DATABASE RESOURCES PRICING ABOUT US

{"id": "OPENVAS:1361412562310863374", "vendorId": null, "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for libpng10 FEDORA-2011-8844", "description": "The remote host is missing an update for the ", "published": "2011-07-27T00:00:00", "modified": "2019-03-15T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863374", "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "references": ["2011-8844", "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062970.html"], "cvelist": ["CVE-2004-0421", "CVE-2011-2501", "CVE-2011-2691", "CVE-2011-2692", "CVE-2011-2690"], "immutableFields": [], "lastseen": "2019-05-29T18:39:50", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "centos", "idList": ["CESA-2011:1103", "CESA-2011:1104"]}, {"type": "cert", "idList": ["VU:236656", "VU:286464", "VU:388984", "VU:477512", "VU:819894"]}, {"type": "cve", "idList": ["CVE-2004-0421", "CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2287-1:5F4DA", "DEBIAN:DSA-498-1:A2156", "DEBIAN:DSA-498-1:EC484"]}, {"type": "fedora", "idList": ["FEDORA:0EE21110EC4", "FEDORA:29B4E212B4", "FEDORA:2AA29110BC2", "FEDORA:335ED20E91", "FEDORA:40D5120B25", "FEDORA:42F6A21536", "FEDORA:493A6110E46", "FEDORA:4B73A20DD6", "FEDORA:859CD111310", "FEDORA:896DC21C43", "FEDORA:8B053110D38", "FEDORA:B9B2311090D", "FEDORA:D57F3110D31", "FEDORA:F316A1106C5"]}, {"type": "freebsd", "idList": ["3A408F6F-9C52-11D8-9366-0020ED76EF5A"]}, {"type": "gentoo", "idList": ["GLSA-200405-06", "GLSA-201206-15"]}, {"type": "ibm", "idList": ["231E423B28752DD6263DBEC8D8F06E8A6EC0C4DA14543D958731A02C8193E5EE"]}, {"type": "nessus", "idList": ["6039.PRM", "CENTOS_RHSA-2011-1103.NASL", "CENTOS_RHSA-2011-1104.NASL", "DEBIAN_DSA-2287.NASL", "DEBIAN_DSA-498.NASL", "EULEROS_SA-2019-1421.NASL", "FEDORA_2004-105.NASL", "FEDORA_2004-106.NASL", "FEDORA_2011-10928.NASL", "FEDORA_2011-10954.NASL", "FEDORA_2011-8844.NASL", "FEDORA_2011-8867.NASL", "FEDORA_2011-8868.NASL", "FEDORA_2011-8874.NASL", "FEDORA_2011-9336.NASL", "FEDORA_2011-9343.NASL", "FREEBSD_LIBPNG.NASL", "FREEBSD_PKG_3A408F6F9C5211D893660020ED76EF5A.NASL", "GENTOO_GLSA-200405-06.NASL", "GENTOO_GLSA-201206-15.NASL", "MACOSX_10_7_2.NASL", "MACOSX_SECUPD20040809.NASL", "MACOSX_SECUPD2011-006.NASL", "MACOSX_SECUPD2012-002.NASL", "MACOSX_VERSION.NASL", "MANDRAKE_MDKSA-2004-040.NASL", "MANDRAKE_MDKSA-2006-212.NASL", "MANDRAKE_MDKSA-2006-213.NASL", "MANDRIVA_MDVSA-2011-151.NASL", "ORACLELINUX_ELSA-2011-1103.NASL", "ORACLELINUX_ELSA-2011-1104.NASL", "ORACLELINUX_ELSA-2011-1105.NASL", "REDHAT-RHSA-2004-180.NASL", "REDHAT-RHSA-2011-1103.NASL", "REDHAT-RHSA-2011-1104.NASL", "REDHAT-RHSA-2011-1105.NASL", "SLACKWARE_SSA_2004-124-04.NASL", "SLACKWARE_SSA_2011-210-01.NASL", "SL_20110728_LIBPNG_ON_SL4_X.NASL", "SL_20110728_LIBPNG_ON_SL5_X.NASL", "SL_20110728_LIBPNG_ON_SL6_X.NASL", "SUSE9_12815.NASL", "SUSE_11_3_LIBPNG12-110802.NASL", "SUSE_11_3_LIBPNG14-110802.NASL", "SUSE_11_4_LIBPNG12-110802.NASL", "SUSE_11_4_LIBPNG14-110802.NASL", "SUSE_11_LIBPNG-DEVEL-110802.NASL", "SUSE_LIBPNG-7669.NASL", "SUSE_LIBPNG-7670.NASL", "UBUNTU_USN-1175-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310122114", "OPENVAS:1361412562310122124", "OPENVAS:136141256231053936", "OPENVAS:136141256231070060", "OPENVAS:136141256231071582", "OPENVAS:136141256231071955", "OPENVAS:1361412562310802336", "OPENVAS:1361412562310802794", "OPENVAS:1361412562310831474", "OPENVAS:1361412562310840714", "OPENVAS:1361412562310863361", "OPENVAS:1361412562310863364", "OPENVAS:1361412562310863367", "OPENVAS:1361412562310863372", "OPENVAS:1361412562310863389", "OPENVAS:1361412562310863465", "OPENVAS:1361412562310863468", "OPENVAS:1361412562310863755", "OPENVAS:1361412562310863758", "OPENVAS:1361412562310863981", "OPENVAS:1361412562310864125", "OPENVAS:1361412562310864136", "OPENVAS:1361412562310864175", "OPENVAS:1361412562310870460", "OPENVAS:1361412562310870461", "OPENVAS:1361412562310870603", "OPENVAS:1361412562310880957", "OPENVAS:1361412562310880989", "OPENVAS:1361412562310881259", "OPENVAS:1361412562310881382", "OPENVAS:1361412562311220191421", "OPENVAS:52428", "OPENVAS:53188", "OPENVAS:53936", "OPENVAS:54566", "OPENVAS:70060", "OPENVAS:71582", "OPENVAS:71955", "OPENVAS:802336", "OPENVAS:802794", "OPENVAS:831474", "OPENVAS:840714", "OPENVAS:863361", "OPENVAS:863364", "OPENVAS:863367", "OPENVAS:863372", "OPENVAS:863374", "OPENVAS:863389", "OPENVAS:863465", "OPENVAS:863468", "OPENVAS:863755", "OPENVAS:863758", "OPENVAS:863981", "OPENVAS:864125", "OPENVAS:864136", "OPENVAS:864175", "OPENVAS:870460", "OPENVAS:870461", "OPENVAS:870603", "OPENVAS:880957", "OPENVAS:880989", "OPENVAS:881259", "OPENVAS:881382"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-1103", "ELSA-2011-1104", "ELSA-2011-1105"]}, {"type": "osv", "idList": ["OSV:DSA-2287-1", "OSV:DSA-498"]}, {"type": "redhat", "idList": ["RHSA-2004:180", "RHSA-2011:1103", "RHSA-2011:1104", "RHSA-2011:1105"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:15126", "SECURITYVULNS:DOC:15127", "SECURITYVULNS:DOC:26714", "SECURITYVULNS:DOC:27155", "SECURITYVULNS:DOC:28164", "SECURITYVULNS:DOC:6146", "SECURITYVULNS:VULN:11816", "SECURITYVULNS:VULN:11973", "SECURITYVULNS:VULN:12425", "SECURITYVULNS:VULN:12518"]}, {"type": "slackware", "idList": ["SSA-2004-124-04", "SSA-2011-210-01"]}, {"type": "ubuntu", "idList": ["USN-1175-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2004-0421", "UB:CVE-2011-2501", "UB:CVE-2011-2690", "UB:CVE-2011-2691", "UB:CVE-2011-2692"]}, {"type": "veracode", "idList": ["VERACODE:24739", "VERACODE:24740", "VERACODE:24741"]}]}, "score": {"value": -0.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2011:1103", "CESA-2011:1104"]}, {"type": "cert", "idList": ["VU:819894"]}, {"type": "cve", "idList": ["CVE-2004-0421"]}, {"type": "debian", "idList": ["DEBIAN:DSA-498-1:EC484"]}, {"type": "fedora", "idList": ["FEDORA:8B053110D38"]}, {"type": "freebsd", "idList": ["3A408F6F-9C52-11D8-9366-0020ED76EF5A"]}, {"type": "gentoo", "idList": ["GLSA-201206-15"]}, {"type": "nessus", "idList": ["SL_20110728_LIBPNG_ON_SL5_X.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231070060", "OPENVAS:840714", "OPENVAS:863374", "OPENVAS:863389"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-1103", "ELSA-2011-1104", "ELSA-2011-1105"]}, {"type": "redhat", "idList": ["RHSA-2011:1103", "RHSA-2011:1104", "RHSA-2011:1105"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:27155"]}, {"type": "ubuntu", "idList": ["USN-1175-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2011-2692"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2004-0421", "epss": "0.014680000", "percentile": "0.847000000", "modified": "2023-03-15"}, {"cve": "CVE-2011-2501", "epss": "0.004890000", "percentile": "0.723910000", "modified": "2023-03-15"}, {"cve": "CVE-2011-2691", "epss": "0.012080000", "percentile": "0.830910000", "modified": "2023-03-15"}, {"cve": "CVE-2011-2692", "epss": "0.022870000", "percentile": "0.879340000", "modified": "2023-03-15"}, {"cve": "CVE-2011-2690", "epss": "0.008080000", "percentile": "0.791170000", "modified": "2023-03-15"}], "vulnersScore": -0.4}, "_state": {"dependencies": 1678916735, "score": 1683994806, "epss": 1678936357}, "_internal": {"score_hash": "869f89be801dd9e6315beb91e547c3da"}, "pluginID": "1361412562310863374", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libpng10 FEDORA-2011-8844\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062970.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863374\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-27 14:47:11 +0200 (Wed, 27 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-8844\");\n script_cve_id(\"CVE-2011-2501\", \"CVE-2004-0421\", \"CVE-2011-2690\", \"CVE-2011-2692\", \"CVE-2011-2691\");\n script_name(\"Fedora Update for libpng10 FEDORA-2011-8844\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libpng10'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"libpng10 on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng10\", rpm:\"libpng10~1.0.55~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks"}

{"fedora": [{"lastseen": "2020-12-21T08:17:50", "description": "The libpng10 package contains an old version of libpng, a library of functi ons for creating and manipulating PNG (Portable Network Graphics) image format files. This package is needed if you want to run binaries that were linked dynamic ally with libpng 1.0.x. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2011-07-23T02:05:12", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: libpng10-1.0.55-1.fc15", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0421", "CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692"], "modified": "2011-07-23T02:05:12", "id": "FEDORA:859CD111310", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5OAA6BGEG75F3LLQPJQLUF4BT5IRAUZG/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "description": "The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng should be installed if you need to manipulate PNG format image files. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2011-07-31T03:39:29", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: libpng-1.2.46-1.fc14", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0421", "CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692"], "modified": "2011-07-31T03:39:29", "id": "FEDORA:2AA29110BC2", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/K3NO2NS7RHNMUKZOQGGLQP5DA6RHGILX/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "description": "The libpng10 package contains an old version of libpng, a library of functi ons for creating and manipulating PNG (Portable Network Graphics) image format files. This package is needed if you want to run binaries that were linked dynamic ally with libpng 1.0.x. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2011-07-23T01:56:18", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: libpng10-1.0.55-1.fc14", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0421", "CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692"], "modified": "2011-07-23T01:56:18", "id": "FEDORA:D57F3110D31", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FWDS4WHSQ2OYHKYLVYXIQCD33MZSK4C6/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "description": "The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng should be installed if you need to manipulate PNG format image files. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2011-07-18T22:38:24", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: libpng-1.2.46-1.fc15", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0421", "CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692"], "modified": "2011-07-18T22:38:24", "id": "FEDORA:B9B2311090D", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2IFMNPJR7O5GI3WZ7PJT3LURNGCK3VOC/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "description": "The libpng10 package contains an old version of libpng, a library of functi ons for creating and manipulating PNG (Portable Network Graphics) image format files. This package is needed if you want to run binaries that were linked dynamic ally with libpng 1.0.x. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2012-02-28T09:59:31", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: libpng10-1.0.57-1.fc15", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0421", "CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2692", "CVE-2011-3026"], "modified": "2012-02-28T09:59:31", "id": "FEDORA:42F6A21536", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BL73JNWVFXFF32TISVKQZXMQS6UQQG6Z/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "description": "The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng should be installed if you need to manipulate PNG format image files. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2012-02-28T09:53:50", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: libpng-1.2.46-2.fc15", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692", "CVE-2011-3026"], "modified": "2012-02-28T09:53:50", "id": "FEDORA:29B4E212B4", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7FK454IINL2CVSRR624RTKEPVFAEB2RM/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "description": "MinGW Windows Libpng library. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2011-08-26T18:56:16", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: mingw32-libpng-1.4.8-1.fc15", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2692"], "modified": "2011-08-26T18:56:16", "id": "FEDORA:F316A1106C5", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LFPY2XGDXAQLDO3ZUG3KCSKKUOZR6K2P/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "description": "MinGW Windows Libpng library. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2011-08-26T19:00:14", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: mingw32-libpng-1.4.8-1.fc14", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2692"], "modified": "2011-08-26T19:00:14", "id": "FEDORA:0EE21110EC4", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TQR5VSYBHY24FAXPHQ4JZJMRW66X5WV6/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "description": "The libpng10 package contains an old version of libpng, a library of functi ons for creating and manipulating PNG (Portable Network Graphics) image format files. This package is needed if you want to run binaries that were linked dynamic ally with libpng 1.0.x. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2012-03-19T03:25:45", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: libpng10-1.0.58-1.fc15", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0421", "CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2692", "CVE-2011-3026", "CVE-2011-3045"], "modified": "2012-03-19T03:25:45", "id": "FEDORA:335ED20E91", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OU3YTA75BPPJYPDUBL2O3IHT7HW5QYKI/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "description": "The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng should be installed if you need to manipulate PNG format image files. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2012-03-31T03:24:05", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: libpng-1.2.48-1.fc15", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692", "CVE-2011-3026", "CVE-2011-3045"], "modified": "2012-03-31T03:24:05", "id": "FEDORA:896DC21C43", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WMJ5DWR6MJ52AWVWEAMQLVNIRES2XDNF/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "description": "MinGW Windows Libpng library. ", "cvss3": {}, "published": "2011-07-16T07:35:14", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: mingw32-libpng-1.4.3-3.fc15", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0421", "CVE-2011-2501"], "modified": "2011-07-16T07:35:14", "id": "FEDORA:493A6110E46", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WGWBG4S4IMPDRGUY7MC227R4TB6ONWX5/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "description": "MinGW Windows Libpng library. ", "cvss3": {}, "published": "2011-07-16T07:29:14", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: mingw32-libpng-1.4.3-2.fc14", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0421", "CVE-2011-2501"], "modified": "2011-07-16T07:29:14", "id": "FEDORA:8B053110D38", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6XDJFSV3F57Z4XBP2JCKSGJBE7GBHJRF/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "description": "The libpng10 package contains an old version of libpng, a library of functi ons for creating and manipulating PNG (Portable Network Graphics) image format files. This package is needed if you want to run binaries that were linked dynamic ally with libpng 1.0.x. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2012-04-08T03:28:41", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: libpng10-1.0.59-1.fc15", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0421", "CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2692", "CVE-2011-3026", "CVE-2011-3045", "CVE-2011-3048"], "modified": "2012-04-08T03:28:41", "id": "FEDORA:4B73A20DD6", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PXDGLOSG6JOWSLYPAWCLXEJCW2VEDDNW/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "description": "The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng should be installed if you need to manipulate PNG format image files. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2012-04-24T14:56:12", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: libpng-1.2.49-1.fc15", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692", "CVE-2011-3026", "CVE-2011-3045", "CVE-2011-3048"], "modified": "2012-04-24T14:56:12", "id": "FEDORA:40D5120B25", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KLVPNDJFLWEQEKELWSEUMAQ33N5RIWI7/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:39:55", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-07-27T00:00:00", "type": "openvas", "title": "Fedora Update for libpng10 FEDORA-2011-8867", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0421", "CVE-2011-2501", "CVE-2011-2691", "CVE-2011-2692", "CVE-2011-2690"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863372", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863372", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libpng10 FEDORA-2011-8867\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062934.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863372\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-27 14:47:11 +0200 (Wed, 27 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-8867\");\n script_cve_id(\"CVE-2011-2501\", \"CVE-2004-0421\", \"CVE-2011-2690\", \"CVE-2011-2691\", \"CVE-2011-2692\");\n script_name(\"Fedora Update for libpng10 FEDORA-2011-8867\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libpng10'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC14\");\n script_tag(name:\"affected\", value:\"libpng10 on Fedora 14\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng10\", rpm:\"libpng10~1.0.55~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:37", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-10-21T00:00:00", "type": "openvas", "title": "Mandriva Update for libpng MDVSA-2011:151 (libpng)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0421", "CVE-2011-2501", "CVE-2011-2691", "CVE-2011-2692", "CVE-2011-2690"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310831474", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831474", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for libpng MDVSA-2011:151 (libpng)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.mandriva.com/security-announce/2011-10/msg00026.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831474\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-21 16:31:29 +0200 (Fri, 21 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"MDVSA\", value:\"2011:151\");\n script_cve_id(\"CVE-2004-0421\", \"CVE-2011-2501\", \"CVE-2011-2690\", \"CVE-2011-2691\", \"CVE-2011-2692\");\n script_name(\"Mandriva Update for libpng MDVSA-2011:151 (libpng)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libpng'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(mes5|2010\\.1)\");\n script_tag(name:\"affected\", value:\"libpng on Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities has been discovered and corrected in libpng:\n\n The png_format_buffer function in pngerror.c in libpng allows\n remote attackers to cause a denial of service (application crash)\n via a crafted PNG image that triggers an out-of-bounds read during\n the copying of error-message data. NOTE: this vulnerability exists\n because of a CVE-2004-0421 regression (CVE-2011-2501).\n\n Buffer overflow in libpng, when used by an application that calls the\n png_rgb_to_gray function but not the png_set_expand function, allows\n remote attackers to overwrite memory with an arbitrary amount of data,\n and possibly have unspecified other impact, via a crafted PNG image\n (CVE-2011-2690).\n\n The png_err function in pngerror.c in libpng makes a function call\n using a NULL pointer argument instead of an empty-string argument,\n which allows remote attackers to cause a denial of service (application\n crash) via a crafted PNG image (CVE-2011-2691). NOTE: This does not\n affect the binary packages in Mandriva, but could affect users if\n PNG_NO_ERROR_TEXT is defined using the libpng-source-1.?.?? package.\n\n The png_handle_sCAL function in pngrutil.c in libpng does not properly\n handle invalid sCAL chunks, which allows remote attackers to cause\n a denial of service (memory corruption and application crash) or\n possibly have unspecified other impact via a crafted PNG image that\n triggers the reading of uninitialized memory (CVE-2011-2692).\n\n The updated packages have been patched to correct these issues.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng3\", rpm:\"libpng3~1.2.31~2.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.31~2.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-source\", rpm:\"libpng-source~1.2.31~2.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-static-devel\", rpm:\"libpng-static-devel~1.2.31~2.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.31~2.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64png3\", rpm:\"lib64png3~1.2.31~2.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64png-devel\", rpm:\"lib64png-devel~1.2.31~2.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64png-static-devel\", rpm:\"lib64png-static-devel~1.2.31~2.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng3\", rpm:\"libpng3~1.2.43~1.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.43~1.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-source\", rpm:\"libpng-source~1.2.43~1.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-static-devel\", rpm:\"libpng-static-devel~1.2.43~1.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.43~1.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64png3\", rpm:\"lib64png3~1.2.43~1.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64png-devel\", rpm:\"lib64png-devel~1.2.43~1.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64png-static-devel\", rpm:\"lib64png-static-devel~1.2.43~1.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:31", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-02T00:00:00", "type": "openvas", "title": "Fedora Update for libpng FEDORA-2011-9336", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0421", "CVE-2011-2501", "CVE-2011-2691", "CVE-2011-2692", "CVE-2011-2690"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863389", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863389", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libpng FEDORA-2011-9336\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863389\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-02 09:08:31 +0200 (Tue, 02 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-9336\");\n script_cve_id(\"CVE-2011-2501\", \"CVE-2011-2690\", \"CVE-2011-2691\", \"CVE-2011-2692\", \"CVE-2004-0421\");\n script_name(\"Fedora Update for libpng FEDORA-2011-9336\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libpng'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC14\");\n script_tag(name:\"affected\", value:\"libpng on Fedora 14\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.46~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:51", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-07-22T00:00:00", "type": "openvas", "title": "Fedora Update for libpng FEDORA-2011-9343", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0421", "CVE-2011-2501", "CVE-2011-2691", "CVE-2011-2692", "CVE-2011-2690"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863367", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863367", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libpng FEDORA-2011-9343\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062768.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863367\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-22 14:44:51 +0200 (Fri, 22 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-9343\");\n script_cve_id(\"CVE-2011-2501\", \"CVE-2011-2690\", \"CVE-2011-2691\", \"CVE-2011-2692\", \"CVE-2004-0421\");\n script_name(\"Fedora Update for libpng FEDORA-2011-9343\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libpng'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"libpng on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.46~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:55:54", "description": "Check for the Version of libpng", "cvss3": {}, "published": "2011-10-21T00:00:00", "type": "openvas", "title": "Mandriva Update for libpng MDVSA-2011:151 (libpng)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0421", "CVE-2011-2501", "CVE-2011-2691", "CVE-2011-2692", "CVE-2011-2690"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:831474", "href": "http://plugins.openvas.org/nasl.php?oid=831474", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for libpng MDVSA-2011:151 (libpng)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been discovered and corrected in libpng:\n\n The png_format_buffer function in pngerror.c in libpng allows\n remote attackers to cause a denial of service (application crash)\n via a crafted PNG image that triggers an out-of-bounds read during\n the copying of error-message data. NOTE: this vulnerability exists\n because of a CVE-2004-0421 regression (CVE-2011-2501).\n \n Buffer overflow in libpng, when used by an application that calls the\n png_rgb_to_gray function but not the png_set_expand function, allows\n remote attackers to overwrite memory with an arbitrary amount of data,\n and possibly have unspecified other impact, via a crafted PNG image\n (CVE-2011-2690).\n \n The png_err function in pngerror.c in libpng makes a function call\n using a NULL pointer argument instead of an empty-string argument,\n which allows remote attackers to cause a denial of service (application\n crash) via a crafted PNG image (CVE-2011-2691). NOTE: This does not\n affect the binary packages in Mandriva, but could affect users if\n PNG_NO_ERROR_TEXT is defined using the libpng-source-1.?.?? package.\n \n The png_handle_sCAL function in pngrutil.c in libpng does not properly\n handle invalid sCAL chunks, which allows remote attackers to cause\n a denial of service (memory corruption and application crash) or\n possibly have unspecified other impact via a crafted PNG image that\n triggers the reading of uninitialized memory (CVE-2011-2692).\n \n The updated packages have been patched to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"libpng on Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2011-10/msg00026.php\");\n script_id(831474);\n script_version(\"$Revision: 6570 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:06:35 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-21 16:31:29 +0200 (Fri, 21 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2011:151\");\n script_cve_id(\"CVE-2004-0421\", \"CVE-2011-2501\", \"CVE-2011-2690\", \"CVE-2011-2691\", \"CVE-2011-2692\");\n script_name(\"Mandriva Update for libpng MDVSA-2011:151 (libpng)\");\n\n script_summary(\"Check for the Version of libpng\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng3\", rpm:\"libpng3~1.2.31~2.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.31~2.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-source\", rpm:\"libpng-source~1.2.31~2.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-static-devel\", rpm:\"libpng-static-devel~1.2.31~2.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.31~2.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64png3\", rpm:\"lib64png3~1.2.31~2.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64png-devel\", rpm:\"lib64png-devel~1.2.31~2.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64png-static-devel\", rpm:\"lib64png-static-devel~1.2.31~2.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng3\", rpm:\"libpng3~1.2.43~1.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.43~1.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-source\", rpm:\"libpng-source~1.2.43~1.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-static-devel\", rpm:\"libpng-static-devel~1.2.43~1.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.43~1.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64png3\", rpm:\"lib64png3~1.2.43~1.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64png-devel\", rpm:\"lib64png-devel~1.2.43~1.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64png-static-devel\", rpm:\"lib64png-static-devel~1.2.43~1.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:25", "description": "Check for the Version of libpng", "cvss3": {}, "published": "2011-07-22T00:00:00", "type": "openvas", "title": "Fedora Update for libpng FEDORA-2011-9343", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0421", "CVE-2011-2501", "CVE-2011-2691", "CVE-2011-2692", "CVE-2011-2690"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863367", "href": "http://plugins.openvas.org/nasl.php?oid=863367", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libpng FEDORA-2011-9343\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libpng package contains a library of functions for creating and\n manipulating PNG (Portable Network Graphics) image format files. PNG\n is a bit-mapped graphics format similar to the GIF format. PNG was\n created to replace the GIF format, since GIF uses a patented data\n compression algorithm.\n\n Libpng should be installed if you need to manipulate PNG format image\n files.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"libpng on Fedora 15\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062768.html\");\n script_id(863367);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-22 14:44:51 +0200 (Fri, 22 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-9343\");\n script_cve_id(\"CVE-2011-2501\", \"CVE-2011-2690\", \"CVE-2011-2691\", \"CVE-2011-2692\", \"CVE-2004-0421\");\n script_name(\"Fedora Update for libpng FEDORA-2011-9343\");\n\n script_summary(\"Check for the Version of libpng\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.46~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:55", "description": "Check for the Version of libpng10", "cvss3": {}, "published": "2011-07-27T00:00:00", "type": "openvas", "title": "Fedora Update for libpng10 FEDORA-2011-8867", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0421", "CVE-2011-2501", "CVE-2011-2691", "CVE-2011-2692", "CVE-2011-2690"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863372", "href": "http://plugins.openvas.org/nasl.php?oid=863372", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libpng10 FEDORA-2011-8867\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libpng10 package contains an old version of libpng, a library of functions\n for creating and manipulating PNG (Portable Network Graphics) image format\n files.\n\n This package is needed if you want to run binaries that were linked dynamically\n with libpng 1.0.x.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"libpng10 on Fedora 14\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062934.html\");\n script_id(863372);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-27 14:47:11 +0200 (Wed, 27 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-8867\");\n script_cve_id(\"CVE-2011-2501\", \"CVE-2004-0421\", \"CVE-2011-2690\", \"CVE-2011-2691\", \"CVE-2011-2692\");\n script_name(\"Fedora Update for libpng10 FEDORA-2011-8867\");\n\n script_summary(\"Check for the Version of libpng10\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng10\", rpm:\"libpng10~1.0.55~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:39", "description": "Check for the Version of libpng10", "cvss3": {}, "published": "2011-07-27T00:00:00", "type": "openvas", "title": "Fedora Update for libpng10 FEDORA-2011-8844", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0421", "CVE-2011-2501", "CVE-2011-2691", "CVE-2011-2692", "CVE-2011-2690"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863374", "href": "http://plugins.openvas.org/nasl.php?oid=863374", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libpng10 FEDORA-2011-8844\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libpng10 package contains an old version of libpng, a library of functions\n for creating and manipulating PNG (Portable Network Graphics) image format\n files.