arbitrary code with the privileges\nof the user running pdflatex. (CVE-2009-0166, CVE-2009-1180)\n\nMultiple input validation flaws were found in Xpdf's JBIG2 decoder. If a\nlocal user generated a PDF file from a TeX document, referencing a\nspecially-crafted PDF file, it would cause Xpdf to crash or, potentially,\nexecute arbitrary code with the privileges of the user running pdflatex.\n(CVE-2009-0800)\n\nMultiple denial of service flaws were found in Xpdf's JBIG2 decoder. If a\nlocal user generated a PDF file from a TeX document, referencing a\nspecially-crafted PDF file, it would cause Xpdf to crash. (CVE-2009-0799,\nCVE-2009-1181, CVE-2009-1183)\n\nRed Hat would like to thank Braden Thomas and Drew Yao of the Apple Product\nSecurity team, Will Dormann of the CERT/CC, and Alin Rad Pop of Secunia\nResearch, for responsibly reporting the Xpdf flaws.\n\nAll users of tetex are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-May/028673.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-May/028674.html\n\n**Affected packages:**\ntetex\ntetex-afm\ntetex-doc\ntetex-dvips\ntetex-fonts\ntetex-latex\ntetex-xdvi\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0399.html", "edition": 4, "modified": "2010-05-07T22:21:54", "published": "2010-05-07T22:21:31", "href": "http://lists.centos.org/pipermail/centos-announce/2010-May/028673.html", "id": "CESA-2010:0399", "title": "tetex security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:57", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0791", "CVE-2007-5936", "CVE-2010-1440", "CVE-2010-0827", "CVE-2009-3609", "CVE-2010-0739", "CVE-2007-5937", "CVE-2007-5935"], "description": "[1.0.7-67.19]\n- apply patch for CVE-2007-5935 in proper location\n[1.0.7-67.18]\n- add overflow check for CVE-2009-0791\n- unify pacthes for 2010-0739 and CVE-2010-1440\n[1.0.7-67.17]\n- fix version typos in the last changelog entries\n[1.0.7-67.16]\n- include limits.h for INT_MAX\n[1.0.7-67.15]\n- fix CVE-2009-0791 patch, xpdf in this old version doesn't know\n anything about GMEM_EXCEP\n[1.0.7-67.14]\n- add another hunk to CVE-2010-0827 patch to fix tfmload.c as well\n (https://bugzilla.redhat.com/show_bug.cgi?id=577322#c3)\n[1.0.7-67.13]\n- fix virtual fonts patch, CVE-2010-0827\n (https://bugzilla.redhat.com/show_bug.cgi?id=572914#c11)\n[1.0.7-67.12]\n- fix CVE-2007-5935 CVE-2007-5936 CVE-2007-5937 CVE-2009-0791 CVE-2009-3609\nCVE-2010-0739 CVE-2010-0827\nResolves: #577309", "edition": 4, "modified": "2010-05-06T00:00:00", "published": "2010-05-06T00:00:00", "id": "ELSA-2010-0401", "href": "http://linux.oracle.com/errata/ELSA-2010-0401.html", "title": "tetex security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:23", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3608", "CVE-2009-1181", "CVE-2009-0791", "CVE-2007-5936", "CVE-2009-1180", "CVE-2009-0195", "CVE-2010-0829", "CVE-2010-1440", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-3609", "CVE-2009-0147", "CVE-2010-0739", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2007-5937", "CVE-2009-1179"], "description": "[3.0-33.8.el5.5]\n- unify patches for CVE-2010-0739 and CVE-2010-1440\n[3.0-33.8.el5.4]\n- fix CVE-2010-1440 (#586819)\n[3.0-33.8.el5.3]\n- initialize data in arithmetic coder elsewhere (CVE-2009-0146)\n[3.0-33.8.el5.2]\n- initialize dataLen to properly fix CVE-2009-0146\n[3.0-33.8.el5.1]\n- fix CVE-2010-0739 CVE-2010-0829 CVE-2007-5936 CVE-2007-5937\nCVE-2009-0146 CVE-2009-0195 CVE-2009-0147 CVE-2009-0166 CVE-2009-0799\nCVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182\nCVE-2009-1183 CVE-2009-0791 CVE-2009-3608 CVE-2009-3609\nResolves: #577328 ", "edition": 4, "modified": "2010-05-06T00:00:00", "published": "2010-05-06T00:00:00", "id": "ELSA-2010-0400", "href": "http://linux.oracle.com/errata/ELSA-2010-0400.html", "title": "tetex security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:50", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1181", "CVE-2009-0791", "CVE-2007-5936", "CVE-2009-1180", "CVE-2009-0195", "CVE-2010-1440", "CVE-2010-0827", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-3609", "CVE-2009-0147", "CVE-2010-0739", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2007-5937", "CVE-2007-5935", "CVE-2009-1179"], "description": "[2.0.2-22.EL4.16]\n- fix last changelog entry\n[2.0.2-22.EL4.15]\n- unify patches for CVE-2010-0739 and CVE-2010-1440\n[2.0.2-22.EL4.14]\n- add missing check in the first hunk in Stream.cc for CVE-2009-0791\n[2.0.2-22.EL4.13]\n- add another hunk to CVE-2010-0827 patch to fix tfmload.c as well\n (https://bugzilla.redhat.com/show_bug.cgi?id=577322#c3)\n[2.0.2-22.0.1.EL4.12]\n- fix SELinux contexts after install\n[2.0.2-22.0.1.EL4.11]\n- fix CVE-2010-0827 CVE-2010-0739 CVE-2007-5935 CVE-2007-5936 CVE-2007-5937\nCVE-2009-0146 CVE-2009-0195 CVE-2009-0147 CVE-2009-0166 CVE-2009-0799\nCVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182\nCVE-2009-1183 CVE-2009-0791 CVE-2009-3609\nResolves: #577322", "edition": 4, "modified": "2010-05-06T00:00:00", "published": "2010-05-06T00:00:00", "id": "ELSA-2010-0399", "href": "http://linux.oracle.com/errata/ELSA-2010-0399.html", "title": "tetex security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