\n\n This package is needed if you want to run binaries that were linked dynamically\n with libpng 1.0.x.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"libpng10 on Fedora 15\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062970.html\");\n script_id(863374);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-27 14:47:11 +0200 (Wed, 27 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-8844\");\n script_cve_id(\"CVE-2011-2501\", \"CVE-2004-0421\", \"CVE-2011-2690\", \"CVE-2011-2692\", \"CVE-2011-2691\");\n script_name(\"Fedora Update for libpng10 FEDORA-2011-8844\");\n\n script_summary(\"Check for the Version of libpng10\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng10\", rpm:\"libpng10~1.0.55~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:20", "description": "Check for the Version of libpng", "cvss3": {}, "published": "2011-08-02T00:00:00", "type": "openvas", "title": "Fedora Update for libpng FEDORA-2011-9336", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0421", "CVE-2011-2501", "CVE-2011-2691", "CVE-2011-2692", "CVE-2011-2690"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863389", "href": "http://plugins.openvas.org/nasl.php?oid=863389", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libpng FEDORA-2011-9336\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libpng package contains a library of functions for creating and\n manipulating PNG (Portable Network Graphics) image format files. PNG\n is a bit-mapped graphics format similar to the GIF format. PNG was\n created to replace the GIF format, since GIF uses a patented data\n compression algorithm.\n\n Libpng should be installed if you need to manipulate PNG format image\n files.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"libpng on Fedora 14\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html\");\n script_id(863389);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-02 09:08:31 +0200 (Tue, 02 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-9336\");\n script_cve_id(\"CVE-2011-2501\", \"CVE-2011-2690\", \"CVE-2011-2691\", \"CVE-2011-2692\", \"CVE-2004-0421\");\n script_name(\"Fedora Update for libpng FEDORA-2011-9336\");\n\n script_summary(\"Check for the Version of libpng\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.46~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:57:48", "description": "Check for the Version of libpng", "cvss3": {}, "published": "2012-07-09T00:00:00", "type": "openvas", "title": "RedHat Update for libpng RHSA-2011:1105-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0421", "CVE-2011-2501", "CVE-2011-2692", "CVE-2011-2690"], "modified": "2017-12-29T00:00:00", "id": "OPENVAS:870603", "href": "http://plugins.openvas.org/nasl.php?oid=870603", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for libpng RHSA-2011:1105-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libpng packages contain a library of functions for creating and\n manipulating PNG (Portable Network Graphics) image format files.\n\n A buffer overflow flaw was found in the way libpng processed certain PNG\n image files. An attacker could create a specially-crafted PNG image that,\n when opened, could cause an application using libpng to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n the application. (CVE-2011-2690)\n\n Note: The application behavior required to exploit CVE-2011-2690 is rarely\n used. No application shipped with Red Hat Enterprise Linux behaves this\n way, for example.\n\n An out-of-bounds memory read flaw was found in the way libpng processed\n certain PNG image files. An attacker could create a specially-crafted PNG\n image that, when opened, could cause an application using libpng to crash.\n (CVE-2011-2501)\n\n An uninitialized memory read issue was found in the way libpng processed\n certain PNG images that use the Physical Scale (sCAL) extension. An\n attacker could create a specially-crafted PNG image that, when opened,\n could cause an application using libpng to crash. (CVE-2011-2692)\n\n Users of libpng should upgrade to these updated packages, which upgrade\n libpng to version 1.2.46 to correct these issues. All running applications\n using libpng must be restarted for the update to take effect.\";\n\ntag_affected = \"libpng on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-July/msg00036.html\");\n script_id(870603);\n script_version(\"$Revision: 8257 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:32:50 +0530 (Mon, 09 Jul 2012)\");\n script_cve_id(\"CVE-2011-2501\", \"CVE-2011-2690\", \"CVE-2011-2692\", \"CVE-2004-0421\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2011:1105-01\");\n script_name(\"RedHat Update for libpng RHSA-2011:1105-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libpng\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.46~1.el6_1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-debuginfo\", rpm:\"libpng-debuginfo~1.2.46~1.el6_1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.46~1.el6_1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:10", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-09T00:00:00", "type": "openvas", "title": "RedHat Update for libpng RHSA-2011:1105-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0421", "CVE-2011-2501", "CVE-2011-2692", "CVE-2011-2690"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870603", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870603", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for libpng RHSA-2011:1105-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-July/msg00036.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870603\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:32:50 +0530 (Mon, 09 Jul 2012)\");\n script_cve_id(\"CVE-2011-2501\", \"CVE-2011-2690\", \"CVE-2011-2692\", \"CVE-2004-0421\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"RHSA\", value:\"2011:1105-01\");\n script_name(\"RedHat Update for libpng RHSA-2011:1105-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libpng'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"libpng on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The libpng packages contain a library of functions for creating and\n manipulating PNG (Portable Network Graphics) image format files.\n\n A buffer overflow flaw was found in the way libpng processed certain PNG\n image files. An attacker could create a specially-crafted PNG image that,\n when opened, could cause an application using libpng to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n the application. (CVE-2011-2690)\n\n Note: The application behavior required to exploit CVE-2011-2690 is rarely\n used. No application shipped with Red Hat Enterprise Linux behaves this\n way, for example.\n\n An out-of-bounds memory read flaw was found in the way libpng processed\n certain PNG image files. An attacker could create a specially-crafted PNG\n image that, when opened, could cause an application using libpng to crash.\n (CVE-2011-2501)\n\n An uninitialized memory read issue was found in the way libpng processed\n certain PNG images that use the Physical Scale (sCAL) extension. An\n attacker could create a specially-crafted PNG image that, when opened,\n could cause an application using libpng to crash. (CVE-2011-2692)\n\n Users of libpng should upgrade to these updated packages, which upgrade\n libpng to version 1.2.46 to correct these issues. All running applications\n using libpng must be restarted for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.46~1.el6_1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-debuginfo\", rpm:\"libpng-debuginfo~1.2.46~1.el6_1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.46~1.el6_1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:55:28", "description": "The remote host is missing an update to libpng\nannounced via advisory DSA 2287-1.", "cvss3": {}, "published": "2011-08-07T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2287-1 (libpng)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2501", "CVE-2011-2691", "CVE-2011-2692", "CVE-2011-2690"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:70060", "href": "http://plugins.openvas.org/nasl.php?oid=70060", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2287_1.nasl 6613 2017-07-07 12:08:40Z cfischer $\n# Description: Auto-generated from advisory DSA 2287-1 (libpng)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The PNG library libpng has been affected by several vulnerabilities. The\nmost critical one is the identified as CVE-2011-2690. Using this\nvulnerability, an attacker is able to overwrite memory with an\narbitrary amount of data controlled by her via a crafted PNG image.\n\nThe other vulnerabilities are less critical and allow an attacker to\ncause a crash in the program (denial of service) via a crafted PNG\nimage.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.2.27-2+lenny5. Due to a technical limitation in the Debian\narchive processing scripts, the updated packages cannot be released\nin parallel with the packages for Squeeze. They will appear shortly.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.44-1+squeeze1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.2.46-1.\n\nWe recommend that you upgrade your libpng packages.\";\ntag_summary = \"The remote host is missing an update to libpng\nannounced via advisory DSA 2287-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202287-1\";\n\n\nif(description)\n{\n script_id(70060);\n script_version(\"$Revision: 6613 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:40 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-07 17:37:07 +0200 (Sun, 07 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-2501\", \"CVE-2011-2690\", \"CVE-2011-2691\", \"CVE-2011-2692\");\n script_name(\"Debian Security Advisory DSA 2287-1 (libpng)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libpng12-0\", ver:\"1.2.27-2+lenny5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpng12-0-udeb\", ver:\"1.2.27-2+lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpng12-dev\", ver:\"1.2.27-2+lenny5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpng3\", ver:\"1.2.27-2+lenny5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpng12-0\", ver:\"1.2.44-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpng12-0-udeb\", ver:\"1.2.44-1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpng12-dev\", ver:\"1.2.44-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpng3\", ver:\"1.2.44-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:24", "description": "The remote host is missing an update to libpng\nannounced via advisory DSA 2287-1.", "cvss3": {}, "published": "2011-08-07T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2287-1 (libpng)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2501", "CVE-2011-2691", "CVE-2011-2692", "CVE-2011-2690"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:136141256231070060", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070060", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2287_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2287-1 (libpng)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70060\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-07 17:37:07 +0200 (Sun, 07 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-2501\", \"CVE-2011-2690\", \"CVE-2011-2691\", \"CVE-2011-2692\");\n script_name(\"Debian Security Advisory DSA 2287-1 (libpng)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(5|6)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202287-1\");\n script_tag(name:\"insight\", value:\"The PNG library libpng has been affected by several vulnerabilities. The\nmost critical one is the identified as CVE-2011-2690. Using this\nvulnerability, an attacker is able to overwrite memory with an\narbitrary amount of data controlled by her via a crafted PNG image.\n\nThe other vulnerabilities are less critical and allow an attacker to\ncause a crash in the program (denial of service) via a crafted PNG\nimage.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.2.27-2+lenny5. Due to a technical limitation in the Debian\narchive processing scripts, the updated packages cannot be released\nin parallel with the packages for Squeeze. They will appear shortly.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.44-1+squeeze1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.2.46-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your libpng packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to libpng\nannounced via advisory DSA 2287-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libpng12-0\", ver:\"1.2.27-2+lenny5\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpng12-0-udeb\", ver:\"1.2.27-2+lenny4\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpng12-dev\", ver:\"1.2.27-2+lenny5\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpng3\", ver:\"1.2.27-2+lenny5\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpng12-0\", ver:\"1.2.44-1+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpng12-0-udeb\", ver:\"1.2.44-1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpng12-dev\", ver:\"1.2.44-1+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpng3\", ver:\"1.2.44-1+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-22T17:05:25", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-03-07T00:00:00", "type": "openvas", "title": "Fedora Update for libpng10 FEDORA-2012-2008", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026", "CVE-2004-0421", "CVE-2011-2501", "CVE-2011-2691", "CVE-2011-2692", "CVE-2011-2690"], "modified": "2020-04-21T00:00:00", "id": "OPENVAS:1361412562310863758", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863758", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libpng10 FEDORA-2012-2008\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-February/073754.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863758\");\n script_version(\"2020-04-21T06:28:23+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 06:28:23 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-03-07 11:17:27 +0530 (Wed, 07 Mar 2012)\");\n script_cve_id(\"CVE-2011-3026\", \"CVE-2011-2501\", \"CVE-2004-0421\", \"CVE-2011-2691\", \"CVE-2011-2690\", \"CVE-2011-2692\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-2008\");\n script_name(\"Fedora Update for libpng10 FEDORA-2012-2008\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libpng10'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"libpng10 on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng10\", rpm:\"libpng10~1.0.57~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-08T12:56:15", "description": "Check for the Version of libpng10", "cvss3": {}, "published": "2012-03-07T00:00:00", "type": "openvas", "title": "Fedora Update for libpng10 FEDORA-2012-2008", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026", "CVE-2004-0421", "CVE-2011-2501", "CVE-2011-2691", "CVE-2011-2692", "CVE-2011-2690"], "modified": "2018-01-08T00:00:00", "id": "OPENVAS:863758", "href": "http://plugins.openvas.org/nasl.php?oid=863758", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libpng10 FEDORA-2012-2008\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libpng10 package contains an old version of libpng, a library of functions\n for creating and manipulating PNG (Portable Network Graphics) image format\n files.\n\n This package is needed if you want to run binaries that were linked dynamically\n with libpng 1.0.x.\";\n\ntag_affected = \"libpng10 on Fedora 15\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-February/073754.html\");\n script_id(863758);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-07 11:17:27 +0530 (Wed, 07 Mar 2012)\");\n script_cve_id(\"CVE-2011-3026\", \"CVE-2011-2501\", \"CVE-2004-0421\", \"CVE-2011-2691\", \"CVE-2011-2690\", \"CVE-2011-2692\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-2008\");\n script_name(\"Fedora Update for libpng10 FEDORA-2012-2008\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libpng10\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng10\", rpm:\"libpng10~1.0.57~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-04-22T17:05:03", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for libpng10 FEDORA-2012-3536", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026", "CVE-2004-0421", "CVE-2011-2501", "CVE-2011-2691", "CVE-2011-3045", "CVE-2011-2692", "CVE-2011-2690"], "modified": "2020-04-21T00:00:00", "id": "OPENVAS:1361412562310863981", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863981", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libpng10 FEDORA-2012-3536\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075987.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863981\");\n script_version(\"2020-04-21T06:28:23+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 06:28:23 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:42:28 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-3045\", \"CVE-2011-3026\", \"CVE-2011-2501\", \"CVE-2004-0421\",\n \"CVE-2011-2691\", \"CVE-2011-2690\", \"CVE-2011-2692\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-3536\");\n script_name(\"Fedora Update for libpng10 FEDORA-2012-3536\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libpng10'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"libpng10 on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng10\", rpm:\"libpng10~1.0.58~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-11T11:07:25", "description": "Check for the Version of libpng10", "cvss3": {}, "published": "2012-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for libpng10 FEDORA-2012-3536", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026", "CVE-2004-0421", "CVE-2011-2501", "CVE-2011-2691", "CVE-2011-3045", "CVE-2011-2692", "CVE-2011-2690"], "modified": "2018-01-09T00:00:00", "id": "OPENVAS:863981", "href": "http://plugins.openvas.org/nasl.php?oid=863981", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libpng10 FEDORA-2012-3536\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libpng10 package contains an old version of libpng, a library of functions\n for creating and manipulating PNG (Portable Network Graphics) image format\n files.\n\n This package is needed if you want to run binaries that were linked dynamically\n with libpng 1.0.x.\";\n\ntag_affected = \"libpng10 on Fedora 15\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075987.html\");\n script_id(863981);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:42:28 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-3045\", \"CVE-2011-3026\", \"CVE-2011-2501\", \"CVE-2004-0421\",\n \"CVE-2011-2691\", \"CVE-2011-2690\", \"CVE-2011-2692\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-3536\");\n script_name(\"Fedora Update for libpng10 FEDORA-2012-3536\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libpng10\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng10\", rpm:\"libpng10~1.0.58~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-04-22T17:06:38", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-03-07T00:00:00", "type": "openvas", "title": "Fedora Update for libpng FEDORA-2012-1930", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026", "CVE-2011-2501", "CVE-2011-2691", "CVE-2011-2692", "CVE-2011-2690"], "modified": "2020-04-21T00:00:00", "id": "OPENVAS:1361412562310863755", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863755", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libpng FEDORA-2012-1930\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-February/073736.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863755\");\n script_version(\"2020-04-21T06:28:23+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 06:28:23 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-03-07 11:16:06 +0530 (Wed, 07 Mar 2012)\");\n script_cve_id(\"CVE-2011-3026\", \"CVE-2011-2501\", \"CVE-2011-2690\", \"CVE-2011-2691\", \"CVE-2011-2692\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-1930\");\n script_name(\"Fedora Update for libpng FEDORA-2012-1930\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libpng'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"libpng on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.46~2.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-02T10:58:26", "description": "Check for the Version of libpng", "cvss3": {}, "published": "2012-03-07T00:00:00", "type": "openvas", "title": "Fedora Update for libpng FEDORA-2012-1930", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026", "CVE-2011-2501", "CVE-2011-2691", "CVE-2011-2692", "CVE-2011-2690"], "modified": "2018-01-01T00:00:00", "id": "OPENVAS:863755", "href": "http://plugins.openvas.org/nasl.php?oid=863755", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libpng FEDORA-2012-1930\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libpng package contains a library of functions for creating and\n manipulating PNG (Portable Network Graphics) image format files. PNG\n is a bit-mapped graphics format similar to the GIF format. PNG was\n created to replace the GIF format, since GIF uses a patented data\n compression algorithm.\n\n Libpng should be installed if you need to manipulate PNG format image\n files.\";\n\ntag_affected = \"libpng on Fedora 15\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-February/073736.html\");\n script_id(863755);\n script_version(\"$Revision: 8265 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 07:29:23 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-07 11:16:06 +0530 (Wed, 07 Mar 2012)\");\n script_cve_id(\"CVE-2011-3026\", \"CVE-2011-2501\", \"CVE-2011-2690\", \"CVE-2011-2691\", \"CVE-2011-2692\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-1930\");\n script_name(\"Fedora Update for libpng FEDORA-2012-1930\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libpng\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.46~2.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:54", "description": "Oracle Linux Local Security Checks ELSA-2011-1105", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-1105", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2501", "CVE-2011-2692", "CVE-2011-2690"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122124", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122124", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-1105.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122124\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:13:28 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-1105\");\n script_tag(name:\"insight\", value:\"ELSA-2011-1105 - libpng security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-1105\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-1105.html\");\n script_cve_id(\"CVE-2011-2501\", \"CVE-2011-2690\", \"CVE-2011-2692\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.46~1.el6_1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.46~1.el6_1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libpng-static\", rpm:\"libpng-static~1.2.46~1.el6_1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:41", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1175-1", "cvss3": {}, "published": "2011-08-02T00:00:00", "type": "openvas", "title": "Ubuntu Update for libpng USN-1175-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2501", "CVE-2011-2692", "CVE-2011-2690"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840714", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840714", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1175_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for libpng USN-1175-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1175-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840714\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-02 09:08:31 +0200 (Tue, 02 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"USN\", value:\"1175-1\");\n script_cve_id(\"CVE-2011-2501\", \"CVE-2011-2690\", \"CVE-2011-2692\");\n script_name(\"Ubuntu Update for libpng USN-1175-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.10|10\\.04 LTS|11\\.04|8\\.04 LTS)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1175-1\");\n script_tag(name:\"affected\", value:\"libpng on Ubuntu 11.04,\n Ubuntu 10.10,\n Ubuntu 10.04 LTS,\n Ubuntu 8.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Frank Busse discovered that libpng did not properly handle certain\n malformed PNG images. If a user or automated system were tricked into\n opening a crafted PNG file, an attacker could cause libpng to crash,\n resulting in a denial of service. This issue only affected Ubuntu\n 10.04 LTS, 10.10, and 11.04. (CVE-2011-2501)\n\n It was discovered that libpng did not properly handle certain malformed PNG\n images. If a user or automated system were tricked into opening a crafted\n PNG file, an attacker could cause a denial of service or possibly execute\n arbitrary code with the privileges of the user invoking the program.\n (CVE-2011-2690)\n\n Frank Busse discovered that libpng did not properly handle certain PNG\n images with invalid sCAL chunks. If a user or automated system were tricked\n into opening a crafted PNG file, an attacker could cause a denial of\n service or possibly execute arbitrary code with the privileges of the user\n invoking the program. (CVE-2011-2692)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libpng12-0\", ver:\"1.2.44-1ubuntu0.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libpng12-0\", ver:\"1.2.42-1ubuntu2.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libpng12-0\", ver:\"1.2.44-1ubuntu3.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libpng12-0\", ver:\"1.2.15~beta5-3ubuntu0.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-12-04T11:27:37", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1175-1", "cvss3": {}, "published": "2011-08-02T00:00:00", "type": "openvas", "title": "Ubuntu Update for libpng USN-1175-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2501", "CVE-2011-2692", "CVE-2011-2690"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840714", "href": "http://plugins.openvas.org/nasl.php?oid=840714", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1175_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for libpng USN-1175-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Frank Busse discovered that libpng did not properly handle certain\n malformed PNG images. If a user or automated system were tricked into\n opening a crafted PNG file, an attacker could cause libpng to crash,\n resulting in a denial of service. This issue only affected Ubuntu\n 10.04 LTS, 10.10, and 11.04. (CVE-2011-2501)\n\n It was discovered that libpng did not properly handle certain malformed PNG\n images. If a user or automated system were tricked into opening a crafted\n PNG file, an attacker could cause a denial of service or possibly execute\n arbitrary code with the privileges of the user invoking the program.\n (CVE-2011-2690)\n \n Frank Busse discovered that libpng did not properly handle certain PNG\n images with invalid sCAL chunks. If a user or automated system were tricked\n into opening a crafted PNG file, an attacker could cause a denial of\n service or possibly execute arbitrary code with the privileges of the user\n invoking the program. (CVE-2011-2692)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1175-1\";\ntag_affected = \"libpng on Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS ,\n Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1175-1/\");\n script_id(840714);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-02 09:08:31 +0200 (Tue, 02 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"1175-1\");\n script_cve_id(\"CVE-2011-2501\", \"CVE-2011-2690\", \"CVE-2011-2692\");\n script_name(\"Ubuntu Update for libpng USN-1175-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libpng12-0\", ver:\"1.2.44-1ubuntu0.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libpng12-0\", ver:\"1.2.42-1ubuntu2.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libpng12-0\", ver:\"1.2.44-1ubuntu3.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libpng12-0\", ver:\"1.2.15~beta5-3ubuntu0.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:26", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-31T00:00:00", "type": "openvas", "title": "Fedora Update for mingw32-libpng FEDORA-2011-10928", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2501", "CVE-2011-2692", "CVE-2011-2690"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863468", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863468", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw32-libpng FEDORA-2011-10928\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064528.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863468\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-31 10:37:30 +0200 (Wed, 31 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-10928\");\n script_cve_id(\"CVE-2011-2690\", \"CVE-2011-2692\", \"CVE-2011-2501\");\n script_name(\"Fedora Update for mingw32-libpng FEDORA-2011-10928\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw32-libpng'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"mingw32-libpng on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw32-libpng\", rpm:\"mingw32-libpng~1.4.8~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:34", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-31T00:00:00", "type": "openvas", "title": "Fedora Update for mingw32-libpng FEDORA-2011-10954", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2501", "CVE-2011-2692", "CVE-2011-2690"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863465", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863465", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw32-libpng FEDORA-2011-10954\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064547.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863465\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-31 10:37:30 +0200 (Wed, 31 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-10954\");\n script_cve_id(\"CVE-2011-2690\", \"CVE-2011-2692\", \"CVE-2011-2501\");\n script_name(\"Fedora Update for mingw32-libpng FEDORA-2011-10954\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw32-libpng'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC14\");\n script_tag(name:\"affected\", value:\"mingw32-libpng on Fedora 14\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw32-libpng\", rpm:\"mingw32-libpng~1.4.8~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:55:31", "description": "Check for the Version of mingw32-libpng", "cvss3": {}, "published": "2011-08-31T00:00:00", "type": "openvas", "title": "Fedora Update for mingw32-libpng FEDORA-2011-10928", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2501", "CVE-2011-2692", "CVE-2011-2690"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863468", "href": "http://plugins.openvas.org/nasl.php?oid=863468", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw32-libpng FEDORA-2011-10928\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mingw32-libpng on Fedora 15\";\ntag_insight = \"MinGW Windows Libpng library.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064528.html\");\n script_id(863468);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-31 10:37:30 +0200 (Wed, 31 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-10928\");\n script_cve_id(\"CVE-2011-2690\", \"CVE-2011-2692\", \"CVE-2011-2501\");\n script_name(\"Fedora Update for mingw32-libpng FEDORA-2011-10928\");\n\n script_summary(\"Check for the Version of mingw32-libpng\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw32-libpng\", rpm:\"mingw32-libpng~1.4.8~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:20", "description": "Check for the Version of mingw32-libpng", "cvss3": {}, "published": "2011-08-31T00:00:00", "type": "openvas", "title": "Fedora Update for mingw32-libpng FEDORA-2011-10954", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2501", "CVE-2011-2692", "CVE-2011-2690"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863465", "href": "http://plugins.openvas.org/nasl.php?oid=863465", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw32-libpng FEDORA-2011-10954\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mingw32-libpng on Fedora 14\";\ntag_insight = \"MinGW Windows Libpng library.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064547.html\");\n script_id(863465);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-31 10:37:30 +0200 (Wed, 31 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-10954\");\n script_cve_id(\"CVE-2011-2690\", \"CVE-2011-2692\", \"CVE-2011-2501\");\n script_name(\"Fedora Update for mingw32-libpng FEDORA-2011-10954\");\n\n script_summary(\"Check for the Version of mingw32-libpng\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw32-libpng\", rpm:\"mingw32-libpng~1.4.8~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-04-22T17:05:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-04-11T00:00:00", "type": "openvas", "title": "Fedora Update for libpng10 FEDORA-2012-5079", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026", "CVE-2004-0421", "CVE-2011-2501", "CVE-2011-2691", "CVE-2011-3045", "CVE-2011-3048", "CVE-2011-2692", "CVE-2011-2690"], "modified": "2020-04-21T00:00:00", "id": "OPENVAS:1361412562310864136", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864136", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libpng10 FEDORA-2012-5079\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077007.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864136\");\n script_version(\"2020-04-21T06:28:23+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 06:28:23 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-04-11 10:42:58 +0530 (Wed, 11 Apr 2012)\");\n script_cve_id(\"CVE-2011-3048\", \"CVE-2011-3045\", \"CVE-2011-3026\", \"CVE-2011-2501\",\n \"CVE-2004-0421\", \"CVE-2011-2691\", \"CVE-2011-2690\", \"CVE-2011-2692\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-5079\");\n script_name(\"Fedora Update for libpng10 FEDORA-2012-5079\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libpng10'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"libpng10 on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng10\", rpm:\"libpng10~1.0.59~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-11T11:06:16", "description": "Check for the Version of libpng10", "cvss3": {}, "published": "2012-04-11T00:00:00", "type": "openvas", "title": "Fedora Update for libpng10 FEDORA-2012-5079", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026", "CVE-2004-0421", "CVE-2011-2501", "CVE-2011-2691", "CVE-2011-3045", "CVE-2011-3048", "CVE-2011-2692", "CVE-2011-2690"], "modified": "2018-01-10T00:00:00", "id": "OPENVAS:864136", "href": "http://plugins.openvas.org/nasl.php?oid=864136", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libpng10 FEDORA-2012-5079\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libpng10 package contains an old version of libpng, a library of functions\n for creating and manipulating PNG (Portable Network Graphics) image format\n files.\n\n This package is needed if you want to run binaries that were linked dynamically\n with libpng 1.0.x.\";\n\ntag_affected = \"libpng10 on Fedora 15\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077007.html\");\n script_id(864136);\n script_version(\"$Revision: 8352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-10 08:01:57 +0100 (Wed, 10 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-11 10:42:58 +0530 (Wed, 11 Apr 2012)\");\n script_cve_id(\"CVE-2011-3048\", \"CVE-2011-3045\", \"CVE-2011-3026\", \"CVE-2011-2501\",\n \"CVE-2004-0421\", \"CVE-2011-2691\", \"CVE-2011-2690\", \"CVE-2011-2692\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-5079\");\n script_name(\"Fedora Update for libpng10 FEDORA-2012-5079\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libpng10\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng10\", rpm:\"libpng10~1.0.59~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-04-22T17:07:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for libpng FEDORA-2012-3705", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026", "CVE-2011-2501", "CVE-2011-2691", "CVE-2011-3045", "CVE-2011-2692", "CVE-2011-2690"], "modified": "2020-04-21T00:00:00", "id": "OPENVAS:1361412562310864125", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864125", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libpng FEDORA-2012-3705\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076731.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864125\");\n script_version(\"2020-04-21T06:28:23+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 06:28:23 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 10:33:27 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-3045\", \"CVE-2011-3026\", \"CVE-2011-2501\", \"CVE-2011-2690\",\n \"CVE-2011-2691\", \"CVE-2011-2692\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-3705\");\n script_name(\"Fedora Update for libpng FEDORA-2012-3705\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libpng'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"libpng on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.48~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-02T10:56:41", "description": "Check for the Version of libpng", "cvss3": {}, "published": "2012-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for libpng FEDORA-2012-3705", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026", "CVE-2011-2501", "CVE-2011-2691", "CVE-2011-3045", "CVE-2011-2692", "CVE-2011-2690"], "modified": "2017-12-27T00:00:00", "id": "OPENVAS:864125", "href": "http://plugins.openvas.org/nasl.php?oid=864125", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libpng FEDORA-2012-3705\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libpng package contains a library of functions for creating and\n manipulating PNG (Portable Network Graphics) image format files. PNG\n is a bit-mapped graphics format similar to the GIF format. PNG was\n created to replace the GIF format, since GIF uses a patented data\n compression algorithm.\n\n Libpng should be installed if you need to manipulate PNG format image\n files.\";\n\ntag_affected = \"libpng on Fedora 15\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076731.html\");\n script_id(864125);\n script_version(\"$Revision: 8249 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 07:29:56 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 10:33:27 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-3045\", \"CVE-2011-3026\", \"CVE-2011-2501\", \"CVE-2011-2690\",\n \"CVE-2011-2691\", \"CVE-2011-2692\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-3705\");\n script_name(\"Fedora Update for libpng FEDORA-2012-3705\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libpng\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.48~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:44", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-07-18T00:00:00", "type": "openvas", "title": "Fedora Update for mingw32-libpng FEDORA-2011-8874", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0421", "CVE-2011-2501"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863364", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863364", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw32-libpng FEDORA-2011-8874\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062734.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863364\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-18 15:23:56 +0200 (Mon, 18 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-8874\");\n script_cve_id(\"CVE-2011-2501\", \"CVE-2004-0421\");\n script_name(\"Fedora Update for mingw32-libpng FEDORA-2011-8874\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw32-libpng'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"mingw32-libpng on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw32-libpng\", rpm:\"mingw32-libpng~1.4.3~3.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:39:34", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-07-18T00:00:00", "type": "openvas", "title": "Fedora Update for mingw32-libpng FEDORA-2011-8868", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0421", "CVE-2011-2501"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863361", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863361", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw32-libpng FEDORA-2011-8868\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062720.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863361\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-18 15:23:56 +0200 (Mon, 18 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-8868\");\n script_cve_id(\"CVE-2011-2501\", \"CVE-2004-0421\");\n script_name(\"Fedora Update for mingw32-libpng FEDORA-2011-8868\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw32-libpng'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC14\");\n script_tag(name:\"affected\", value:\"mingw32-libpng on Fedora 14\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw32-libpng\", rpm:\"mingw32-libpng~1.4.3~2.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-25T10:55:35", "description": "Check for the Version of mingw32-libpng", "cvss3": {}, "published": "2011-07-18T00:00:00", "type": "openvas", "title": "Fedora Update for mingw32-libpng FEDORA-2011-8868", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0421", "CVE-2011-2501"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863361", "href": "http://plugins.openvas.org/nasl.php?oid=863361", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw32-libpng FEDORA-2011-8868\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mingw32-libpng on Fedora 14\";\ntag_insight = \"MinGW Windows Libpng library.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062720.html\");\n script_id(863361);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-18 15:23:56 +0200 (Mon, 18 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-8868\");\n script_cve_id(\"CVE-2011-2501\", \"CVE-2004-0421\");\n script_name(\"Fedora Update for mingw32-libpng FEDORA-2011-8868\");\n\n script_summary(\"Check for the Version of mingw32-libpng\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw32-libpng\", rpm:\"mingw32-libpng~1.4.3~2.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:21", "description": "Check for the Version of mingw32-libpng", "cvss3": {}, "published": "2011-07-18T00:00:00", "type": "openvas", "title": "Fedora Update for mingw32-libpng FEDORA-2011-8874", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0421", "CVE-2011-2501"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863364", "href": "http://plugins.openvas.org/nasl.php?oid=863364", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw32-libpng FEDORA-2011-8874\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mingw32-libpng on Fedora 15\";\ntag_insight = \"MinGW Windows Libpng library.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062734.html\");\n script_id(863364);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-18 15:23:56 +0200 (Mon, 18 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-8874\");\n script_cve_id(\"CVE-2011-2501\", \"CVE-2004-0421\");\n script_name(\"Fedora Update for mingw32-libpng FEDORA-2011-8874\");\n\n script_summary(\"Check for the Version of mingw32-libpng\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw32-libpng\", rpm:\"mingw32-libpng~1.4.3~3.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2020-04-22T17:07:10", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-04-26T00:00:00", "type": "openvas", "title": "Fedora Update for libpng FEDORA-2012-5515", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026", "CVE-2011-2501", "CVE-2011-2691", "CVE-2011-3045", "CVE-2011-3048", "CVE-2011-2692", "CVE-2011-2690"], "modified": "2020-04-21T00:00:00", "id": "OPENVAS:1361412562310864175", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864175", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libpng FEDORA-2012-5515\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079039.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864175\");\n script_version(\"2020-04-21T06:28:23+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 06:28:23 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-04-26 10:32:12 +0530 (Thu, 26 Apr 2012)\");\n script_cve_id(\"CVE-2011-3048\", \"CVE-2011-3045\", \"CVE-2011-3026\", \"CVE-2011-2501\",\n \"CVE-2011-2690\", \"CVE-2011-2691\", \"CVE-2011-2692\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-5515\");\n script_name(\"Fedora Update for libpng FEDORA-2012-5515\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libpng'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"libpng on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.49~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-02T10:57:36", "description": "Check for the Version of libpng", "cvss3": {}, "published": "2012-04-26T00:00:00", "type": "openvas", "title": "Fedora Update for libpng FEDORA-2012-5515", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026", "CVE-2011-2501", "CVE-2011-2691", "CVE-2011-3045", "CVE-2011-3048", "CVE-2011-2692", "CVE-2011-2690"], "modified": "2017-12-27T00:00:00", "id": "OPENVAS:864175", "href": "http://plugins.openvas.org/nasl.php?oid=864175", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libpng FEDORA-2012-5515\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libpng package contains a library of functions for creating and\n manipulating PNG (Portable Network Graphics) image format files. PNG\n is a bit-mapped graphics format similar to the GIF format. PNG was\n created to replace the GIF format, since GIF uses a patented data\n compression algorithm.\n\n Libpng should be installed if you need to manipulate PNG format image\n files.\";\n\ntag_affected = \"libpng on Fedora 15\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079039.html\");\n script_id(864175);\n script_version(\"$Revision: 8249 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 07:29:56 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-26 10:32:12 +0530 (Thu, 26 Apr 2012)\");\n script_cve_id(\"CVE-2011-3048\", \"CVE-2011-3045\", \"CVE-2011-3026\", \"CVE-2011-2501\",\n \"CVE-2011-2690\", \"CVE-2011-2691\", \"CVE-2011-2692\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-5515\");\n script_name(\"Fedora Update for libpng FEDORA-2012-5515\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libpng\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.49~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:35:54", "description": "Oracle Linux Local Security Checks ELSA-2011-1104", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-1104", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2692", "CVE-2011-2690"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122114", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122114", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-1104.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122114\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:13:20 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-1104\");\n script_tag(name:\"insight\", value:\"ELSA-2011-1104 - libpng security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-1104\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-1104.html\");\n script_cve_id(\"CVE-2011-2690\", \"CVE-2011-2692\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.10~7.1.el5_7.5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.10~7.1.el5_7.5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:49", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-02T00:00:00", "type": "openvas", "title": "RedHat Update for libpng RHSA-2011:1104-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2692", "CVE-2011-2690"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870460", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870460", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for libpng RHSA-2011:1104-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-July/msg00035.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870460\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-02 09:08:31 +0200 (Tue, 02 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"RHSA\", value:\"2011:1104-01\");\n script_cve_id(\"CVE-2011-2690\", \"CVE-2011-2692\");\n script_name(\"RedHat Update for libpng RHSA-2011:1104-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libpng'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"libpng on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The libpng packages contain a library of functions for creating and\n manipulating PNG (Portable Network Graphics) image format files.\n\n A buffer overflow flaw was found in the way libpng processed certain PNG\n image files. An attacker could create a specially-crafted PNG image that,\n when opened, could cause an application using libpng to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n the application. (CVE-2011-2690)\n\n Note: The application behavior required to exploit CVE-2011-2690 is rarely\n used. No application shipped with Red Hat Enterprise Linux behaves this\n way, for example.\n\n An uninitialized memory read issue was found in the way libpng processed\n certain PNG images that use the Physical Scale (sCAL) extension. An\n attacker could create a specially-crafted PNG image that, when opened,\n could cause an application using libpng to crash. (CVE-2011-2692)\n\n Users of libpng should upgrade to these updated packages, which contain\n backported patches to correct these issues. All running applications using\n libpng must be restarted for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.10~7.1.el5_7.5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-debuginfo\", rpm:\"libpng-debuginfo~1.2.10~7.1.el5_7.5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.10~7.1.el5_7.5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:33", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-09-23T00:00:00", "type": "openvas", "title": "CentOS Update for libpng CESA-2011:1104 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2692", "CVE-2011-2690"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880989", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880989", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libpng CESA-2011:1104 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-September/017876.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880989\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-23 16:39:49 +0200 (Fri, 23 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2011:1104\");\n script_cve_id(\"CVE-2011-2690\", \"CVE-2011-2692\");\n script_name(\"CentOS Update for libpng CESA-2011:1104 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libpng'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"libpng on CentOS 5\");\n script_tag(name:\"insight\", value:\"The libpng packages contain a library of functions for creating and\n manipulating PNG (Portable Network Graphics) image format files.\n\n A buffer overflow flaw was found in the way libpng processed certain PNG\n image files. An attacker could create a specially-crafted PNG image that,\n when opened, could cause an application using libpng to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n the application. (CVE-2011-2690)\n\n Note: The application behavior required to exploit CVE-2011-2690 is rarely\n used. No application shipped with Red Hat Enterprise Linux behaves this\n way, for example.\n\n An uninitialized memory read issue was found in the way libpng processed\n certain PNG images that use the Physical Scale (sCAL) extension. An\n attacker could create a specially-crafted PNG image that, when opened,\n could cause an application using libpng to crash. (CVE-2011-2692)\n\n Users of libpng should upgrade to these updated packages, which contain\n backported patches to correct these issues. All running applications using\n libpng must be restarted for the update to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.10~7.1.el5_7.5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.10~7.1.el5_7.5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-06T13:07:59", "description": "Check for the Version of libpng", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for libpng CESA-2011:1104 centos5 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2692", "CVE-2011-2690"], "modified": "2018-01-04T00:00:00", "id": "OPENVAS:881382", "href": "http://plugins.openvas.org/nasl.php?oid=881382", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libpng CESA-2011:1104 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libpng packages contain a library of functions for creating and\n manipulating PNG (Portable Network Graphics) image format files.\n\n A buffer overflow flaw was found in the way libpng processed certain PNG\n image files. An attacker could create a specially-crafted PNG image that,\n when opened, could cause an application using libpng to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n the application. (CVE-2011-2690)\n \n Note: The application behavior required to exploit CVE-2011-2690 is rarely\n used. No application shipped with Red Hat Enterprise Linux behaves this\n way, for example.\n \n An uninitialized memory read issue was found in the way libpng processed\n certain PNG images that use the Physical Scale (sCAL) extension. An\n attacker could create a specially-crafted PNG image that, when opened,\n could cause an application using libpng to crash. (CVE-2011-2692)\n \n Users of libpng should upgrade to these updated packages, which contain\n backported patches to correct these issues. All running applications using\n libpng must be restarted for the update to take effect.\";\n\ntag_affected = \"libpng on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-September/017877.html\");\n script_id(881382);\n script_version(\"$Revision: 8285 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 07:29:16 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:38:36 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-2690\", \"CVE-2011-2692\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2011:1104\");\n script_name(\"CentOS Update for libpng CESA-2011:1104 centos5 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libpng\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.10~7.1.el5_7.5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.10~7.1.el5_7.5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-27T10:55:32", "description": "Check for the Version of libpng", "cvss3": {}, "published": "2011-08-02T00:00:00", "type": "openvas", "title": "RedHat Update for libpng RHSA-2011:1104-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2692", "CVE-2011-2690"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:870460", "href": "http://plugins.openvas.org/nasl.php?oid=870460", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for libpng RHSA-2011:1104-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libpng packages contain a library of functions for creating and\n manipulating PNG (Portable Network Graphics) image format files.\n\n A buffer overflow flaw was found in the way libpng processed certain PNG\n image files. An attacker could create a specially-crafted PNG image that,\n when opened, could cause an application using libpng to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n the application. (CVE-2011-2690)\n \n Note: The application behavior required to exploit CVE-2011-2690 is rarely\n used. No application shipped with Red Hat Enterprise Linux behaves this\n way, for example.\n \n An uninitialized memory read issue was found in the way libpng processed\n certain PNG images that use the Physical Scale (sCAL) extension. An\n attacker could create a specially-crafted PNG image that, when opened,\n could cause an application using libpng to crash. (CVE-2011-2692)\n \n Users of libpng should upgrade to these updated packages, which contain\n backported patches to correct these issues. All running applications using\n libpng must be restarted for the update to take effect.\";\n\ntag_affected = \"libpng on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-July/msg00035.html\");\n script_id(870460);\n script_version(\"$Revision: 6685 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:44:46 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-02 09:08:31 +0200 (Tue, 02 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2011:1104-01\");\n script_cve_id(\"CVE-2011-2690\", \"CVE-2011-2692\");\n script_name(\"RedHat Update for libpng RHSA-2011:1104-01\");\n\n script_summary(\"Check for the Version of libpng\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.10~7.1.el5_7.5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-debuginfo\", rpm:\"libpng-debuginfo~1.2.10~7.1.el5_7.5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.10~7.1.el5_7.5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:54", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for libpng CESA-2011:1104 centos5 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2692", "CVE-2011-2690"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881382", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881382", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libpng CESA-2011:1104 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-September/017877.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881382\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:38:36 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-2690\", \"CVE-2011-2692\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2011:1104\");\n script_name(\"CentOS Update for libpng CESA-2011:1104 centos5 x86_64\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libpng'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"libpng on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The libpng packages contain a library of functions for creating and\n manipulating PNG (Portable Network Graphics) image format files.\n\n A buffer overflow flaw was found in the way libpng processed certain PNG\n image files. An attacker could create a specially-crafted PNG image that,\n when opened, could cause an application using libpng to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n the application. (CVE-2011-2690)\n\n Note: The application behavior required to exploit CVE-2011-2690 is rarely\n used. No application shipped with Red Hat Enterprise Linux behaves this\n way, for example.\n\n An uninitialized memory read issue was found in the way libpng processed\n certain PNG images that use the Physical Scale (sCAL) extension. An\n attacker could create a specially-crafted PNG image that, when opened,\n could cause an application using libpng to crash. (CVE-2011-2692)\n\n Users of libpng should upgrade to these updated packages, which contain\n backported patches to correct these issues. All running applications using\n libpng must be restarted for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.10~7.1.el5_7.5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.10~7.1.el5_7.5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:55:45", "description": "Check for the Version of libpng", "cvss3": {}, "published": "2011-09-23T00:00:00", "type": "openvas", "title": "CentOS Update for libpng CESA-2011:1104 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2692", "CVE-2011-2690"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880989", "href": "http://plugins.openvas.org/nasl.php?oid=880989", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libpng CESA-2011:1104 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libpng packages contain a library of functions for creating and\n manipulating PNG (Portable Network Graphics) image format files.\n\n A buffer overflow flaw was found in the way libpng processed certain PNG\n image files. An attacker could create a specially-crafted PNG image that,\n when opened, could cause an application using libpng to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n the application. (CVE-2011-2690)\n \n Note: The application behavior required to exploit CVE-2011-2690 is rarely\n used. No application shipped with Red Hat Enterprise Linux behaves this\n way, for example.\n \n An uninitialized memory read issue was found in the way libpng processed\n certain PNG images that use the Physical Scale (sCAL) extension. An\n attacker could create a specially-crafted PNG image that, when opened,\n could cause an application using libpng to crash. (CVE-2011-2692)\n \n Users of libpng should upgrade to these updated packages, which contain\n backported patches to correct these issues. All running applications using\n libpng must be restarted for the update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"libpng on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-September/017876.html\");\n script_id(880989);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-23 16:39:49 +0200 (Fri, 23 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2011:1104\");\n script_cve_id(\"CVE-2011-2690\", \"CVE-2011-2692\");\n script_name(\"CentOS Update for libpng CESA-2011:1104 centos5 i386\");\n\n script_summary(\"Check for the Version of libpng\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.10~7.1.el5_7.5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.10~7.1.el5_7.5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-01-27T18:36:38", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libpng (EulerOS-SA-2019-1421)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3026", "CVE-2011-2501", "CVE-2011-2691", "CVE-2011-3048", "CVE-2011-2692", "CVE-2015-8472", "CVE-2015-8540", "CVE-2015-7981", "CVE-2011-2690"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191421", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191421", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1421\");\n script_version(\"2020-01-23T11:44:09+0000\");\n script_cve_id(\"CVE-2011-2501\", \"CVE-2011-2690\", \"CVE-2011-2691\", \"CVE-2011-2692\", \"CVE-2011-3026\", \"CVE-2011-3048\", \"CVE-2015-7981\", \"CVE-2015-8472\", \"CVE-2015-8540\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:44:09 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:44:09 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libpng (EulerOS-SA-2019-1421)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1421\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1421\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libpng' package(s) announced via the EulerOS-SA-2019-1421 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.(CVE-2011-3048)\n\nThe png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.(CVE-2011-2692)\n\nIt was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. However, the exact impact is dependent on the application using the library.(CVE-2015-8472)\n\nThe png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image.(CVE-2011-2691)\n\nInteger underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.(CVE-2015-8540)\n\nInteger overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.(CVE-2011-3026)\n\nAn array-indexing error was discovered in the png_convert_to_rfc1123() function of libpng. An attacker could possibly use this flaw to cause an out-of-bounds read by tricking an unsuspecting user into processing a specially crafted PNG image.(CVE-2015-7981)\n\nBuffer overflow ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'libpng' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.5.13~7.1.h2.eulerosv2r7\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:51", "description": "The remote host is missing updates announced in\nadvisory GLSA 201206-15.", "cvss3": {}, "published": "2012-08-10T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201206-15 (libpng)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3464", "CVE-2011-3026", "CVE-2011-2501", "CVE-2009-5063", "CVE-2011-2691", "CVE-2011-3045", "CVE-2011-3048", "CVE-2011-2692", "CVE-2011-2690"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:136141256231071582", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071582", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201206_15.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71582\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2009-5063\", \"CVE-2011-2501\", \"CVE-2011-2690\", \"CVE-2011-2691\", \"CVE-2011-2692\", \"CVE-2011-3026\", \"CVE-2011-3045\", \"CVE-2011-3048\", \"CVE-2011-3464\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-10 03:22:55 -0400 (Fri, 10 Aug 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201206-15 (libpng)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities in libpng might allow remote attackers to\nexecute arbitrary code or cause a Denial of Service condition.\");\n script_tag(name:\"solution\", value:\"All libpng 1.5 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/libpng-1.5.10'\n\n\nAll libpng 1.2 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/libpng-1.2.49'\n\n\nPackages which depend on this library may need to be recompiled. Tools\nsuch as revdep-rebuild may assist in identifying some of these\npackages.\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201206-15\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=373967\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=386185\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=401987\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=404197\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=410153\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201206-15.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"media-libs/libpng\", unaffected: make_list(\"ge 1.5.10\", \"rge 1.2.49\"), vulnerable: make_list(\"lt 1.5.10\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:50:59", "description": "The remote host is missing updates announced in\nadvisory GLSA 201206-15.", "cvss3": {}, "published": "2012-08-10T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201206-15 (libpng)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3464", "CVE-2011-3026", "CVE-2011-2501", "CVE-2009-5063", "CVE-2011-2691", "CVE-2011-3045", "CVE-2011-3048", "CVE-2011-2692", "CVE-2011-2690"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:71582", "href": "http://plugins.openvas.org/nasl.php?oid=71582", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities in libpng might allow remote attackers to\nexecute arbitrary code or cause a Denial of Service condition.\";\ntag_solution = \"All libpng 1.5 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/libpng-1.5.10'\n \n\nAll libpng 1.2 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/libpng-1.2.49'\n \n\nPackages which depend on this library may need to be recompiled. Tools\nsuch as revdep-rebuild may assist in identifying some of these\npackages.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201206-15\nhttp://bugs.gentoo.org/show_bug.cgi?id=373967\nhttp://bugs.gentoo.org/show_bug.cgi?id=386185\nhttp://bugs.gentoo.org/show_bug.cgi?id=401987\nhttp://bugs.gentoo.org/show_bug.cgi?id=404197\nhttp://bugs.gentoo.org/show_bug.cgi?id=410153\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201206-15.\";\n\n \n \nif(description)\n{\n script_id(71582);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2009-5063\", \"CVE-2011-2501\", \"CVE-2011-2690\", \"CVE-2011-2691\", \"CVE-2011-2692\", \"CVE-2011-3026\", \"CVE-2011-3045\", \"CVE-2011-3048\", \"CVE-2011-3464\");\n script_version(\"$Revision: 6589 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 10:27:50 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-10 03:22:55 -0400 (Fri, 10 Aug 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201206-15 (libpng)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"media-libs/libpng\", unaffected: make_list(\"ge 1.5.10\", \"rge 1.2.49\"), vulnerable: make_list(\"lt 1.5.10\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:22", "description": "The remote host is missing updates announced in\nadvisory GLSA 200405-06.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200405-06 (libpng)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0421"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:54566", "href": "http://plugins.openvas.org/nasl.php?oid=54566", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A bug in the libpng library can be abused to crash programs making use of\nthat library to decode PNG images.\";\ntag_solution = \"All users of libpng should upgrade to the latest stable version:\n\n # emerge sync\n\n # emerge -pv '>=media-libs/libpng-1.2.5-r5'\n # emerge '>=media-libs/libpng-1.2.5-r5'\n\nYou should also run revdep-rebuild to rebuild any packages that depend on\nolder versions of libpng :\n\n # revdep-rebuild\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200405-06\nhttp://bugs.gentoo.org/show_bug.cgi?id=49887\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200405-06.\";\n\n \n\nif(description)\n{\n script_id(54566);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_bugtraq_id(10244);\n script_cve_id(\"CVE-2004-0421\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200405-06 (libpng)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-libs/libpng\", unaffected: make_list(\"ge 1.2.5-r5\"), vulnerable: make_list(\"le 1.2.5-r4\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:45", "description": "The remote host is missing an update as announced\nvia advisory SSA:2004-124-04.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2004-124-04 libpng update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0421"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:53936", "href": "http://plugins.openvas.org/nasl.php?oid=53936", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2004_124_04.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New libpng packages are available for Slackware 9.0, 9.1, and -current to\nfix an issue where libpng could be caused to crash, perhaps creating a denial\nof service issue if network services are linked with it.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2004-124-04.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2004-124-04\";\n \nif(description)\n{\n script_id(53936);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_bugtraq_id(10244);\n script_cve_id(\"CVE-2004-0421\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2004-124-04 libpng update \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"libpng\", ver:\"1.2.5-i386-2\", rls:\"SLK9.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"libpng\", ver:\"1.2.5-i486-2\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:25", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2008-09-04T00:00:00", "type": "openvas", "title": "FreeBSD Ports: linux-png", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0421"], "modified": "2016-09-22T00:00:00", "id": "OPENVAS:52428", "href": "http://plugins.openvas.org/nasl.php?oid=52428", "sourceData": "#\n#VID 3a408f6f-9c52-11d8-9366-0020ed76ef5a\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n linux-png\n png\n\nCVE-2004-0421\nThe Portable Network Graphics library (libpng) 1.0.15 and earlier\nallows attackers to cause a denial of service (crash) via a malformed\nPNG image file that triggers an error that causes an out-of-bounds\nread when creating the error message.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(52428);\n script_version(\"$Revision: 4128 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-22 07:37:51 +0200 (Thu, 22 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2004-0421\");\n script_bugtraq_id(10244);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"FreeBSD Ports: linux-png\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120508\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2004-181.html\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/11505\");\n script_xref(name : \"URL\" , value : \"http://www.vuxml.org/freebsd/3a408f6f-9c52-11d8-9366-0020ed76ef5a.html\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"linux-png\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.0.14_3\")<=0) {\n txt += 'Package linux-png version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"1.2\")>=0 && revcomp(a:bver, b:\"1.2.2\")<=0) {\n txt += 'Package linux-png version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"png\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.2.5_4\")<0) {\n txt += 'Package png version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:22", "description": "The remote host is missing an update to libpng, libpng3\nannounced via advisory DSA 498-1.", "cvss3": {}, "published": "2008-01-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 498-1 (libpng, libpng3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0421"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:53188", "href": "http://plugins.openvas.org/nasl.php?oid=53188", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_498_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 498-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Steve Grubb discovered a problem in the Portable Network Graphics\nlibrary libpng which is utilised in several applications. When\nprocessing a broken PNG image, the error handling routine will access\nmemory that is out of bounds when creating an error message.\nDepending on machine architecture, bounds checking and other\nprotective measures, this problem could cause the program to crash if\na defective or intentionally prepared PNG image file is handled by\nlibpng.\n\nThis could be used as a denial of service attack against various\nprograms that link against this library. The following commands will\nshow you which packages utilise this library and whose programs should\nprobably restarted after an upgrade:\n\napt-cache showpkg libpng2\napt-cache showpkg libpng3\n\nThe following security matrix explains which package versions will\ncontain a correction.\n\nPackage stable (woody) unstable (sid)\nlibpng 1.0.12-3.woody.5 1.0.15-5\nlibpng3 1.2.1-1.1.woody.5 1.2.5.0-6\n\nWe recommend that you upgrade your libpng and related packages.\";\ntag_summary = \"The remote host is missing an update to libpng, libpng3\nannounced via advisory DSA 498-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20498-1\";\n\nif(description)\n{\n script_id(53188);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:41:51 +0100 (Thu, 17 Jan 2008)\");\n script_bugtraq_id(10244);\n script_cve_id(\"CVE-2004-0421\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Debian Security Advisory DSA 498-1 (libpng, libpng3)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libpng2\", ver:\"1.0.12-3.woody.5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpng2-dev\", ver:\"1.0.12-3.woody.5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpng-dev\", ver:\"1.2.1-1.1.woody.5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpng3\", ver:\"1.2.1-1.1.woody.5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:31", "description": "The remote host is missing an update as announced\nvia advisory SSA:2004-124-04.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2004-124-04 libpng update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0421"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:136141256231053936", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231053936", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2004_124_04.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.53936\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_bugtraq_id(10244);\n script_cve_id(\"CVE-2004-0421\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2004-124-04 libpng update\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(9\\.0|9\\.1)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2004-124-04\");\n\n script_tag(name:\"insight\", value:\"New libpng packages are available for Slackware 9.0, 9.1, and -current to\nfix an issue where libpng could be caused to crash, perhaps creating a denial\nof service issue if network services are linked with it.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2004-124-04.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"libpng\", ver:\"1.2.5-i386-2\", rls:\"SLK9.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"libpng\", ver:\"1.2.5-i486-2\", rls:\"SLK9.1\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-08-08T14:25:31", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-18T00:00:00", "type": "openvas", "title": "CentOS Update for libpng10 CESA-2011:1103 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2692"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880957", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880957", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libpng10 CESA-2011:1103 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-August/017667.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880957\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-18 14:57:45 +0200 (Thu, 18 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"CESA\", value:\"2011:1103\");\n script_cve_id(\"CVE-2011-2692\");\n script_name(\"CentOS Update for libpng10 CESA-2011:1103 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libpng10'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"libpng10 on CentOS 4\");\n script_tag(name:\"insight\", value:\"The libpng packages contain a library of functions for creating and\n manipulating PNG (Portable Network Graphics) image format files.\n\n An uninitialized memory read issue was found in the way libpng processed\n certain PNG images that use the Physical Scale (sCAL) extension. An\n attacker could create a specially-crafted PNG image that, when opened,\n could cause an application using libpng to crash. (CVE-2011-2692)\n\n Users of libpng and libpng10 should upgrade to these updated packages,\n which contain a backported patch to correct this issue. All running\n applications using libpng or libpng10 must be restarted for the update to\n take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng10\", rpm:\"libpng10~1.0.16~9.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng10-devel\", rpm:\"libpng10-devel~1.0.16~9.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.7~8.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.7~8.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:55:47", "description": "Check for the Version of libpng10", "cvss3": {}, "published": "2011-08-18T00:00:00", "type": "openvas", "title": "CentOS Update for libpng10 CESA-2011:1103 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2692"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880957", "href": "http://plugins.openvas.org/nasl.php?oid=880957", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libpng10 CESA-2011:1103 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libpng packages contain a library of functions for creating and\n manipulating PNG (Portable Network Graphics) image format files.\n\n An uninitialized memory read issue was found in the way libpng processed\n certain PNG images that use the Physical Scale (sCAL) extension. An\n attacker could create a specially-crafted PNG image that, when opened,\n could cause an application using libpng to crash. (CVE-2011-2692)\n \n Users of libpng and libpng10 should upgrade to these updated packages,\n which contain a backported patch to correct this issue. All running\n applications using libpng or libpng10 must be restarted for the update to\n take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"libpng10 on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-August/017667.html\");\n script_id(880957);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-18 14:57:45 +0200 (Thu, 18 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2011:1103\");\n script_cve_id(\"CVE-2011-2692\");\n script_name(\"CentOS Update for libpng10 CESA-2011:1103 centos4 i386\");\n\n script_summary(\"Check for the Version of libpng10\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng10\", rpm:\"libpng10~1.0.16~9.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng10-devel\", rpm:\"libpng10-devel~1.0.16~9.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.7~8.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.7~8.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2020-08-08T14:23:21", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-02T00:00:00", "type": "openvas", "title": "RedHat Update for libpng RHSA-2011:1103-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2692"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870461", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870461", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for libpng RHSA-2011:1103-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-July/msg00034.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870461\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-02 09:08:31 +0200 (Tue, 02 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"RHSA\", value:\"2011:1103-01\");\n script_cve_id(\"CVE-2011-2692\");\n script_name(\"RedHat Update for libpng RHSA-2011:1103-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libpng'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_4\");\n script_tag(name:\"affected\", value:\"libpng on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The libpng packages contain a library of functions for creating and\n manipulating PNG (Portable Network Graphics) image format files.\n\n An uninitialized memory read issue was found in the way libpng processed\n certain PNG images that use the Physical Scale (sCAL) extension. An\n attacker could create a specially-crafted PNG image that, when opened,\n could cause an application using libpng to crash. (CVE-2011-2692)\n\n Users of libpng and libpng10 should upgrade to these updated packages,\n which contain a backported patch to correct this issue. All running\n applications using libpng or libpng10 must be restarted for the update to\n take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.7~8.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-debuginfo\", rpm:\"libpng-debuginfo~1.2.7~8.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.7~8.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng10\", rpm:\"libpng10~1.0.16~9.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng10-debuginfo\", rpm:\"libpng10-debuginfo~1.0.16~9.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng10-devel\", rpm:\"libpng10-devel~1.0.16~9.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-08T14:21:38", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for libpng10 CESA-2011:1103 centos4 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2692"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881259", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881259", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libpng10 CESA-2011:1103 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-August/017668.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881259\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:13:04 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-2692\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"CESA\", value:\"2011:1103\");\n script_name(\"CentOS Update for libpng10 CESA-2011:1103 centos4 x86_64\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libpng10'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"libpng10 on CentOS 4\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The libpng packages contain a library of functions for creating and\n manipulating PNG (Portable Network Graphics) image format files.\n\n An uninitialized memory read issue was found in the way libpng processed\n certain PNG images that use the Physical Scale (sCAL) extension. An\n attacker could create a specially-crafted PNG image that, when opened,\n could cause an application using libpng to crash. (CVE-2011-2692)\n\n Users of libpng and libpng10 should upgrade to these updated packages,\n which contain a backported patch to correct this issue. All running\n applications using libpng or libpng10 must be restarted for the update to\n take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng10\", rpm:\"libpng10~1.0.16~9.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng10-devel\", rpm:\"libpng10-devel~1.0.16~9.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.7~8.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.7~8.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-27T10:55:10", "description": "Check for the Version of libpng", "cvss3": {}, "published": "2011-08-02T00:00:00", "type": "openvas", "title": "RedHat Update for libpng RHSA-2011:1103-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2692"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:870461", "href": "http://plugins.openvas.org/nasl.php?oid=870461", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for libpng RHSA-2011:1103-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libpng packages contain a library of functions for creating and\n manipulating PNG (Portable Network Graphics) image format files.\n\n An uninitialized memory read issue was found in the way libpng processed\n certain PNG images that use the Physical Scale (sCAL) extension. An\n attacker could create a specially-crafted PNG image that, when opened,\n could cause an application using libpng to crash. (CVE-2011-2692)\n \n Users of libpng and libpng10 should upgrade to these updated packages,\n which contain a backported patch to correct this issue. All running\n applications using libpng or libpng10 must be restarted for the update to\n take effect.\";\n\ntag_affected = \"libpng on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-July/msg00034.html\");\n script_id(870461);\n script_version(\"$Revision: 6685 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:44:46 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-02 09:08:31 +0200 (Tue, 02 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"RHSA\", value: \"2011:1103-01\");\n script_cve_id(\"CVE-2011-2692\");\n script_name(\"RedHat Update for libpng RHSA-2011:1103-01\");\n\n script_summary(\"Check for the Version of libpng\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.7~8.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-debuginfo\", rpm:\"libpng-debuginfo~1.2.7~8.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.7~8.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng10\", rpm:\"libpng10~1.0.16~9.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng10-debuginfo\", rpm:\"libpng10-debuginfo~1.0.16~9.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng10-devel\", rpm:\"libpng10-devel~1.0.16~9.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:56:55", "description": "Check for the Version of libpng10", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for libpng10 CESA-2011:1103 centos4 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2692"], "modified": "2017-12-27T00:00:00", "id": "OPENVAS:881259", "href": "http://plugins.openvas.org/nasl.php?oid=881259", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libpng10 CESA-2011:1103 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libpng packages contain a library of functions for creating and\n manipulating PNG (Portable Network Graphics) image format files.\n\n An uninitialized memory read issue was found in the way libpng processed\n certain PNG images that use the Physical Scale (sCAL) extension. An\n attacker could create a specially-crafted PNG image that, when opened,\n could cause an application using libpng to crash. (CVE-2011-2692)\n \n Users of libpng and libpng10 should upgrade to these updated packages,\n which contain a backported patch to correct this issue. All running\n applications using libpng or libpng10 must be restarted for the update to\n take effect.\";\n\ntag_affected = \"libpng10 on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-August/017668.html\");\n script_id(881259);\n script_version(\"$Revision: 8249 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 07:29:56 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:13:04 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-2692\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2011:1103\");\n script_name(\"CentOS Update for libpng10 CESA-2011:1103 centos4 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libpng10\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng10\", rpm:\"libpng10~1.0.16~9.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng10-devel\", rpm:\"libpng10-devel~1.0.16~9.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.7~8.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.7~8.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:37", "description": "The remote host is missing an update as announced\nvia advisory SSA:2011-210-01.", "cvss3": {}, "published": "2012-09-10T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2011-210-01 libpng ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0421", "CVE-2004-0421"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:71955", "href": "http://plugins.openvas.org/nasl.php?oid=71955", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2011_210_01.nasl 6581 2017-07-06 13:58:51Z cfischer $\n# Description: Auto-generated from advisory SSA:2011-210-01\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0,\n10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current\nto fix security issues.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2011-210-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2011-210-01\";\n \nif(description)\n{\n script_id(71955);\n script_cve_id(\"CVE-2004-0421\", \"CVE-2011-0421\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_version(\"$Revision: 6581 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:58:51 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-10 07:16:17 -0400 (Mon, 10 Sep 2012)\");\n script_name(\"Slackware Advisory SSA:2011-210-01 libpng \");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"libpng\", ver:\"1.2.46-i386-1_slack8.1\", rls:\"SLK8.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"libpng\", ver:\"1.2.46-i386-1_slack9.0\", rls:\"SLK9.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"libpng\", ver:\"1.2.46-i486-1_slack9.1\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"libpng\", ver:\"1.2.46-i486-1_slack10.0\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"libpng\", ver:\"1.2.46-i486-1_slack10.1\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"libpng\", ver:\"1.2.46-i486-1_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"libpng\", ver:\"1.2.46-i486-1_slack11.0\", rls:\"SLK11.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"libpng\", ver:\"1.2.46-i486-1_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"libpng\", ver:\"1.2.46-i486-1_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"libpng\", ver:\"1.2.46-i486-1_slack12.2\", rls:\"SLK12.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"libpng\", ver:\"1.2.46-i486-1_slack13.0\", rls:\"SLK13.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"libpng\", ver:\"1.4.8-i486-1_slack13.1\", rls:\"SLK13.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"libpng\", ver:\"1.4.8-i486-1_slack13.37\", rls:\"SLK13.37\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:17", "description": "The remote host is missing an update as announced\nvia advisory SSA:2011-210-01.", "cvss3": {}, "published": "2012-09-10T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2011-210-01 libpng", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0421", "CVE-2004-0421"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:136141256231071955", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071955", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2011_210_01.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from advisory SSA:2011-210-01\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71955\");\n script_cve_id(\"CVE-2004-0421\", \"CVE-2011-0421\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_version(\"$Revision: 14202 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-10 07:16:17 -0400 (Mon, 10 Sep 2012)\");\n script_name(\"Slackware Advisory SSA:2011-210-01 libpng\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(8\\.1|9\\.0|9\\.1|10\\.0|10\\.1|10\\.2|11\\.0|12\\.0|12\\.1|12\\.2|13\\.0|13\\.1|13\\.37)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2011-210-01\");\n\n script_tag(name:\"insight\", value:\"New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0,\n10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current\nto fix security issues.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2011-210-01.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"libpng\", ver:\"1.2.46-i386-1_slack8.1\", rls:\"SLK8.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"libpng\", ver:\"1.2.46-i386-1_slack9.0\", rls:\"SLK9.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"libpng\", ver:\"1.2.46-i486-1_slack9.1\", rls:\"SLK9.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"libpng\", ver:\"1.2.46-i486-1_slack10.0\", rls:\"SLK10.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"libpng\", ver:\"1.2.46-i486-1_slack10.1\", rls:\"SLK10.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"libpng\", ver:\"1.2.46-i486-1_slack10.2\", rls:\"SLK10.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"libpng\", ver:\"1.2.46-i486-1_slack11.0\", rls:\"SLK11.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"libpng\", ver:\"1.2.46-i486-1_slack12.0\", rls:\"SLK12.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"libpng\", ver:\"1.2.46-i486-1_slack12.1\", rls:\"SLK12.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"libpng\", ver:\"1.2.46-i486-1_slack12.2\", rls:\"SLK12.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"libpng\", ver:\"1.2.46-i486-1_slack13.0\", rls:\"SLK13.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"libpng\", ver:\"1.4.8-i486-1_slack13.1\", rls:\"SLK13.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"libpng\", ver:\"1.4.8-i486-1_slack13.37\", rls:\"SLK13.37\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-04-27T19:22:38", "description": "This host is missing an important security update according to\n Mac OS X 10.6.8 Update/Mac OS X Security Update 2011-006.", "cvss3": {}, "published": "2011-10-20T00:00:00", "type": "openvas", "title": "Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0187", "CVE-2011-0421", "CVE-2011-1467", "CVE-2011-1153", "CVE-2011-1471", "CVE-2011-3221", "CVE-2011-3227", "CVE-2011-0259", "CVE-2011-3216", "CVE-2011-3246", "CVE-2011-1466", "CVE-2011-3435", "CVE-2011-3222", "CVE-2011-0229", "CVE-2011-1521", "CVE-2010-4172", "CVE-2011-0419", "CVE-2011-1092", "CVE-2011-0252", "CVE-2011-3223", "CVE-2011-0185", "CVE-2011-1755", "CVE-2011-3220", "CVE-2011-0224", "CVE-2011-2464", "CVE-2010-4645", "CVE-2011-3214", "CVE-2010-3436", "CVE-2010-1157", "CVE-2011-0013", "CVE-2011-0708", "CVE-2011-3228", "CVE-2011-0249", "CVE-2011-0231", "CVE-2011-0534", "CVE-2011-3437", "CVE-2011-2691", "CVE-2011-1468", "CVE-2011-0420", "CVE-2010-2089", "CVE-2011-3224", "CVE-2011-0226", "CVE-2011-1470", "CVE-2011-3192", "CVE-2011-3219", "CVE-2011-3436", "CVE-2011-3225", "CVE-2011-3215", "CVE-2011-0260", "CVE-2011-2692", "CVE-2010-2227", "CVE-2011-1469", "CVE-2011-3218", "CVE-2010-3614", "CVE-2011-3213", "CVE-2010-3718", "CVE-2011-0250", "CVE-2011-3217", "CVE-2010-3613", "CVE-2010-1634", "CVE-2010-0097", "CVE-2011-0251", "CVE-2011-0707", "CVE-2011-0230", "CVE-2011-3226", "CVE-2011-2690", "CVE-2011-0411", "CVE-2011-3212", "CVE-2009-4022", "CVE-2011-1910"], "modified": "2020-04-23T00:00:00", "id": "OPENVAS:1361412562310802336", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802336", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802336\");\n script_version(\"2020-04-23T08:43:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-23 08:43:39 +0000 (Thu, 23 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-10-20 08:43:23 +0200 (Thu, 20 Oct 2011)\");\n script_cve_id(\"CVE-2011-0419\", \"CVE-2011-3192\", \"CVE-2011-0185\", \"CVE-2011-3437\",\n \"CVE-2011-0229\", \"CVE-2011-0230\", \"CVE-2011-1910\", \"CVE-2011-2464\",\n \"CVE-2009-4022\", \"CVE-2010-0097\", \"CVE-2010-3613\", \"CVE-2010-3614\",\n \"CVE-2011-0231\", \"CVE-2011-3246\", \"CVE-2011-0259\", \"CVE-2011-0187\",\n \"CVE-2011-0224\", \"CVE-2011-0260\", \"CVE-2011-3212\", \"CVE-2011-3213\",\n \"CVE-2011-3214\", \"CVE-2011-1755\", \"CVE-2011-3215\", \"CVE-2011-3216\",\n \"CVE-2011-3227\", \"CVE-2011-0707\", \"CVE-2011-3217\", \"CVE-2011-3435\",\n \"CVE-2010-3436\", \"CVE-2010-4645\", \"CVE-2011-0420\", \"CVE-2011-0421\",\n \"CVE-2011-0708\", \"CVE-2011-1092\", \"CVE-2011-1153\", \"CVE-2011-1466\",\n \"CVE-2011-1467\", \"CVE-2011-1468\", \"CVE-2011-1469\", \"CVE-2011-1470\",\n \"CVE-2011-1471\", \"CVE-2011-0411\", \"CVE-2010-1634\", \"CVE-2010-2089\",\n \"CVE-2011-1521\", \"CVE-2011-3228\", \"CVE-2011-0249\", \"CVE-2011-0250\",\n \"CVE-2011-0251\", \"CVE-2011-0252\", \"CVE-2011-3218\", \"CVE-2011-3219\",\n \"CVE-2011-3220\", \"CVE-2011-3221\", \"CVE-2011-3222\", \"CVE-2011-3223\",\n \"CVE-2011-3225\", \"CVE-2010-1157\", \"CVE-2010-2227\", \"CVE-2010-3718\",\n \"CVE-2010-4172\", \"CVE-2011-0013\", \"CVE-2011-0534\", \"CVE-2011-3224\",\n \"CVE-2011-2690\", \"CVE-2011-2691\", \"CVE-2011-2692\", \"CVE-2011-3436\",\n \"CVE-2011-3226\", \"CVE-2011-0226\");\n script_bugtraq_id(47820, 49303, 50092, 50112, 50091, 50099, 48007, 48566, 37118,\n 37865, 45133, 45137, 50098, 50115, 50067, 46992, 50095, 50120,\n 50109, 50116, 50111, 48250, 50113, 50121, 50129, 46464, 50117,\n 50114, 50146, 50153, 48619, 48660, 48618, 44723, 45668, 46429,\n 46354, 46365, 46786, 46854, 46967, 46968, 46977, 46970, 46969,\n 46975, 46767, 40370, 40863, 47024, 50127, 48993, 49038, 50122,\n 50068, 50130, 50131, 50100, 50101, 50144, 39635, 41544, 46177,\n 45015, 46174, 46164, 50150);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006)\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT1222\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT5000\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT5002\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/security-announce//2011//Oct//msg00003.html\");\n\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.6\\.8\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to execute arbitrary code in\n the context of the browser, inject scripts, bypass certain security\n restrictions or cause a denial of service condition.\");\n script_tag(name:\"affected\", value:\"Apache, Application Firewall, ATS, BIND, Certificate Trust Policy, CFNetwork,\n CoreFoundation, CoreMedia, CoreProcesses, CoreStorage, File Systems,\n iChat Server, IOGraphics, Kernel, libsecurity, Mailman, MediaKit,\n Open Directory, PHP, postfix, python, QuickTime, SMB File Server, Tomcat,\n User Documentation, Web Server and X11.\");\n script_tag(name:\"insight\", value:\"Please see the references for more information on the vulnerabilities.\");\n script_tag(name:\"solution\", value:\"Run Mac Updates and update the Security Update 2011-006\");\n script_tag(name:\"summary\", value:\"This host is missing an important security update according to\n Mac OS X 10.6.8 Update/Mac OS X Security Update 2011-006.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"pkg-lib-macosx.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer)\n exit(0);\n\nif(\"Mac OS X\" >< osName)\n{\n if(version_is_equal(version:osVer, test_version:\"10.6.8\"))\n {\n if(isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2011.006\"))\n {\n report = report_fixed_ver(installed_version:osVer, vulnerable_range:\"Equal to 10.6.8\");\n security_message(port:0, data:report);\n exit(0);\n }\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-09-04T14:19:54", "description": "This host is missing an important security update according to\n Mac OS X 10.6.8 Update/Mac OS X Security Update 2011-006.", "cvss3": {}, "published": "2011-10-20T00:00:00", "type": "openvas", "title": "Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0187", "CVE-2011-0421", "CVE-2011-1467", "CVE-2011-1153", "CVE-2011-1471", "CVE-2011-3221", "CVE-2011-3227", "CVE-2011-0259", "CVE-2011-3216", "CVE-2011-3246", "CVE-2011-1466", "CVE-2011-3435", "CVE-2011-3222", "CVE-2011-0229", "CVE-2011-1521", "CVE-2010-4172", "CVE-2011-0419", "CVE-2011-1092", "CVE-2011-0252", "CVE-2011-3223", "CVE-2011-0185", "CVE-2011-1755", "CVE-2011-3220", "CVE-2011-0224", "CVE-2011-2464", "CVE-2010-4645", "CVE-2011-3214", "CVE-2010-3436", "CVE-2010-1157", "CVE-2011-0013", "CVE-2011-0708", "CVE-2011-3228", "CVE-2011-0249", "CVE-2011-0231", "CVE-2011-0534", "CVE-2011-3437", "CVE-2011-2691", "CVE-2011-1468", "CVE-2011-0420", "CVE-2010-2089", "CVE-2011-3224", "CVE-2011-0226", "CVE-2011-1470", "CVE-2011-3192", "CVE-2011-3219", "CVE-2011-3436", "CVE-2011-3225", "CVE-2011-3215", "CVE-2011-0260", "CVE-2011-2692", "CVE-2010-2227", "CVE-2011-1469", "CVE-2011-3218", "CVE-2010-3614", "CVE-2011-3213", "CVE-2010-3718", "CVE-2011-0250", "CVE-2011-3217", "CVE-2010-3613", "CVE-2010-1634", "CVE-2010-0097", "CVE-2011-0251", "CVE-2011-0707", "CVE-2011-0230", "CVE-2011-3226", "CVE-2011-2690", "CVE-2011-0411", "CVE-2011-3212", "CVE-2009-4022", "CVE-2011-1910"], "modified": "2017-08-31T00:00:00", "id": "OPENVAS:802336", "href": "http://plugins.openvas.org/nasl.php?oid=802336", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_macosx_su11-006.nasl 7029 2017-08-31 11:51:40Z teissa $\n#\n# Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to execute arbitrary code in\n the context of the browser, inject scripts, bypass certain security\n restrictions or cause a denial of service condition.\n Impact Level: System/Application\";\ntag_affected = \"Apache, Application Firewall, ATS, BIND, Certificate Trust Policy, CFNetwork,\n CoreFoundation, CoreMedia, CoreProcesses, CoreStorage, File Systems,\n iChat Server, IOGraphics, Kernel, libsecurity, Mailman, MediaKit,\n Open Directory, PHP, postfix, python, QuickTime, SMB File Server, Tomcat,\n User Documentation, Web Server and X11.\";\ntag_insight = \"For more information on the vulnerabilities refer to the links below.\";\ntag_solution = \"Run Mac Updates and update the Security Update 2011-006\n For updates refer to http://support.apple.com/kb/HT1222\";\ntag_summary = \"This host is missing an important security update according to\n Mac OS X 10.6.8 Update/Mac OS X Security Update 2011-006.\";\n\nif(description)\n{\n script_id(802336);\n script_version(\"$Revision: 7029 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-31 13:51:40 +0200 (Thu, 31 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-20 08:43:23 +0200 (Thu, 20 Oct 2011)\");\n script_cve_id(\"CVE-2011-0419\", \"CVE-2011-3192\", \"CVE-2011-0185\", \"CVE-2011-3437\",\n \"CVE-2011-0229\", \"CVE-2011-0230\", \"CVE-2011-1910\", \"CVE-2011-2464\",\n \"CVE-2009-4022\", \"CVE-2010-0097\", \"CVE-2010-3613\", \"CVE-2010-3614\",\n \"CVE-2011-0231\", \"CVE-2011-3246\", \"CVE-2011-0259\", \"CVE-2011-0187\",\n \"CVE-2011-0224\", \"CVE-2011-0260\", \"CVE-2011-3212\", \"CVE-2011-3213\",\n \"CVE-2011-3214\", \"CVE-2011-1755\", \"CVE-2011-3215\", \"CVE-2011-3216\",\n \"CVE-2011-3227\", \"CVE-2011-0707\", \"CVE-2011-3217\", \"CVE-2011-3435\",\n \"CVE-2010-3436\", \"CVE-2010-4645\", \"CVE-2011-0420\", \"CVE-2011-0421\",\n \"CVE-2011-0708\", \"CVE-2011-1092\", \"CVE-2011-1153\", \"CVE-2011-1466\",\n \"CVE-2011-1467\", \"CVE-2011-1468\", \"CVE-2011-1469\", \"CVE-2011-1470\",\n \"CVE-2011-1471\", \"CVE-2011-0411\", \"CVE-2010-1634\", \"CVE-2010-2089\",\n \"CVE-2011-1521\", \"CVE-2011-3228\", \"CVE-2011-0249\", \"CVE-2011-0250\",\n \"CVE-2011-0251\", \"CVE-2011-0252\", \"CVE-2011-3218\", \"CVE-2011-3219\",\n \"CVE-2011-3220\", \"CVE-2011-3221\", \"CVE-2011-3222\", \"CVE-2011-3223\",\n \"CVE-2011-3225\", \"CVE-2010-1157\", \"CVE-2010-2227\", \"CVE-2010-3718\",\n \"CVE-2010-4172\", \"CVE-2011-0013\", \"CVE-2011-0534\", \"CVE-2011-3224\",\n \"CVE-2011-2690\", \"CVE-2011-2691\", \"CVE-2011-2692\", \"CVE-2011-3436\",\n \"CVE-2011-3226\", \"CVE-2011-0226\");\n script_bugtraq_id(47820, 49303, 50092, 50112, 50091, 50099, 48007, 48566, 37118,\n 37865, 45133, 45137, 50098, 50115, 50067, 46992, 50095, 50120,\n 50109, 50116, 50111, 48250, 50113, 50121, 50129, 46464, 50117,\n 50114, 50146, 50153, 48619, 48660, 48618, 44723, 45668, 46429,\n 46354, 46365, 46786, 46854, 46967, 46968, 46977, 46970, 46969,\n 46975, 46767, 40370, 40863, 47024, 50127, 48993, 49038, 50122,\n 50068, 50130, 50131, 50100, 50101, 50144, 39635, 41544, 46177,\n 45015, 46174, 46164, 50150);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006)\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT1222\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT5000\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT5002\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce//2011//Oct//msg00003.html\");\n\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"pkg-lib-macosx.inc\");\n\n## Get the OS name\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName){\n exit (0);\n}\n\n## Get the OS Version\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer){\n exit(0);\n}\n\n## Check for the Mac OS X and Mac OS X Server\nif(\"Mac OS X\" >< osName)\n{\n ## Check the affected OS versions\n if(version_is_equal(version:osVer, test_version:\"10.6.8\"))\n {\n ## Check for the security update 2011.006\n if(isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2011.006\"))\n {\n security_message(0);\n exit(0);\n }\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-19T10:50:21", "description": "This host is missing an important security update according to\n Mac OS X 10.6.8 Update/Mac OS X Security Update 2012-002.", "cvss3": {}, "published": "2012-05-18T00:00:00", "type": "openvas", "title": "Mac OS X Multiple Vulnerabilities (2012-002)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0649", "CVE-2011-0241", "CVE-2012-0642", "CVE-2012-0655", "CVE-2012-0654", "CVE-2012-0662", "CVE-2011-4885", "CVE-2011-3389", "CVE-2012-0830", "CVE-2011-3919", "CVE-2012-0661", "CVE-2011-1167", "CVE-2012-0658", "CVE-2011-3328", "CVE-2011-2834", "CVE-2011-1005", "CVE-2011-2692", "CVE-2012-0675", "CVE-2012-0660", "CVE-2011-4566", "CVE-2012-0659", "CVE-2012-0656", "CVE-2012-0652", "CVE-2012-0036", "CVE-2012-0651", "CVE-2012-1182", "CVE-2011-1778", "CVE-2011-2821", "CVE-2011-1944", "CVE-2011-1004", "CVE-2012-0657", "CVE-2012-0870", "CVE-2011-2895", "CVE-2011-3212", "CVE-2011-1777", "CVE-2011-4815"], "modified": "2017-07-04T00:00:00", "id": "OPENVAS:802794", "href": "http://plugins.openvas.org/nasl.php?oid=802794", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_macosx_su12-002.nasl 6521 2017-07-04 14:51:10Z cfischer $\n#\n# Mac OS X Multiple Vulnerabilities (2012-002)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to execute arbitrary code in\n the context or cause a denial of service condition.\n Impact Level: System/Application\";\ntag_affected = \"Login Window,\n Bluetooth,\n curl,\n Directory Service,\n HFS,\n ImageIO,\n Kernel,\n libarchive,\n libsecurity,\n libxml,\n LoginUIFramework,\n PHP,\n Quartz Composer,\n QuickTime,\n Ruby,\n Samba,\n Security Framework,\n Time Machine,\n X11.\";\ntag_insight = \"For more information on the vulnerabilities refer to the links below.\";\ntag_solution = \"Upgrade to Mac OS X 10.7.4 or\n Run Mac Updates and update the Security Update 2012-002\n For updates refer to http://support.apple.com/kb/HT5281\";\ntag_summary = \"This host is missing an important security update according to\n Mac OS X 10.6.8 Update/Mac OS X Security Update 2012-002.\";\n\nif(description)\n{\n script_id(802794);\n script_version(\"$Revision: 6521 $\");\n script_cve_id(\"CVE-2011-3389\", \"CVE-2012-0651\", \"CVE-2011-0241\", \"CVE-2011-2692\",\n \"CVE-2011-1167\", \"CVE-2011-1777\", \"CVE-2011-1778\", \"CVE-2012-0654\",\n \"CVE-2012-0655\", \"CVE-2011-1944\", \"CVE-2011-2821\", \"CVE-2011-2834\",\n \"CVE-2011-3919\", \"CVE-2012-0657\", \"CVE-2012-0658\", \"CVE-2012-0659\",\n \"CVE-2012-0660\", \"CVE-2011-1004\", \"CVE-2011-1005\", \"CVE-2011-4815\",\n \"CVE-2012-0870\", \"CVE-2012-1182\", \"CVE-2012-0662\", \"CVE-2012-0652\",\n \"CVE-2012-0649\", \"CVE-2012-0036\", \"CVE-2012-0642\", \"CVE-2011-3212\",\n \"CVE-2012-0656\", \"CVE-2011-4566\", \"CVE-2011-4885\", \"CVE-2012-0830\",\n \"CVE-2012-0661\", \"CVE-2012-0675\", \"CVE-2011-2895\", \"CVE-2011-3328\");\n script_bugtraq_id(49778, 49388, 53458, 48833, 48618, 46951, 47737, 53471,\n 53462, 48056, 49279, 49658, 51300, 53473, 53465, 53467,\n 53469, 46460, 46458, 51198, 52103, 52973, 53468, 53457,\n 53456, 51665, 52364, 50109, 53459, 50907, 51193, 51830,\n 53466, 53470, 49124, 49744);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-04 16:51:10 +0200 (Tue, 04 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-18 12:26:01 +0530 (Fri, 18 May 2012)\");\n script_name(\"Mac OS X Multiple Vulnerabilities (2012-002)\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT1222\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT5281\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce/2012/May/msg00001.html\");\n script_xref(name : \"URL\" , value : \"http://prod.lists.apple.com/archives/security-announce/2012/May/msg00001.html\");\n\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nosName = \"\";\nosVer = \"\";\n\n## Get the OS name\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName){\n exit (0);\n}\n\n## Get the OS Version\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer){\n exit(0);\n}\n\n## Check for the Mac OS X and Mac OS X Server\nif(\"Mac OS X\" >< osName || \"Mac OS X Server\" >< osName)\n{\n ## Check the affected OS versions\n if(version_is_equal(version:osVer, test_version:\"10.6.8\"))\n {\n ## Check for the security update 2012.002\n if(isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2012.002\"))\n {\n security_message(0);\n exit(0);\n }\n }\n\n ## Check if OS is 10.7 through 10.7.3\n if(version_in_range(version:osVer, test_version:\"10.7\", test_version2:\"10.7.3\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:33", "description": "This host is missing an important security update according to\n Mac OS X 10.6.8 Update/Mac OS X Security Update 2012-002.", "cvss3": {}, "published": "2012-05-18T00:00:00", "type": "openvas", "title": "Mac OS X Multiple Vulnerabilities (2012-002)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0649", "CVE-2011-0241", "CVE-2012-0642", "CVE-2012-0655", "CVE-2012-0654", "CVE-2012-0662", "CVE-2011-4885", "CVE-2011-3389", "CVE-2012-0830", "CVE-2011-3919", "CVE-2012-0661", "CVE-2011-1167", "CVE-2012-0658", "CVE-2011-3328", "CVE-2011-2834", "CVE-2011-1005", "CVE-2011-2692", "CVE-2012-0675", "CVE-2012-0660", "CVE-2011-4566", "CVE-2012-0659", "CVE-2012-0656", "CVE-2012-0652", "CVE-2012-0036", "CVE-2012-0651", "CVE-2012-1182", "CVE-2011-1778", "CVE-2011-2821", "CVE-2011-1944", "CVE-2011-1004", "CVE-2012-0657", "CVE-2012-0870", "CVE-2011-2895", "CVE-2011-3212", "CVE-2011-1777", "CVE-2011-4815"], "modified": "2019-03-19T00:00:00", "id": "OPENVAS:1361412562310802794", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802794", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_macosx_su12-002.nasl 14307 2019-03-19 10:09:27Z cfischer $\n#\n# Mac OS X Multiple Vulnerabilities (2012-002)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802794\");\n script_version(\"$Revision: 14307 $\");\n script_cve_id(\"CVE-2011-3389\", \"CVE-2012-0651\", \"CVE-2011-0241\", \"CVE-2011-2692\",\n \"CVE-2011-1167\", \"CVE-2011-1777\", \"CVE-2011-1778\", \"CVE-2012-0654\",\n \"CVE-2012-0655\", \"CVE-2011-1944\", \"CVE-2011-2821\", \"CVE-2011-2834\",\n \"CVE-2011-3919\", \"CVE-2012-0657\", \"CVE-2012-0658\", \"CVE-2012-0659\",\n \"CVE-2012-0660\", \"CVE-2011-1004\", \"CVE-2011-1005\", \"CVE-2011-4815\",\n \"CVE-2012-0870\", \"CVE-2012-1182\", \"CVE-2012-0662\", \"CVE-2012-0652\",\n \"CVE-2012-0649\", \"CVE-2012-0036\", \"CVE-2012-0642\", \"CVE-2011-3212\",\n \"CVE-2012-0656\", \"CVE-2011-4566\", \"CVE-2011-4885\", \"CVE-2012-0830\",\n \"CVE-2012-0661\", \"CVE-2012-0675\", \"CVE-2011-2895\", \"CVE-2011-3328\");\n script_bugtraq_id(49778, 49388, 53458, 48833, 48618, 46951, 47737, 53471,\n 53462, 48056, 49279, 49658, 51300, 53473, 53465, 53467,\n 53469, 46460, 46458, 51198, 52103, 52973, 53468, 53457,\n 53456, 51665, 52364, 50109, 53459, 50907, 51193, 51830,\n 53466, 53470, 49124, 49744);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 11:09:27 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-18 12:26:01 +0530 (Fri, 18 May 2012)\");\n script_name(\"Mac OS X Multiple Vulnerabilities (2012-002)\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT1222\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT5281\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/security-announce/2012/May/msg00001.html\");\n script_xref(name:\"URL\", value:\"http://prod.lists.apple.com/archives/security-announce/2012/May/msg00001.html\");\n\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.[67]\\.\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to execute arbitrary code in\n the context or cause a denial of service condition.\");\n script_tag(name:\"affected\", value:\"Login Window,\n Bluetooth,\n curl,\n Directory Service,\n HFS,\n ImageIO,\n Kernel,\n libarchive,\n libsecurity,\n libxml,\n LoginUIFramework,\n PHP,\n Quartz Composer,\n QuickTime,\n Ruby,\n Samba,\n Security Framework,\n Time Machine,\n X11.\");\n script_tag(name:\"insight\", value:\"Please see the references for more information on the vulnerabilities.\");\n script_tag(name:\"solution\", value:\"Upgrade to Mac OS X 10.7.4 or\n Run Mac Updates and update the Security Update 2012-002\");\n script_tag(name:\"summary\", value:\"This host is missing an important security update according to\n Mac OS X 10.6.8 Update/Mac OS X Security Update 2012-002.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer){\n exit(0);\n}\n\nif(\"Mac OS X\" >< osName || \"Mac OS X Server\" >< osName)\n{\n if(version_is_equal(version:osVer, test_version:\"10.6.8\"))\n {\n if(isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2012.002\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n\n if(version_in_range(version:osVer, test_version:\"10.7\", test_version2:\"10.7.3\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-05-18T14:22:35", "description": "This update fixes a 1-byte uninitialized memory reference in png_format_buffer(). It allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message. This is CVE-2011-2501.\n\nAlso fixed in this release are some other minor security problems and there's additionally a bugfix backported from 1.5.3: when expanding a paletted image, always expand to RGBA if transparency is present.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-07-25T00:00:00", "type": "nessus", "title": "Fedora 15 : libpng10-1.0.55-1.fc15 (2011-8844)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0421", "CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libpng10", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2011-8844.NASL", "href": "https://www.tenable.com/plugins/nessus/55654", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-8844.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55654);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2004-0421\", \"CVE-2011-2501\", \"CVE-2011-2690\", \"CVE-2011-2691\", \"CVE-2011-2692\");\n script_bugtraq_id(48474, 48618, 48660);\n script_xref(name:\"FEDORA\", value:\"2011-8844\");\n\n script_name(english:\"Fedora 15 : libpng10-1.0.55-1.fc15 (2011-8844)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a 1-byte uninitialized memory reference in\npng_format_buffer(). It allows attackers to cause a denial of service\n(crash) via a malformed PNG image file that triggers an error that\ncauses an out-of-bounds read when creating the error message. This is\nCVE-2011-2501.\n\nAlso fixed in this release are some other minor security problems and\nthere's additionally a bugfix backported from 1.5.3: when expanding a\npaletted image, always expand to RGBA if transparency is present.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=717084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=720607\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=720608\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=720612\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-July/062970.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?34f18a13\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng10 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libpng10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"libpng10-1.0.55-1.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng10\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:22", "description": "Update to libpng 1.2.46, includes fixes for CVE-2011-2501, CVE-2011-2690, CVE-2011-2691, CVE-2011-2692\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-08-01T00:00:00", "type": "nessus", "title": "Fedora 14 : libpng-1.2.46-1.fc14 (2011-9336)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0421", "CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libpng", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2011-9336.NASL", "href": "https://www.tenable.com/plugins/nessus/55738", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-9336.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55738);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2004-0421\", \"CVE-2011-2501\", \"CVE-2011-2690\", \"CVE-2011-2691\", \"CVE-2011-2692\");\n script_bugtraq_id(48474, 48618, 48660);\n script_xref(name:\"FEDORA\", value:\"2011-9336\");\n\n script_name(english:\"Fedora 14 : libpng-1.2.46-1.fc14 (2011-9336)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to libpng 1.2.46, includes fixes for CVE-2011-2501,\nCVE-2011-2690, CVE-2011-2691, CVE-2011-2692\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=717084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=720607\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=720608\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=720612\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?065f2de4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"libpng-1.2.46-1.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:29", "description": "This update fixes a 1-byte uninitialized memory reference in png_format_buffer(). It allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message. This is CVE-2011-2501.\n\nAlso fixed in this release are some other minor security problems and there's additionally a bugfix backported from 1.5.3: when expanding a paletted image, always expand to RGBA if transparency is present.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-07-25T00:00:00", "type": "nessus", "title": "Fedora 14 : libpng10-1.0.55-1.fc14 (2011-8867)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0421", "CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libpng10", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2011-8867.NASL", "href": "https://www.tenable.com/plugins/nessus/55655", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-8867.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55655);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2004-0421\", \"CVE-2011-2501\", \"CVE-2011-2690\", \"CVE-2011-2691\", \"CVE-2011-2692\");\n script_bugtraq_id(48474, 48618, 48660);\n script_xref(name:\"FEDORA\", value:\"2011-8867\");\n\n script_name(english:\"Fedora 14 : libpng10-1.0.55-1.fc14 (2011-8867)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a 1-byte uninitialized memory reference in\npng_format_buffer(). It allows attackers to cause a denial of service\n(crash) via a malformed PNG image file that triggers an error that\ncauses an out-of-bounds read when creating the error message. This is\nCVE-2011-2501.\n\nAlso fixed in this release are some other minor security problems and\nthere's additionally a bugfix backported from 1.5.3: when expanding a\npaletted image, always expand to RGBA if transparency is present.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=717084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=720607\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=720608\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=720612\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-July/062934.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?015f58ef\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng10 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libpng10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"libpng10-1.0.55-1.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng10\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:44", "description": "Multiple vulnerabilities has been discovered and corrected in libpng :\n\nThe png_format_buffer function in pngerror.c in libpng allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression (CVE-2011-2501).\n\nBuffer overflow in libpng, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image (CVE-2011-2690).\n\nThe png_err function in pngerror.c in libpng makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image (CVE-2011-2691). NOTE:\nThis does not affect the binary packages in Mandriva, but could affect users if PNG_NO_ERROR_TEXT is defined using the libpng-source-1.?.?? package.\n\nThe png_handle_sCAL function in pngrutil.c in libpng does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory (CVE-2011-2692).\n\nThe updated packages have been patched to correct these issues.", "cvss3": {}, "published": "2011-10-18T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : libpng (MDVSA-2011:151)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0421", "CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:mandriva:linux:2010.1", "p-cpe:/a:mandriva:linux:lib64png-devel", "p-cpe:/a:mandriva:linux:lib64png-static-devel", "p-cpe:/a:mandriva:linux:lib64png3", "p-cpe:/a:mandriva:linux:libpng-devel", "p-cpe:/a:mandriva:linux:libpng-source", "p-cpe:/a:mandriva:linux:libpng-static-devel", "p-cpe:/a:mandriva:linux:libpng3"], "id": "MANDRIVA_MDVSA-2011-151.NASL", "href": "https://www.tenable.com/plugins/nessus/56529", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:151. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56529);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-2501\", \"CVE-2011-2690\", \"CVE-2011-2691\", \"CVE-2011-2692\");\n script_bugtraq_id(48474, 48618, 48660);\n script_xref(name:\"MDVSA\", value:\"2011:151\");\n\n script_name(english:\"Mandriva Linux Security Advisory : libpng (MDVSA-2011:151)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been discovered and corrected in libpng :\n\nThe png_format_buffer function in pngerror.c in libpng allows remote\nattackers to cause a denial of service (application crash) via a\ncrafted PNG image that triggers an out-of-bounds read during the\ncopying of error-message data. NOTE: this vulnerability exists because\nof a CVE-2004-0421 regression (CVE-2011-2501).\n\nBuffer overflow in libpng, when used by an application that calls the\npng_rgb_to_gray function but not the png_set_expand function, allows\nremote attackers to overwrite memory with an arbitrary amount of data,\nand possibly have unspecified other impact, via a crafted PNG image\n(CVE-2011-2690).\n\nThe png_err function in pngerror.c in libpng makes a function call\nusing a NULL pointer argument instead of an empty-string argument,\nwhich allows remote attackers to cause a denial of service\n(application crash) via a crafted PNG image (CVE-2011-2691). NOTE:\nThis does not affect the binary packages in Mandriva, but could affect\nusers if PNG_NO_ERROR_TEXT is defined using the libpng-source-1.?.??\npackage.\n\nThe png_handle_sCAL function in pngrutil.c in libpng does not properly\nhandle invalid sCAL chunks, which allows remote attackers to cause a\ndenial of service (memory corruption and application crash) or\npossibly have unspecified other impact via a crafted PNG image that\ntriggers the reading of uninitialized memory (CVE-2011-2692).\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64png-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64png-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64png3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpng-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpng-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpng-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpng3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64png-devel-1.2.43-1.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64png-static-devel-1.2.43-1.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64png3-1.2.43-1.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libpng-devel-1.2.43-1.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"libpng-source-1.2.43-1.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libpng-static-devel-1.2.43-1.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libpng3-1.2.43-1.2mdv2010.2\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:20", "description": "Update to libpng 1.2.46, includes fixes for CVE-2011-2501, CVE-2011-2690, CVE-2011-2691, CVE-2011-2692\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-07-19T00:00:00", "type": "nessus", "title": "Fedora 15 : libpng-1.2.46-1.fc15 (2011-9343)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0421", "CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libpng", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2011-9343.NASL", "href": "https://www.tenable.com/plugins/nessus/55612", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-9343.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55612);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2004-0421\", \"CVE-2011-2501\", \"CVE-2011-2690\", \"CVE-2011-2691\", \"CVE-2011-2692\");\n script_bugtraq_id(48474, 48618, 48660);\n script_xref(name:\"FEDORA\", value:\"2011-9343\");\n\n script_name(english:\"Fedora 15 : libpng-1.2.46-1.fc15 (2011-9343)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to libpng 1.2.46, includes fixes for CVE-2011-2501,\nCVE-2011-2690, CVE-2011-2691, CVE-2011-2692\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=717084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=720607\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=720608\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=720612\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-July/062768.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7d48ea6b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"libpng-1.2.46-1.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:37", "description": "The PNG library libpng has been affected by several vulnerabilities.\nThe most critical one is the identified as CVE-2011-2690. Using this vulnerability, an attacker is able to overwrite memory with an arbitrary amount of data controlled by her via a crafted PNG image.\n\nThe other vulnerabilities are less critical and allow an attacker to cause a crash in the program (denial of service) via a crafted PNG image.", "cvss3": {}, "published": "2011-07-29T00:00:00", "type": "nessus", "title": "Debian DSA-2287-1 : libpng - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libpng", "cpe:/o:debian:debian_linux:5.0", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2287.NASL", "href": "https://www.tenable.com/plugins/nessus/55721", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2287. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55721);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-2501\", \"CVE-2011-2690\", \"CVE-2011-2691\", \"CVE-2011-2692\");\n script_bugtraq_id(48474, 48618, 48660);\n script_xref(name:\"DSA\", value:\"2287\");\n\n script_name(english:\"Debian DSA-2287-1 : libpng - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The PNG library libpng has been affected by several vulnerabilities.\nThe most critical one is the identified as CVE-2011-2690. Using this\nvulnerability, an attacker is able to overwrite memory with an\narbitrary amount of data controlled by her via a crafted PNG image.\n\nThe other vulnerabilities are less critical and allow an attacker to\ncause a crash in the program (denial of service) via a crafted PNG\nimage.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632786\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2690\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/libpng\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2287\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libpng packages.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.2.27-2+lenny5. Due to a technical limitation in the Debian\narchive processing scripts, the updated packages cannot be released in\nparallel with the packages for Squeeze. They will appear shortly.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.44-1+squeeze1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"libpng\", reference:\"1.2.27-2+lenny5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libpng12-0\", reference:\"1.2.44-1+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libpng12-0-udeb\", reference:\"1.2.44-1+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libpng12-dev\", reference:\"1.2.44-1+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libpng3\", reference:\"1.2.44-1+squeeze1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:30", "description": "Frank Busse discovered that libpng did not properly handle certain malformed PNG images. If a user or automated system were tricked into opening a crafted PNG file, an attacker could cause libpng to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS, 10.10, and 11.04. (CVE-2011-2501)\n\nIt was discovered that libpng did not properly handle certain malformed PNG images. If a user or automated system were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-2690)\n\nFrank Busse discovered that libpng did not properly handle certain PNG images with invalid sCAL chunks. If a user or automated system were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-2692).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-07-27T00:00:00", "type": "nessus", "title": "Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : libpng vulnerabilities (USN-1175-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2692"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libpng12-0", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts"], "id": "UBUNTU_USN-1175-1.NASL", "href": "https://www.tenable.com/plugins/nessus/55699", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1175-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55699);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-2501\", \"CVE-2011-2690\", \"CVE-2011-2692\");\n script_bugtraq_id(48474, 48618, 48660);\n script_xref(name:\"USN\", value:\"1175-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : libpng vulnerabilities (USN-1175-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Frank Busse discovered that libpng did not properly handle certain\nmalformed PNG images. If a user or automated system were tricked into\nopening a crafted PNG file, an attacker could cause libpng to crash,\nresulting in a denial of service. This issue only affected Ubuntu\n10.04 LTS, 10.10, and 11.04. (CVE-2011-2501)\n\nIt was discovered that libpng did not properly handle certain\nmalformed PNG images. If a user or automated system were tricked into\nopening a crafted PNG file, an attacker could cause a denial of\nservice or possibly execute arbitrary code with the privileges of the\nuser invoking the program. (CVE-2011-2690)\n\nFrank Busse discovered that libpng did not properly handle certain PNG\nimages with invalid sCAL chunks. If a user or automated system were\ntricked into opening a crafted PNG file, an attacker could cause a\ndenial of service or possibly execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2011-2692).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1175-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng12-0 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpng12-0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|10\\.04|10\\.10|11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 10.04 / 10.10 / 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libpng12-0\", pkgver:\"1.2.15~beta5-3ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libpng12-0\", pkgver:\"1.2.42-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libpng12-0\", pkgver:\"1.2.44-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libpng12-0\", pkgver:\"1.2.44-1ubuntu3.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng12-0\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:27", "description": "Updated libpng packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files.\n\nA buffer overflow flaw was found in the way libpng processed certain PNG image files. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-2690)\n\nNote: The application behavior required to exploit CVE-2011-2690 is rarely used. No application shipped with Red Hat Enterprise Linux behaves this way, for example.\n\nAn out-of-bounds memory read flaw was found in the way libpng processed certain PNG image files. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash. (CVE-2011-2501)\n\nAn uninitialized memory read issue was found in the way libpng processed certain PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash.\n(CVE-2011-2692)\n\nUsers of libpng should upgrade to these updated packages, which upgrade libpng to version 1.2.46 to correct these issues. All running applications using libpng must be restarted for the update to take effect.", "cvss3": {}, "published": "2011-07-29T00:00:00", "type": "nessus", "title": "RHEL 6 : libpng (RHSA-2011:1105)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2692"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:libpng", "p-cpe:/a:redhat:enterprise_linux:libpng-debuginfo", "p-cpe:/a:redhat:enterprise_linux:libpng-devel", "p-cpe:/a:redhat:enterprise_linux:libpng-static", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.1"], "id": "REDHAT-RHSA-2011-1105.NASL", "href": "https://www.tenable.com/plugins/nessus/55727", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1105. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55727);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2501\", \"CVE-2011-2690\", \"CVE-2011-2692\");\n script_bugtraq_id(48474, 48660);\n script_xref(name:\"RHSA\", value:\"2011:1105\");\n\n script_name(english:\"RHEL 6 : libpng (RHSA-2011:1105)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libpng packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe libpng packages contain a library of functions for creating and\nmanipulating PNG (Portable Network Graphics) image format files.\n\nA buffer overflow flaw was found in the way libpng processed certain\nPNG image files. An attacker could create a specially crafted PNG\nimage that, when opened, could cause an application using libpng to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2011-2690)\n\nNote: The application behavior required to exploit CVE-2011-2690 is\nrarely used. No application shipped with Red Hat Enterprise Linux\nbehaves this way, for example.\n\nAn out-of-bounds memory read flaw was found in the way libpng\nprocessed certain PNG image files. An attacker could create a\nspecially crafted PNG image that, when opened, could cause an\napplication using libpng to crash. (CVE-2011-2501)\n\nAn uninitialized memory read issue was found in the way libpng\nprocessed certain PNG images that use the Physical Scale (sCAL)\nextension. An attacker could create a specially crafted PNG image\nthat, when opened, could cause an application using libpng to crash.\n(CVE-2011-2692)\n\nUsers of libpng should upgrade to these updated packages, which\nupgrade libpng to version 1.2.46 to correct these issues. All running\napplications using libpng must be restarted for the update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2501\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2690\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1105\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpng-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpng-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpng-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1105\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"libpng-1.2.46-1.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libpng-debuginfo-1.2.46-1.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libpng-devel-1.2.46-1.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"libpng-static-1.2.46-1.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"libpng-static-1.2.46-1.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libpng-static-1.2.46-1.el6_1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng / libpng-debuginfo / libpng-devel / libpng-static\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:39:03", "description": "From Red Hat Security Advisory 2011:1105 :\n\nUpdated libpng packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files.\n\nA buffer overflow flaw was found in the way libpng processed certain PNG image files. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-2690)\n\nNote: The application behavior required to exploit CVE-2011-2690 is rarely used. No application shipped with Red Hat Enterprise Linux behaves this way, for example.\n\nAn out-of-bounds memory read flaw was found in the way libpng processed certain PNG image files. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash. (CVE-2011-2501)\n\nAn uninitialized memory read issue was found in the way libpng processed certain PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash.\n(CVE-2011-2692)\n\nUsers of libpng should upgrade to these updated packages, which upgrade libpng to version 1.2.46 to correct these issues. All running applications using libpng must be restarted for the update to take effect.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : libpng (ELSA-2011-1105)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2692"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:libpng", "p-cpe:/a:oracle:linux:libpng-devel", "p-cpe:/a:oracle:linux:libpng-static", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2011-1105.NASL", "href": "https://www.tenable.com/plugins/nessus/68318", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:1105 and \n# Oracle Linux Security Advisory ELSA-2011-1105 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68318);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2501\", \"CVE-2011-2690\", \"CVE-2011-2692\");\n script_bugtraq_id(48474, 48660);\n script_xref(name:\"RHSA\", value:\"2011:1105\");\n\n script_name(english:\"Oracle Linux 6 : libpng (ELSA-2011-1105)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:1105 :\n\nUpdated libpng packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe libpng packages contain a library of functions for creating and\nmanipulating PNG (Portable Network Graphics) image format files.\n\nA buffer overflow flaw was found in the way libpng processed certain\nPNG image files. An attacker could create a specially crafted PNG\nimage that, when opened, could cause an application using libpng to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2011-2690)\n\nNote: The application behavior required to exploit CVE-2011-2690 is\nrarely used. No application shipped with Red Hat Enterprise Linux\nbehaves this way, for example.\n\nAn out-of-bounds memory read flaw was found in the way libpng\nprocessed certain PNG image files. An attacker could create a\nspecially crafted PNG image that, when opened, could cause an\napplication using libpng to crash. (CVE-2011-2501)\n\nAn uninitialized memory read issue was found in the way libpng\nprocessed certain PNG images that use the Physical Scale (sCAL)\nextension. An attacker could create a specially crafted PNG image\nthat, when opened, could cause an application using libpng to crash.\n(CVE-2011-2692)\n\nUsers of libpng should upgrade to these updated packages, which\nupgrade libpng to version 1.2.46 to correct these issues. All running\napplications using libpng must be restarted for the update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-July/002249.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpng-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpng-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"libpng-1.2.46-1.el6_1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libpng-devel-1.2.46-1.el6_1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libpng-static-1.2.46-1.el6_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng / libpng-devel / libpng-static\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:50", "description": "The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files.\n\nA buffer overflow flaw was found in the way libpng processed certain PNG image files. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-2690)\n\nNote: The application behavior required to exploit CVE-2011-2690 is rarely used. No application shipped with Scientific Linux behaves this way, for example.\n\nAn out-of-bounds memory read flaw was found in the way libpng processed certain PNG image files. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash. (CVE-2011-2501)\n\nAn uninitialized memory read issue was found in the way libpng processed certain PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash.\n(CVE-2011-2692)\n\nUsers of libpng should upgrade to these updated packages, which upgrade libpng to version 1.2.46 to correct these issues. All running applications using libpng must be restarted for the update to take effect.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : libpng on SL6.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2692"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110728_LIBPNG_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61101", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61101);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2501\", \"CVE-2011-2690\", \"CVE-2011-2692\");\n\n script_name(english:\"Scientific Linux Security Update : libpng on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The libpng packages contain a library of functions for creating and\nmanipulating PNG (Portable Network Graphics) image format files.\n\nA buffer overflow flaw was found in the way libpng processed certain\nPNG image files. An attacker could create a specially crafted PNG\nimage that, when opened, could cause an application using libpng to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2011-2690)\n\nNote: The application behavior required to exploit CVE-2011-2690 is\nrarely used. No application shipped with Scientific Linux behaves this\nway, for example.\n\nAn out-of-bounds memory read flaw was found in the way libpng\nprocessed certain PNG image files. An attacker could create a\nspecially crafted PNG image that, when opened, could cause an\napplication using libpng to crash. (CVE-2011-2501)\n\nAn uninitialized memory read issue was found in the way libpng\nprocessed certain PNG images that use the Physical Scale (sCAL)\nextension. An attacker could create a specially crafted PNG image\nthat, when opened, could cause an application using libpng to crash.\n(CVE-2011-2692)\n\nUsers of libpng should upgrade to these updated packages, which\nupgrade libpng to version 1.2.46 to correct these issues. All running\napplications using libpng must be restarted for the update to take\neffect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1107&L=scientific-linux-errata&T=0&P=2690\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d2a3d1a7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"libpng-1.2.46-1.el6_1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libpng-debuginfo-1.2.46-1.el6_1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libpng-devel-1.2.46-1.el6_1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libpng-static-1.2.46-1.el6_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:50", "description": "This update of libpng12-0 fixes :\n\n - CVE-2008-6218: CVSS v2 Base Score: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C): Resource Management Errors (CWE-399)\n\n - unknown (unknown). (CVE-2009-5063: CVSS v2 Base Score:\n 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P))\n\n - CVE-2011-2501: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P): Design Error (CWE-DesignError)\n\n - CVE-2011-2690: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119)\n\n - CVE-2011-2691: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Other (CWE-Other)\n\n - CVE-2011-2692: CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)", "cvss3": {}, "published": "2011-08-18T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : libpng (SAT Patch Number 4948)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-6218", "CVE-2009-5063", "CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:libpng-devel", "p-cpe:/a:novell:suse_linux:11:libpng12-0", "p-cpe:/a:novell:suse_linux:11:libpng12-0-32bit", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_LIBPNG-DEVEL-110802.NASL", "href": "https://www.tenable.com/plugins/nessus/55896", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55896);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2008-6218\", \"CVE-2009-5063\", \"CVE-2011-2501\", \"CVE-2011-2690\", \"CVE-2011-2691\", \"CVE-2011-2692\");\n\n script_name(english:\"SuSE 11.1 Security Update : libpng (SAT Patch Number 4948)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of libpng12-0 fixes :\n\n - CVE-2008-6218: CVSS v2 Base Score: 7.1\n (AV:N/AC:M/Au:N/C:N/I:N/A:C): Resource Management Errors\n (CWE-399)\n\n - unknown (unknown). (CVE-2009-5063: CVSS v2 Base Score:\n 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P))\n\n - CVE-2011-2501: CVSS v2 Base Score: 5.0\n (AV:N/AC:L/Au:N/C:N/I:N/A:P): Design Error\n (CWE-DesignError)\n\n - CVE-2011-2690: CVSS v2 Base Score: 5.1\n (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119)\n\n - CVE-2011-2691: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:N/A:P): Other (CWE-Other)\n\n - CVE-2011-2692: CVSS v2 Base Score: 5.0\n (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=475533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=680146\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=702578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=706387\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=706388\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=706389\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-6218.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-5063.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2501.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2690.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2691.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2692.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 4948.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libpng-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libpng12-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libpng12-0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libpng-devel-1.2.31-5.25.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libpng12-0-1.2.31-5.25.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libpng-devel-1.2.31-5.25.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libpng12-0-1.2.31-5.25.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libpng12-0-32bit-1.2.31-5.25.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libpng12-0-1.2.31-5.25.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"libpng12-0-32bit-1.2.31-5.25.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"libpng12-0-32bit-1.2.31-5.25.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:21:48", "description": "This update of libpng12-0 fixes :\n\n - CVE-2011-2501: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P): Design Error (CWE-DesignError)\n\n - CVE-2011-2690: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119)\n\n - CVE-2011-2691: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Other (CWE-Other)\n\n - CVE-2011-2692: CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libpng12 (libpng12-4947)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-6218", "CVE-2009-5063", "CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libpng12-devel-32bit", "cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:libpng12-0", "p-cpe:/a:novell:opensuse:libpng12-0-32bit", "p-cpe:/a:novell:opensuse:libpng12-0-debuginfo", "p-cpe:/a:novell:opensuse:libpng12-0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libpng12-compat-devel", "p-cpe:/a:novell:opensuse:libpng12-compat-devel-32bit", "p-cpe:/a:novell:opensuse:libpng12-debugsource", "p-cpe:/a:novell:opensuse:libpng12-devel"], "id": "SUSE_11_4_LIBPNG12-110802.NASL", "href": "https://www.tenable.com/plugins/nessus/75911", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libpng12-4947.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75911);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-6218\", \"CVE-2009-5063\", \"CVE-2011-2501\", \"CVE-2011-2690\", \"CVE-2011-2691\", \"CVE-2011-2692\");\n\n script_name(english:\"openSUSE Security Update : libpng12 (libpng12-4947)\");\n script_summary(english:\"Check for the libpng12-4947 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of libpng12-0 fixes :\n\n - CVE-2011-2501: CVSS v2 Base Score: 5.0\n (AV:N/AC:L/Au:N/C:N/I:N/A:P): Design Error\n (CWE-DesignError)\n\n - CVE-2011-2690: CVSS v2 Base Score: 5.1\n (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119)\n\n - CVE-2011-2691: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:N/A:P): Other (CWE-Other)\n\n - CVE-2011-2692: CVSS v2 Base Score: 5.0\n (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=702578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=706387\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=706388\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=706389\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng12 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-compat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-compat-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libpng12-0-1.2.46-7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libpng12-0-debuginfo-1.2.46-7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libpng12-compat-devel-1.2.46-7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libpng12-debugsource-1.2.46-7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libpng12-devel-1.2.46-7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libpng12-0-32bit-1.2.46-7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libpng12-0-debuginfo-32bit-1.2.46-7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libpng12-compat-devel-32bit-1.2.46-7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libpng12-devel-32bit-1.2.46-7.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng12-0\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:17", "description": "This update of libpng14-14 fixes :\n\n - CVE-2011-2501: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P): Design Error (CWE-DesignError)\n\n - CVE-2011-2690: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119)\n\n - CVE-2011-2691: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Other (CWE-Other)\n\n - CVE-2011-2692: CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libpng14 (libpng14-4949)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-6218", "CVE-2009-5063", "CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libpng14-14", "p-cpe:/a:novell:opensuse:libpng14-14-32bit", "p-cpe:/a:novell:opensuse:libpng14-compat-devel", "p-cpe:/a:novell:opensuse:libpng14-devel", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_LIBPNG14-110802.NASL", "href": "https://www.tenable.com/plugins/nessus/75604", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libpng14-4949.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75604);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-6218\", \"CVE-2009-5063\", \"CVE-2011-2501\", \"CVE-2011-2690\", \"CVE-2011-2691\", \"CVE-2011-2692\");\n\n script_name(english:\"openSUSE Security Update : libpng14 (libpng14-4949)\");\n script_summary(english:\"Check for the libpng14-4949 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of libpng14-14 fixes :\n\n - CVE-2011-2501: CVSS v2 Base Score: 5.0\n (AV:N/AC:L/Au:N/C:N/I:N/A:P): Design Error\n (CWE-DesignError)\n\n - CVE-2011-2690: CVSS v2 Base Score: 5.1\n (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119)\n\n - CVE-2011-2691: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:N/A:P): Other (CWE-Other)\n\n - CVE-2011-2692: CVSS v2 Base Score: 5.0\n (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=702578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=706387\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=706388\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=706389\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng14 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng14-14\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng14-14-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng14-compat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng14-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libpng14-14-1.4.3-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libpng14-compat-devel-1.4.3-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libpng14-devel-1.4.3-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libpng14-14-32bit-1.4.3-3.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng14-14\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:01", "description": "This update of libpng14-14 fixes :\n\n - CVE-2011-2501: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P): Design Error (CWE-DesignError)\n\n - CVE-2011-2690: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119)\n\n - CVE-2011-2691: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Other (CWE-Other)\n\n - CVE-2011-2692: CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libpng14 (libpng14-4949)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-6218", "CVE-2009-5063", "CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libpng14-14", "p-cpe:/a:novell:opensuse:libpng14-14-32bit", "p-cpe:/a:novell:opensuse:libpng14-14-debuginfo", "p-cpe:/a:novell:opensuse:libpng14-14-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libpng14-compat-devel", "p-cpe:/a:novell:opensuse:libpng14-compat-devel-32bit", "p-cpe:/a:novell:opensuse:libpng14-debugsource", "p-cpe:/a:novell:opensuse:libpng14-devel", "p-cpe:/a:novell:opensuse:libpng14-devel-32bit", "cpe:/o:novell:opensuse:11.4"], "id": "SUSE_11_4_LIBPNG14-110802.NASL", "href": "https://www.tenable.com/plugins/nessus/75913", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libpng14-4949.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75913);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-6218\", \"CVE-2009-5063\", \"CVE-2011-2501\", \"CVE-2011-2690\", \"CVE-2011-2691\", \"CVE-2011-2692\");\n\n script_name(english:\"openSUSE Security Update : libpng14 (libpng14-4949)\");\n script_summary(english:\"Check for the libpng14-4949 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of libpng14-14 fixes :\n\n - CVE-2011-2501: CVSS v2 Base Score: 5.0\n (AV:N/AC:L/Au:N/C:N/I:N/A:P): Design Error\n (CWE-DesignError)\n\n - CVE-2011-2690: CVSS v2 Base Score: 5.1\n (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119)\n\n - CVE-2011-2691: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:N/A:P): Other (CWE-Other)\n\n - CVE-2011-2692: CVSS v2 Base Score: 5.0\n (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=702578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=706387\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=706388\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=706389\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng14 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng14-14\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng14-14-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng14-14-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng14-14-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng14-compat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng14-compat-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng14-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng14-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng14-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libpng14-14-1.4.4-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libpng14-14-debuginfo-1.4.4-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libpng14-compat-devel-1.4.4-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libpng14-debugsource-1.4.4-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libpng14-devel-1.4.4-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libpng14-14-32bit-1.4.4-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libpng14-14-debuginfo-32bit-1.4.4-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libpng14-compat-devel-32bit-1.4.4-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libpng14-devel-32bit-1.4.4-3.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng14-14\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:50", "description": "This update of libpng fixes :\n\n - CVE-2008-6218: CVSS v2 Base Score: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C): Resource Management Errors (CWE-399)\n\n - CVE-2011-2690: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119)\n\n - CVE-2011-2692: CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)", "cvss3": {}, "published": "2011-08-18T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : libpng (ZYPP Patch Number 7669)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-6218", "CVE-2009-5063", "CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_LIBPNG-7669.NASL", "href": "https://www.tenable.com/plugins/nessus/55897", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55897);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2008-6218\", \"CVE-2009-5063\", \"CVE-2011-2501\", \"CVE-2011-2690\", \"CVE-2011-2691\", \"CVE-2011-2692\");\n\n script_name(english:\"SuSE 10 Security Update : libpng (ZYPP Patch Number 7669)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of libpng fixes :\n\n - CVE-2008-6218: CVSS v2 Base Score: 7.1\n (AV:N/AC:M/Au:N/C:N/I:N/A:C): Resource Management Errors\n (CWE-399)\n\n - CVE-2011-2690: CVSS v2 Base Score: 5.1\n (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119)\n\n - CVE-2011-2692: CVSS v2 Base Score: 5.0\n (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-6218.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-5063.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2501.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2690.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2691.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2692.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7669.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/02/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"libpng-1.2.8-19.31.9\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"libpng-devel-1.2.8-19.31.9\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"libpng-32bit-1.2.8-19.31.9\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"libpng-devel-32bit-1.2.8-19.31.9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:21:53", "description": "This update of libpng12-0 fixes :\n\n - CVE-2011-2501: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P): Design Error (CWE-DesignError)\n\n - CVE-2011-2690: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119)\n\n - CVE-2011-2691: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Other (CWE-Other)\n\n - CVE-2011-2692: CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libpng12 (libpng12-4947)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-6218", "CVE-2009-5063", "CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libpng12-0", "p-cpe:/a:novell:opensuse:libpng12-0-32bit", "p-cpe:/a:novell:opensuse:libpng12-compat-devel", "p-cpe:/a:novell:opensuse:libpng12-devel", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_LIBPNG12-110802.NASL", "href": "https://www.tenable.com/plugins/nessus/75603", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libpng12-4947.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75603);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-6218\", \"CVE-2009-5063\", \"CVE-2011-2501\", \"CVE-2011-2690\", \"CVE-2011-2691\", \"CVE-2011-2692\");\n\n script_name(english:\"openSUSE Security Update : libpng12 (libpng12-4947)\");\n script_summary(english:\"Check for the libpng12-4947 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of libpng12-0 fixes :\n\n - CVE-2011-2501: CVSS v2 Base Score: 5.0\n (AV:N/AC:L/Au:N/C:N/I:N/A:P): Design Error\n (CWE-DesignError)\n\n - CVE-2011-2690: CVSS v2 Base Score: 5.1\n (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119)\n\n - CVE-2011-2691: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:N/A:P): Other (CWE-Other)\n\n - CVE-2011-2692: CVSS v2 Base Score: 5.0\n (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=702578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=706387\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=706388\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=706389\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng12 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-compat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpng12-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libpng12-0-1.2.46-7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libpng12-compat-devel-1.2.46-7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libpng12-devel-1.2.46-7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libpng12-0-32bit-1.2.46-7.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng12-0\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:27", "description": "This update of libpng fixes :\n\n - CVE-2008-6218: CVSS v2 Base Score: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C): Resource Management Errors (CWE-399)\n\n - CVE-2011-2690: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119)\n\n - CVE-2011-2692: CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)", "cvss3": {}, "published": "2011-12-13T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : libpng (ZYPP Patch Number 7670)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-6218", "CVE-2009-5063", "CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_LIBPNG-7670.NASL", "href": "https://www.tenable.com/plugins/nessus/57218", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57218);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2008-6218\", \"CVE-2009-5063\", \"CVE-2011-2501\", \"CVE-2011-2690\", \"CVE-2011-2691\", \"CVE-2011-2692\");\n\n script_name(english:\"SuSE 10 Security Update : libpng (ZYPP Patch Number 7670)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of libpng fixes :\n\n - CVE-2008-6218: CVSS v2 Base Score: 7.1\n (AV:N/AC:M/Au:N/C:N/I:N/A:C): Resource Management Errors\n (CWE-399)\n\n - CVE-2011-2690: CVSS v2 Base Score: 5.1\n (AV:N/AC:H/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119)\n\n - CVE-2011-2692: CVSS v2 Base Score: 5.0\n (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-6218.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-5063.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2501.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2690.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2691.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2692.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7670.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/02/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libpng-1.2.8-19.31.9\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libpng-devel-1.2.8-19.31.9\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"libpng-32bit-1.2.8-19.31.9\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"libpng-devel-32bit-1.2.8-19.31.9\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"libpng-1.2.8-19.31.9\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"libpng-devel-1.2.8-19.31.9\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"libpng-32bit-1.2.8-19.31.9\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"libpng-devel-32bit-1.2.8-19.31.9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:43", "description": "This update of libpng fixes :\n\n - CVSS v2 Base Score: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C):\n Resource Management Errors (CWE-399). (CVE-2008-6218)\n\n - CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119). (CVE-2011-2690)\n\n - CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P):\n Buffer Errors (CWE-119). (CVE-2011-2692)", "cvss3": {}, "published": "2011-08-18T00:00:00", "type": "nessus", "title": "SuSE9 Security Update : libpng (YOU Patch Number 12815)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-6218", "CVE-2009-5063", "CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12815.NASL", "href": "https://www.tenable.com/plugins/nessus/55895", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55895);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-6218\", \"CVE-2009-5063\", \"CVE-2011-2501\", \"CVE-2011-2690\", \"CVE-2011-2691\", \"CVE-2011-2692\");\n\n script_name(english:\"SuSE9 Security Update : libpng (YOU Patch Number 12815)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of libpng fixes :\n\n - CVSS v2 Base Score: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C):\n Resource Management Errors (CWE-399). (CVE-2008-6218)\n\n - CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119). (CVE-2011-2690)\n\n - CVSS v2 Base Score: 5.0 (AV:N/AC:M/Au:N/C:N/I:N/A:P):\n Buffer Errors (CWE-119). (CVE-2011-2692)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-6218.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-5063.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2501.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2690.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2691.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2692.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12815.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"libpng-1.2.5-182.32\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"libpng-devel-1.2.5-182.32\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"libpng-32bit-9-201108021634\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:28", "description": "Fix for CVE-2011-2501.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-07-18T00:00:00", "type": "nessus", "title": "Fedora 14 : mingw32-libpng-1.4.3-2.fc14 (2011-8868)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0421", "CVE-2011-2501"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw32-libpng", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2011-8868.NASL", "href": "https://www.tenable.com/plugins/nessus/55599", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-8868.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55599);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2004-0421\", \"CVE-2011-2501\");\n script_bugtraq_id(48474);\n script_xref(name:\"FEDORA\", value:\"2011-8868\");\n\n script_name(english:\"Fedora 14 : mingw32-libpng-1.4.3-2.fc14 (2011-8868)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for CVE-2011-2501.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=717510\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-July/062720.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0a6b22a6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw32-libpng package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw32-libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"mingw32-libpng-1.4.3-2.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw32-libpng\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:24", "description": "Fix for CVE-2011-2501.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-07-18T00:00:00", "type": "nessus", "title": "Fedora 15 : mingw32-libpng-1.4.3-3.fc15 (2011-8874)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0421", "CVE-2011-2501"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw32-libpng", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2011-8874.NASL", "href": "https://www.tenable.com/plugins/nessus/55600", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-8874.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55600);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2004-0421\", \"CVE-2011-2501\");\n script_bugtraq_id(48474);\n script_xref(name:\"FEDORA\", value:\"2011-8874\");\n\n script_name(english:\"Fedora 15 : mingw32-libpng-1.4.3-3.fc15 (2011-8874)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for CVE-2011-2501.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=717510\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-July/062734.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4c0d8ff7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw32-libpng package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw32-libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"mingw32-libpng-1.4.3-3.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw32-libpng\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:59", "description": "Update to MinGW cross compiled libpng 1.4.8, includes fixes for CVE-2011-2690 and CVE-2011-2692.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-08-29T00:00:00", "type": "nessus", "title": "Fedora 15 : mingw32-libpng-1.4.8-1.fc15 (2011-10928)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2690", "CVE-2011-2692"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw32-libpng", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2011-10928.NASL", "href": "https://www.tenable.com/plugins/nessus/55987", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-10928.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55987);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-2690\", \"CVE-2011-2692\");\n script_bugtraq_id(48618, 48660);\n script_xref(name:\"FEDORA\", value:\"2011-10928\");\n\n script_name(english:\"Fedora 15 : mingw32-libpng-1.4.8-1.fc15 (2011-10928)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to MinGW cross compiled libpng 1.4.8, includes fixes for\nCVE-2011-2690 and CVE-2011-2692.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=720607\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=720612\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-August/064528.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?175ee46d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw32-libpng package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw32-libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"mingw32-libpng-1.4.8-1.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw32-libpng\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:21", "description": "Updated libpng packages that fix two security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files.\n\nA buffer overflow flaw was found in the way libpng processed certain PNG image files. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-2690)\n\nNote: The application behavior required to exploit CVE-2011-2690 is rarely used. No application shipped with Red Hat Enterprise Linux behaves this way, for example.\n\nAn uninitialized memory read issue was found in the way libpng processed certain PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash.\n(CVE-2011-2692)\n\nUsers of libpng should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using libpng must be restarted for the update to take effect.", "cvss3": {}, "published": "2011-07-29T00:00:00", "type": "nessus", "title": "RHEL 5 : libpng (RHSA-2011:1104)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2690", "CVE-2011-2692"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:libpng", "p-cpe:/a:redhat:enterprise_linux:libpng-devel", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2011-1104.NASL", "href": "https://www.tenable.com/plugins/nessus/55726", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1104. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55726);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2690\", \"CVE-2011-2692\");\n script_bugtraq_id(48660);\n script_xref(name:\"RHSA\", value:\"2011:1104\");\n\n script_name(english:\"RHEL 5 : libpng (RHSA-2011:1104)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libpng packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe libpng packages contain a library of functions for creating and\nmanipulating PNG (Portable Network Graphics) image format files.\n\nA buffer overflow flaw was found in the way libpng processed certain\nPNG image files. An attacker could create a specially crafted PNG\nimage that, when opened, could cause an application using libpng to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2011-2690)\n\nNote: The application behavior required to exploit CVE-2011-2690 is\nrarely used. No application shipped with Red Hat Enterprise Linux\nbehaves this way, for example.\n\nAn uninitialized memory read issue was found in the way libpng\nprocessed certain PNG images that use the Physical Scale (sCAL)\nextension. An attacker could create a specially crafted PNG image\nthat, when opened, could cause an application using libpng to crash.\n(CVE-2011-2692)\n\nUsers of libpng should upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running\napplications using libpng must be restarted for the update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2690\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1104\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng and / or libpng-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpng-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1104\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"libpng-1.2.10-7.1.el5_7.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"libpng-devel-1.2.10-7.1.el5_7.5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng / libpng-devel\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:39:19", "description": "From Red Hat Security Advisory 2011:1104 :\n\nUpdated libpng packages that fix two security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files.\n\nA buffer overflow flaw was found in the way libpng processed certain PNG image files. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-2690)\n\nNote: The application behavior required to exploit CVE-2011-2690 is rarely used. No application shipped with Red Hat Enterprise Linux behaves this way, for example.\n\nAn uninitialized memory read issue was found in the way libpng processed certain PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash.\n(CVE-2011-2692)\n\nUsers of libpng should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using libpng must be restarted for the update to take effect.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : libpng (ELSA-2011-1104)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2690", "CVE-2011-2692"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:libpng", "p-cpe:/a:oracle:linux:libpng-devel", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2011-1104.NASL", "href": "https://www.tenable.com/plugins/nessus/68317", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:1104 and \n# Oracle Linux Security Advisory ELSA-2011-1104 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68317);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2690\", \"CVE-2011-2692\");\n script_bugtraq_id(48660);\n script_xref(name:\"RHSA\", value:\"2011:1104\");\n\n script_name(english:\"Oracle Linux 5 : libpng (ELSA-2011-1104)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:1104 :\n\nUpdated libpng packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe libpng packages contain a library of functions for creating and\nmanipulating PNG (Portable Network Graphics) image format files.\n\nA buffer overflow flaw was found in the way libpng processed certain\nPNG image files. An attacker could create a specially crafted PNG\nimage that, when opened, could cause an application using libpng to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2011-2690)\n\nNote: The application behavior required to exploit CVE-2011-2690 is\nrarely used. No application shipped with Red Hat Enterprise Linux\nbehaves this way, for example.\n\nAn uninitialized memory read issue was found in the way libpng\nprocessed certain PNG images that use the Physical Scale (sCAL)\nextension. An attacker could create a specially crafted PNG image\nthat, when opened, could cause an application using libpng to crash.\n(CVE-2011-2692)\n\nUsers of libpng should upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running\napplications using libpng must be restarted for the update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-August/002256.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpng-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"libpng-1.2.10-7.1.el5_7.5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"libpng-devel-1.2.10-7.1.el5_7.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng / libpng-devel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:14", "description": "Updated libpng packages that fix two security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files.\n\nA buffer overflow flaw was found in the way libpng processed certain PNG image files. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-2690)\n\nNote: The application behavior required to exploit CVE-2011-2690 is rarely used. No application shipped with Red Hat Enterprise Linux behaves this way, for example.\n\nAn uninitialized memory read issue was found in the way libpng processed certain PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash.\n(CVE-2011-2692)\n\nUsers of libpng should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using libpng must be restarted for the update to take effect.", "cvss3": {}, "published": "2011-09-23T00:00:00", "type": "nessus", "title": "CentOS 5 : libpng (CESA-2011:1104)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2690", "CVE-2011-2692"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:libpng", "p-cpe:/a:centos:centos:libpng-devel", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2011-1104.NASL", "href": "https://www.tenable.com/plugins/nessus/56268", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1104 and \n# CentOS Errata and Security Advisory 2011:1104 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56268);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-2690\", \"CVE-2011-2692\");\n script_bugtraq_id(48660);\n script_xref(name:\"RHSA\", value:\"2011:1104\");\n\n script_name(english:\"CentOS 5 : libpng (CESA-2011:1104)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libpng packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe libpng packages contain a library of functions for creating and\nmanipulating PNG (Portable Network Graphics) image format files.\n\nA buffer overflow flaw was found in the way libpng processed certain\nPNG image files. An attacker could create a specially crafted PNG\nimage that, when opened, could cause an application using libpng to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2011-2690)\n\nNote: The application behavior required to exploit CVE-2011-2690 is\nrarely used. No application shipped with Red Hat Enterprise Linux\nbehaves this way, for example.\n\nAn uninitialized memory read issue was found in the way libpng\nprocessed certain PNG images that use the Physical Scale (sCAL)\nextension. An attacker could create a specially crafted PNG image\nthat, when opened, could cause an application using libpng to crash.\n(CVE-2011-2692)\n\nUsers of libpng should upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running\napplications using libpng must be restarted for the update to take\neffect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-September/017876.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7c60d873\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-September/017877.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?27a3bff0\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2011-September/000240.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?db3de6b6\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2011-September/000241.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4dbacfe5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpng-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"libpng-1.2.10-7.1.el5_7.5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libpng-devel-1.2.10-7.1.el5_7.5\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng / libpng-devel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:50", "description": "The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files.\n\nA buffer overflow flaw was found in the way libpng processed certain PNG image files. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-2690)\n\nNote: The application behavior required to exploit CVE-2011-2690 is rarely used. No application shipped with Scientific Linux behaves this way, for example.\n\nAn uninitialized memory read issue was found in the way libpng processed certain PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash.\n(CVE-2011-2692)\n\nUsers of libpng should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using libpng must be restarted for the update to take effect.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : libpng on SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2690", "CVE-2011-2692"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110728_LIBPNG_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61100", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61100);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2690\", \"CVE-2011-2692\");\n\n script_name(english:\"Scientific Linux Security Update : libpng on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The libpng packages contain a library of functions for creating and\nmanipulating PNG (Portable Network Graphics) image format files.\n\nA buffer overflow flaw was found in the way libpng processed certain\nPNG image files. An attacker could create a specially crafted PNG\nimage that, when opened, could cause an application using libpng to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2011-2690)\n\nNote: The application behavior required to exploit CVE-2011-2690 is\nrarely used. No application shipped with Scientific Linux behaves this\nway, for example.\n\nAn uninitialized memory read issue was found in the way libpng\nprocessed certain PNG images that use the Physical Scale (sCAL)\nextension. An attacker could create a specially crafted PNG image\nthat, when opened, could cause an application using libpng to crash.\n(CVE-2011-2692)\n\nUsers of libpng should upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running\napplications using libpng must be restarted for the update to take\neffect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1108&L=scientific-linux-errata&T=0&P=428\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8b156d1f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng and / or libpng-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"libpng-1.2.10-7.1.el5_7.5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libpng-devel-1.2.10-7.1.el5_7.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:48", "description": "Update to MinGW cross compiled libpng 1.4.8, includes fixes for CVE-2011-2690 and CVE-2011-2692.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-08-29T00:00:00", "type": "nessus", "title": "Fedora 14 : mingw32-libpng-1.4.8-1.fc14 (2011-10954)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2690", "CVE-2011-2692"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw32-libpng", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2011-10954.NASL", "href": "https://www.tenable.com/plugins/nessus/55989", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-10954.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55989);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-2690\", \"CVE-2011-2692\");\n script_bugtraq_id(48618, 48660);\n script_xref(name:\"FEDORA\", value:\"2011-10954\");\n\n script_name(english:\"Fedora 14 : mingw32-libpng-1.4.8-1.fc14 (2011-10954)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to MinGW cross compiled libpng 1.4.8, includes fixes for\nCVE-2011-2690 and CVE-2011-2692.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=720607\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=720612\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-August/064547.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e141cab2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw32-libpng package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw32-libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"mingw32-libpng-1.4.8-1.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw32-libpng\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-08-19T12:22:29", "description": "According to the versions of the libpng package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.(CVE-2011-3048)\n\n - The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.(CVE-2011-2692)\n\n - It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. However, the exact impact is dependent on the application using the library.(CVE-2015-8472)\n\n - The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image.(CVE-2011-2691)\n\n - Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.(CVE-2015-8540)\n\n - Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.(CVE-2011-3026)\n\n - An array-indexing error was discovered in the png_convert_to_rfc1123() function of libpng. An attacker could possibly use this flaw to cause an out-of-bounds read by tricking an unsuspecting user into processing a specially crafted PNG image.(CVE-2015-7981)\n\n - Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image.(CVE-2011-2690)\n\n - The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources.(CVE-2011-2501)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-14T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.1.0 : libpng (EulerOS-SA-2019-1421)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692", "CVE-2011-3026", "CVE-2011-3048", "CVE-2015-7981", "CVE-2015-8472", "CVE-2015-8540"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libpng", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1421.NASL", "href": "https://www.tenable.com/plugins/nessus/124924", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124924);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2011-2501\",\n \"CVE-2011-2690\",\n \"CVE-2011-2691\",\n \"CVE-2011-2692\",\n \"CVE-2011-3026\",\n \"CVE-2011-3048\",\n \"CVE-2015-7981\",\n \"CVE-2015-8472\",\n \"CVE-2015-8540\"\n );\n script_bugtraq_id(\n 48474,\n 48618,\n 48660,\n 52031,\n 52049,\n 52830\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : libpng (EulerOS-SA-2019-1421)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libpng package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - The png_set_text_2 function in pngset.c in libpng 1.0.x\n before 1.0.59, 1.2.x before 1.2.49, 1.4.x before\n 1.4.11, and 1.5.x before 1.5.10 allows remote attackers\n to cause a denial of service (crash) or execute\n arbitrary code via a crafted text chunk in a PNG image\n file, which triggers a memory allocation failure that\n is not properly handled, leading to a heap-based buffer\n overflow.(CVE-2011-3048)\n\n - The png_handle_sCAL function in pngrutil.c in libpng\n 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before\n 1.4.8, and 1.5.x before 1.5.4 does not properly handle\n invalid sCAL chunks, which allows remote attackers to\n cause a denial of service (memory corruption and\n application crash) or possibly have unspecified other\n impact via a crafted PNG image that triggers the\n reading of uninitialized memory.(CVE-2011-2692)\n\n - It was discovered that the png_get_PLTE() and\n png_set_PLTE() functions of libpng did not correctly\n calculate the maximum palette sizes for bit depths of\n less than 8. In case an application tried to use these\n functions in combination with properly calculated\n palette sizes, this could lead to a buffer overflow or\n out-of-bounds reads. An attacker could exploit this to\n cause a crash or potentially execute arbitrary code by\n tricking an unsuspecting user into processing a\n specially crafted PNG image. However, the exact impact\n is dependent on the application using the\n library.(CVE-2015-8472)\n\n - The png_err function in pngerror.c in libpng 1.0.x\n before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8,\n and 1.5.x before 1.5.4 makes a function call using a\n NULL pointer argument instead of an empty-string\n argument, which allows remote attackers to cause a\n denial of service (application crash) via a crafted PNG\n image.(CVE-2011-2691)\n\n - Integer underflow in the png_check_keyword function in\n pngwutil.c in libpng 0.90 through 0.99, 1.0.x before\n 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x\n before 1.4.19, and 1.5.x before 1.5.26 allows remote\n attackers to have unspecified impact via a space\n character as a keyword in a PNG image, which triggers\n an out-of-bounds read.(CVE-2015-8540)\n\n - Integer overflow in libpng, as used in Google Chrome\n before 17.0.963.56, allows remote attackers to cause a\n denial of service or possibly have unspecified other\n impact via unknown vectors that trigger an integer\n truncation.(CVE-2011-3026)\n\n - An array-indexing error was discovered in the\n png_convert_to_rfc1123() function of libpng. An\n attacker could possibly use this flaw to cause an\n out-of-bounds read by tricking an unsuspecting user\n into processing a specially crafted PNG\n image.(CVE-2015-7981)\n\n - Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x\n before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before\n 1.5.4, when used by an application that calls the\n png_rgb_to_gray function but not the png_set_expand\n function, allows remote attackers to overwrite memory\n with an arbitrary amount of data, and possibly have\n unspecified other impact, via a crafted PNG\n image.(CVE-2011-2690)\n\n - The png_format_buffer function in pngerror.c in libpng\n 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before\n 1.4.8, and 1.5.x before 1.5.4 allows remote attackers\n to cause a denial of service (application crash) via a\n crafted PNG image that triggers an out-of-bounds read\n during the copying of error-message data. NOTE: this\n vulnerability exists because of a CVE-2004-0421\n regression. NOTE: this is called an off-by-one error by\n some sources.(CVE-2011-2501)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1421\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d1d8567b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libpng packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libpng-1.5.13-7.1.h2.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-18T14:24:05", "description": "The remote host is affected by the vulnerability described in GLSA-201206-15 (libpng: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in libpng:\n The &ldquo;embedded_profile_len()&rdquo; function in pngwutil.c does not check for negative values, resulting in a memory leak (CVE-2009-5063).\n The &ldquo;png_format_buffer()&rdquo; function in pngerror.c contains an off-by-one error (CVE-2011-2501).\n The &ldquo;png_rgb_to_gray()&rdquo; function in pngrtran.c contains an integer overflow error (CVE-2011-2690).\n The &ldquo;png_err()&rdquo; function in pngerror.c contains a NULL pointer dereference error (CVE-2011-2691).\n The &ldquo;png_handle_sCAL()&rdquo; function in pngrutil.c improperly handles malformed sCAL chunks(CVE-2011-2692).\n The &ldquo;png_decompress_chunk()&rdquo; function in pngrutil.c contains an integer overflow error (CVE-2011-3026).\n The &ldquo;png_inflate()&rdquo; function in pngrutil.c contains and out of bounds error (CVE-2011-3045).\n The &ldquo;png_set_text_2()&rdquo; function in pngset.c contains an error which could result in memory corruption (CVE-2011-3048).\n The &ldquo;png_formatted_warning()&rdquo; function in pngerror.c contains an off-by-one error (CVE-2011-3464).\n Impact :\n\n An attacker could exploit these vulnerabilities to execute arbitrary code with the permissions of the user running the vulnerable program, which could be the root user, or to cause programs linked against the library to crash.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2012-06-25T00:00:00", "type": "nessus", "title": "GLSA-201206-15 : libpng: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-5063", "CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692", "CVE-2011-3026", "CVE-2011-3045", "CVE-2011-3048", "CVE-2011-3464"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:libpng", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201206-15.NASL", "href": "https://www.tenable.com/plugins/nessus/59668", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201206-15.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59668);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-5063\", \"CVE-2011-2501\", \"CVE-2011-2690\", \"CVE-2011-2691\", \"CVE-2011-2692\", \"CVE-2011-3026\", \"CVE-2011-3045\", \"CVE-2011-3048\", \"CVE-2011-3464\");\n script_bugtraq_id(48474, 48618, 48660, 51823, 52049, 52453, 52830);\n script_xref(name:\"GLSA\", value:\"201206-15\");\n\n script_name(english:\"GLSA-201206-15 : libpng: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-201206-15\n(libpng: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in libpng:\n The &ldquo;embedded_profile_len()&rdquo; function in pngwutil.c does not\n check for negative values, resulting in a memory leak (CVE-2009-5063).\n The &ldquo;png_format_buffer()&rdquo; function in pngerror.c contains an\n off-by-one error (CVE-2011-2501).\n The &ldquo;png_rgb_to_gray()&rdquo; function in pngrtran.c contains an\n integer overflow error (CVE-2011-2690).\n The &ldquo;png_err()&rdquo; function in pngerror.c contains a NULL pointer\n dereference error (CVE-2011-2691).\n The &ldquo;png_handle_sCAL()&rdquo; function in pngrutil.c improperly handles\n malformed sCAL chunks(CVE-2011-2692).\n The &ldquo;png_decompress_chunk()&rdquo; function in pngrutil.c contains an\n integer overflow error (CVE-2011-3026).\n The &ldquo;png_inflate()&rdquo; function in pngrutil.c contains and out of\n bounds error (CVE-2011-3045).\n The &ldquo;png_set_text_2()&rdquo; function in pngset.c contains an error\n which could result in memory corruption (CVE-2011-3048).\n The &ldquo;png_formatted_warning()&rdquo; function in pngerror.c contains an\n off-by-one error (CVE-2011-3464).\n \nImpact :\n\n An attacker could exploit these vulnerabilities to execute arbitrary\n code with the permissions of the user running the vulnerable program,\n which could be the root user, or to cause programs linked against the\n library to crash.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201206-15\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All libpng 1.5 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/libpng-1.5.10'\n All libpng 1.2 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/libpng-1.2.49'\n Packages which depend on this library may need to be recompiled. Tools\n such as revdep-rebuild may assist in identifying some of these packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/libpng\", unaffected:make_list(\"ge 1.5.10\", \"ge 1.2.49\"), vulnerable:make_list(\"lt 1.5.10\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:06:59", "description": "Steve Grubb discovered that libpng would access memory that is out of bounds when creating an error message. The impact of this bug is not clear, but it could lead to a core dump in a program using libpng, or could result in a DoS (Denial of Service) condition in a daemon that uses libpng to process PNG imagaes.\n\nThe updated packages are patched to correct the vulnerability.", "cvss3": {}, "published": "2004-07-31T00:00:00", "type": "nessus", "title": "Mandrake Linux Security Advisory : libpng (MDKSA-2004:040)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0421"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64png3", "p-cpe:/a:mandriva:linux:lib64png3-devel", "p-cpe:/a:mandriva:linux:lib64png3-static-devel", "p-cpe:/a:mandriva:linux:libpng3", "p-cpe:/a:mandriva:linux:libpng3-devel", "p-cpe:/a:mandriva:linux:libpng3-static-devel", "cpe:/o:mandrakesoft:mandrake_linux:10.0", "cpe:/o:mandrakesoft:mandrake_linux:9.1", "cpe:/o:mandrakesoft:mandrake_linux:9.2"], "id": "MANDRAKE_MDKSA-2004-040.NASL", "href": "https://www.tenable.com/plugins/nessus/14139", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2004:040. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(14139);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2004-0421\");\n script_xref(name:\"MDKSA\", value:\"2004:040\");\n\n script_name(english:\"Mandrake Linux Security Advisory : libpng (MDKSA-2004:040)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Steve Grubb discovered that libpng would access memory that is out of\nbounds when creating an error message. The impact of this bug is not\nclear, but it could lead to a core dump in a program using libpng, or\ncould result in a DoS (Denial of Service) condition in a daemon that\nuses libpng to process PNG imagaes.\n\nThe updated packages are patched to correct the vulnerability.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64png3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64png3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64png3-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpng3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpng3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpng3-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64png3-1.2.5-10.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64png3-devel-1.2.5-10.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64png3-static-devel-1.2.5-10.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libpng3-1.2.5-10.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libpng3-devel-1.2.5-10.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libpng3-static-devel-1.2.5-10.2.100mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"libpng3-1.2.5-2.2.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"libpng3-devel-1.2.5-2.2.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"libpng3-static-devel-1.2.5-2.2.91mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK9.2\", cpu:\"amd64\", reference:\"lib64png3-1.2.5-7.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"amd64\", reference:\"lib64png3-devel-1.2.5-7.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"amd64\", reference:\"lib64png3-static-devel-1.2.5-7.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"libpng3-1.2.5-7.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"libpng3-devel-1.2.5-7.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"libpng3-static-devel-1.2.5-7.2.92mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:17:50", "description": "Steve Grubb reports a buffer read overrun in libpng's png_format_buffer function. A specially constructed PNG image processed by an application using libpng may trigger the buffer read overrun and possibly result in an application crash.", "cvss3": {}, "published": "2009-04-23T00:00:00", "type": "nessus", "title": "FreeBSD : libpng denial-of-service (3a408f6f-9c52-11d8-9366-0020ed76ef5a)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0421"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:linux-png", "p-cpe:/a:freebsd:freebsd:png", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_3A408F6F9C5211D893660020ED76EF5A.NASL", "href": "https://www.tenable.com/plugins/nessus/37799", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37799);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2004-0421\");\n script_bugtraq_id(10244);\n script_xref(name:\"Secunia\", value:\"11505\");\n\n script_name(english:\"FreeBSD : libpng denial-of-service (3a408f6f-9c52-11d8-9366-0020ed76ef5a)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Steve Grubb reports a buffer read overrun in libpng's\npng_format_buffer function. A specially constructed PNG image\nprocessed by an application using libpng may trigger the buffer read\noverrun and possibly result in an application crash.\"\n );\n # http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120508\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=120508\"\n );\n # http://rhn.redhat.com/errata/RHSA-2004-181.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2004:181\"\n );\n # https://vuxml.freebsd.org/freebsd/3a408f6f-9c52-11d8-9366-0020ed76ef5a.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d500a1de\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-png\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:png\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/05/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"linux-png<=1.0.14_3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-png>=1.2<=1.2.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"png<1.2.5_4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:22", "description": "The remote host is affected by the vulnerability described in GLSA-200405-06 (libpng denial of service vulnerability)\n\n libpng provides two functions (png_chunk_error and png_chunk_warning) for default error and warning messages handling. These functions do not perform proper bounds checking on the provided message, which is limited to 64 bytes. Programs linked against this library may crash when handling a malicious PNG image.\n Impact :\n\n This vulnerability could be used to crash various programs using the libpng library, potentially resulting in a denial of service attack on vulnerable daemon processes.\n Workaround :\n\n There is no known workaround at this time. All users are advised to upgrade to the latest available version of libpng.", "cvss3": {}, "published": "2004-08-30T00:00:00", "type": "nessus", "title": "GLSA-200405-06 : libpng denial of service vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0421"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:libpng", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200405-06.NASL", "href": "https://www.tenable.com/plugins/nessus/14492", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200405-06.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(14492);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2004-0421\");\n script_xref(name:\"GLSA\", value:\"200405-06\");\n\n script_name(english:\"GLSA-200405-06 : libpng denial of service vulnerability\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200405-06\n(libpng denial of service vulnerability)\n\n libpng provides two functions (png_chunk_error and png_chunk_warning) for\n default error and warning messages handling. These functions do not perform\n proper bounds checking on the provided message, which is limited to 64\n bytes. Programs linked against this library may crash when handling a\n malicious PNG image.\n \nImpact :\n\n This vulnerability could be used to crash various programs using the libpng\n library, potentially resulting in a denial of service attack on vulnerable\n daemon processes.\n \nWorkaround :\n\n There is no known workaround at this time. All users are advised to upgrade\n to the latest available version of libpng.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200405-06\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All users of libpng should upgrade to the latest stable version:\n # emerge sync\n # emerge -pv '>=media-libs/libpng-1.2.5-r5'\n # emerge '>=media-libs/libpng-1.2.5-r5'\n You should also run revdep-rebuild to rebuild any packages that depend on\n older versions of libpng :\n # revdep-rebuild\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/08/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/libpng\", unaffected:make_list(\"ge 1.2.5-r5\"), vulnerable:make_list(\"le 1.2.5-r4\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"media-libs/libpng\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:46", "description": "- Mon Apr 19 2004 Matthias Clasen <mclasen at redhat.com>\n\n - fix a possible out-of-bounds read in the error message handler. #121229\n\n - Tue Mar 02 2004 Elliot Lee <sopwith at redhat.com>\n\n - rebuilt\n\n - Fri Feb 27 2004 Mark McLoughlin <markmc at redhat.com> 2:1.2.2-19\n\n - rebuild with changed bits/setjmp.h on ppc\n\n - Fri Feb 13 2004 Elliot Lee <sopwith at redhat.com>\n\n - rebuilt\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2004-07-23T00:00:00", "type": "nessus", "title": "Fedora Core 1 : libpng-1.2.2-20 (2004-105)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0421"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libpng", "p-cpe:/a:fedoraproject:fedora:libpng-debuginfo", "p-cpe:/a:fedoraproject:fedora:libpng-devel", "cpe:/o:fedoraproject:fedora_core:1"], "id": "FEDORA_2004-105.NASL", "href": "https://www.tenable.com/plugins/nessus/13688", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2004-105.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(13688);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2004-0421\");\n script_xref(name:\"FEDORA\", value:\"2004-105\");\n\n script_name(english:\"Fedora Core 1 : libpng-1.2.2-20 (2004-105)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Mon Apr 19 2004 Matthias Clasen <mclasen at redhat.com>\n\n - fix a possible out-of-bounds read in the error message\n handler. #121229\n\n - Tue Mar 02 2004 Elliot Lee <sopwith at redhat.com>\n\n - rebuilt\n\n - Fri Feb 27 2004 Mark McLoughlin <markmc at redhat.com>\n 2:1.2.2-19\n\n - rebuild with changed bits/setjmp.h on ppc\n\n - Fri Feb 13 2004 Elliot Lee <sopwith at redhat.com>\n\n - rebuilt\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2004-May/000115.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8eb0acd2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libpng, libpng-debuginfo and / or libpng-devel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libpng-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libpng-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 1.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC1\", reference:\"libpng-1.2.2-20\")) flag++;\nif (rpm_check(release:\"FC1\", reference:\"libpng-debuginfo-1.2.2-20\")) flag++;\nif (rpm_check(release:\"FC1\", reference:\"libpng-devel-1.2.2-20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng / libpng-debuginfo / libpng-devel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:18:32", "description": "- Mon Apr 19 2004 Matthias Clasen <mclasen at redhat.com>\n\n - fix a possible out-of-bounds read in the error message handler. #121229\n\n - Tue Mar 02 2004 Elliot Lee <sopwith at redhat.com>\n\n - rebuilt\n\n - Fri Feb 13 2004 Elliot Lee <sopwith at redhat.com>\n\n - rebuilt\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2004-07-23T00:00:00", "type": "nessus", "title": "Fedora Core 1 : libpng10-1.0.13-11 (2004-106)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0421"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libpng10", "p-cpe:/a:fedoraproject:fedora:libpng10-debuginfo", "p-cpe:/a:fedoraproject:fedora:libpng10-devel", "cpe:/o:fedoraproject:fedora_core:1"], "id": "FEDORA_2004-106.NASL", "href": "https://www.tenable.com/plugins/nessus/13689", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2004-106.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(13689);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2004-0421\");\n script_xref(name:\"FEDORA\", value:\"2004-106\");\n\n script_name(english:\"Fedora Core 1 : libpng10-1.0.13-11 (2004-106)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Mon Apr 19 2004 Matthias Clasen <mclasen at redhat.com>\n\n - fix a possible out-of-bounds read in the error message\n handler. #121229\n\n - Tue Mar 02 2004 Elliot Lee <sopwith at redhat.com>\n\n - rebuilt\n\n - Fri Feb 13 2004 Elliot Lee <sopwith at redhat.com>\n\n - rebuilt\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2004-May/000116.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0086c378\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libpng10, libpng10-debuginfo and / or\nlibpng10-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libpng10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libpng10-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libpng10-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 1.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC1\", reference:\"libpng10-1.0.13-11\")) flag++;\nif (rpm_check(release:\"FC1\", reference:\"libpng10-debuginfo-1.0.13-11\")) flag++;\nif (rpm_check(release:\"FC1\", reference:\"libpng10-devel-1.0.13-11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng10 / libpng10-debuginfo / libpng10-devel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:18:59", "description": "Updated libpng packages that fix a out of bounds memory access are now available.\n\nThe libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files.\n\nSteve Grubb discovered a out of bounds memory access flaw in libpng.\nAn attacker could carefully craft a PNG file in such a way that it would cause an application linked to libpng to crash when opened by a victim. This issue may not be used to execute arbitrary code.\n\nUsers are advised to upgrade to these updated packages that contain a backported security fix not vulnerable to this issue.", "cvss3": {}, "published": "2004-07-06T00:00:00", "type": "nessus", "title": "RHEL 2.1 / 3 : libpng (RHSA-2004:180)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0421"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:libpng", "p-cpe:/a:redhat:enterprise_linux:libpng-devel", "p-cpe:/a:redhat:enterprise_linux:libpng10", "p-cpe:/a:redhat:enterprise_linux:libpng10-devel", "cpe:/o:redhat:enterprise_linux:2.1", "cpe:/o:redhat:enterprise_linux:3"], "id": "REDHAT-RHSA-2004-180.NASL", "href": "https://www.tenable.com/plugins/nessus/12492", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2004:180. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(12492);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2004-0421\");\n script_bugtraq_id(10244);\n script_xref(name:\"RHSA\", value:\"2004:180\");\n\n script_name(english:\"RHEL 2.1 / 3 : libpng (RHSA-2004:180)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libpng packages that fix a out of bounds memory access are now\navailable.\n\nThe libpng package contains a library of functions for creating and\nmanipulating PNG (Portable Network Graphics) image format files.\n\nSteve Grubb discovered a out of bounds memory access flaw in libpng.\nAn attacker could carefully craft a PNG file in such a way that it\nwould cause an application linked to libpng to crash when opened by a\nvictim. This issue may not be used to execute arbitrary code.\n\nUsers are advised to upgrade to these updated packages that contain a\nbackported security fix not vulnerable to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2004:180\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpng-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpng10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpng10-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/08/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(2\\.1|3)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1 / 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2004:180\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"libpng-1.0.14-0.7x.5\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"libpng-devel-1.0.14-0.7x.5\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"libpng-1.2.2-21\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"libpng-devel-1.2.2-21\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"libpng10-1.0.13-12\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"libpng10-devel-1.0.13-12\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng / libpng-devel / libpng10 / libpng10-devel\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:01", "description": "The following package needs to be updated: linux-png", "cvss3": {}, "published": "2004-07-06T00:00:00", "type": "nessus", "title": "FreeBSD : libpng denial-of-service (93)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0421"], "modified": "2011-10-03T00:00:00", "cpe": [], "id": "FREEBSD_LIBPNG.NASL", "href": "https://www.tenable.com/plugins/nessus/12563", "sourceData": "#%NASL_MIN_LEVEL 999999\n\n# @DEPRECATED@\n#\n# This script has been deprecated by freebsd_pkg_3a408f6f9c5211d893660020ed76ef5a.nasl.\n#\n# Disabled on 2011/10/02.\n#\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# This script contains information extracted from VuXML :\n#\n# Copyright 2003-2006 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n#\n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n#\n#\n\ninclude('compat.inc');\n\nif ( description )\n{\n script_id(12563);\n script_version(\"1.16\");\n script_bugtraq_id(10244);\n script_cve_id(\"CVE-2004-0421\");\n\n script_name(english:\"FreeBSD : libpng denial-of-service (93)\");\n\nscript_set_attribute(attribute:'synopsis', value: 'The remote host is missing a security update');\nscript_set_attribute(attribute:'description', value:'The following package needs to be updated: linux-png');\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\nscript_set_attribute(attribute:'solution', value: 'Update the package on the remote host');\nscript_set_attribute(attribute: 'see_also', value: 'http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120508\nhttp://rhn.redhat.com/errata/RHSA-2004-181.html\nhttp://secunia.com/advisories/11505\nhttp://www.mozilla.org/security/announce/2008/mfsa2008-60.html\nhttp://www.mozilla.org/security/announce/2008/mfsa2008-61.html\nhttp://www.mozilla.org/security/announce/2008/mfsa2008-62.html\nhttp://www.mozilla.org/security/announce/2008/mfsa2008-63.html\nhttp://www.mozilla.org/security/announce/2008/mfsa2008-64.html\nhttp://www.samba.org/samba/whatsnew/samba-3.0.5.html');\nscript_set_attribute(attribute:'see_also', value: 'http://www.FreeBSD.org/ports/portaudit/3a408f6f-9c52-11d8-9366-0020ed76ef5a.html');\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/07/06\");\n script_cvs_date(\"Date: 2018/08/22 16:49:14\");\n script_end_attributes();\n script_summary(english:\"Check for linux-png\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n family[\"english\"] = \"FreeBSD Local Security Checks\";\n script_family(english:family[\"english\"]);\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/FreeBSD/pkg_info\");\n exit(0);\n}\n\n# Deprecated.\nexit(0, \"This plugin has been deprecated. Refer to plugin #37799 (freebsd_pkg_3a408f6f9c5211d893660020ed76ef5a.nasl) instead.\");\n\nglobal_var cvss_score;\ncvss_score=5;\ninclude('freebsd_package.inc');\n\n\npkg_test(pkg:\"linux-png<=1.0.14_3\");\n\npkg_test(pkg:\"linux-png>=1.2.*<=1.2.2\");\n\npkg_test(pkg:\"png<1.2.5_4\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:17", "description": "Steve Grubb discovered a problem in the Portable Network Graphics library libpng which is utilised in several applications. When processing a broken PNG image, the error handling routine will access memory that is out of bounds when creating an error message. Depending on machine architecture, bounds checking and other protective measures, this problem could cause the program to crash if a defective or intentionally prepared PNG image file is handled by libpng.\n\nThis could be used as a denial of service attack against various programs that link against this library. The following commands will show you which packages utilise this library and whose programs should probably restarted after an upgrade :\n\n apt-cache showpkg libpng2 apt-cache showpkg libpng3\n\nThe following security matrix explains which package versions will contain a correction.\n\n Package stable (woody) unstable (sid) libpng 1.0.12-3.woody.5 1.0.15-5 libpng3 1.2.1-1.1.woody.5 1.2.5.0-6", "cvss3": {}, "published": "2004-09-29T00:00:00", "type": "nessus", "title": "Debian DSA-498-1 : libpng - out of bound access", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0421"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libpng", "p-cpe:/a:debian:debian_linux:libpng3", "cpe:/o:debian:debian_linux:3.0"], "id": "DEBIAN_DSA-498.NASL", "href": "https://www.tenable.com/plugins/nessus/15335", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-498. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(15335);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2004-0421\");\n script_bugtraq_id(10244);\n script_xref(name:\"DSA\", value:\"498\");\n\n script_name(english:\"Debian DSA-498-1 : libpng - out of bound access\");\n script_summary(english:\"Checks dpkg output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Steve Grubb discovered a problem in the Portable Network Graphics\nlibrary libpng which is utilised in several applications. When\nprocessing a broken PNG image, the error handling routine will access\nmemory that is out of bounds when creating an error message. Depending\non machine architecture, bounds checking and other protective\nmeasures, this problem could cause the program to crash if a defective\nor intentionally prepared PNG image file is handled by libpng.\n\nThis could be used as a denial of service attack against various\nprograms that link against this library. The following commands will\nshow you which packages utilise this library and whose programs should\nprobably restarted after an upgrade :\n\n apt-cache showpkg libpng2 apt-cache showpkg libpng3\n\nThe following security matrix explains which package versions will\ncontain a correction.\n\n Package stable (woody) unstable (sid) \n libpng 1.0.12-3.woody.5 1.0.15-5 \n libpng3 1.2.1-1.1.woody.5 1.2.5.0-6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2004/dsa-498\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the libpng and related packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpng3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/29\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/04/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"libpng-dev\", reference:\"1.2.1-1.1.woody.5\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libpng2\", reference:\"1.0.12-3.woody.5\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libpng2-dev\", reference:\"1.0.12-3.woody.5\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libpng3\", reference:\"1.2.1-1.1.woody.5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:17:29", "description": "New libpng packages are available for Slackware 9.0, 9.1, and\n-current to fix an issue where libpng could be caused to crash, perhaps creating a denial of service issue if network services are linked with it.", "cvss3": {}, "published": "2005-07-13T00:00:00", "type": "nessus", "title": "Slackware 9.0 / 9.1 / current : libpng update (SSA:2004-124-04)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0421"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:libpng", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:9.0", "cpe:/o:slackware:slackware_linux:9.1"], "id": "SLACKWARE_SSA_2004-124-04.NASL", "href": "https://www.tenable.com/plugins/nessus/18751", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2004-124-04. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(18751);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2004-0421\");\n script_xref(name:\"SSA\", value:\"2004-124-04\");\n\n script_name(english:\"Slackware 9.0 / 9.1 / current : libpng update (SSA:2004-124-04)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New libpng packages are available for Slackware 9.0, 9.1, and\n-current to fix an issue where libpng could be caused to crash,\nperhaps creating a denial of service issue if network services are\nlinked with it.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.361384\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6199cb7f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"9.0\", pkgname:\"libpng\", pkgver:\"1.2.5\", pkgarch:\"i386\", pkgnum:\"2\")) flag++;\n\nif (slackware_check(osver:\"9.1\", pkgname:\"libpng\", pkgver:\"1.2.5\", pkgarch:\"i486\", pkgnum:\"2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"libpng\", pkgver:\"1.2.5\", pkgarch:\"i486\", pkgnum:\"2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:19", "description": "The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files.\n\nAn uninitialized memory read issue was found in the way libpng processed certain PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash.\n(CVE-2011-2692)\n\nUsers of libpng and libpng10 should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libpng or libpng10 must be restarted for the update to take effect.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : libpng on SL4.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2692"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110728_LIBPNG_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61099", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61099);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2692\");\n\n script_name(english:\"Scientific Linux Security Update : libpng on SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The libpng packages contain a library of functions for creating and\nmanipulating PNG (Portable Network Graphics) image format files.\n\nAn uninitialized memory read issue was found in the way libpng\nprocessed certain PNG images that use the Physical Scale (sCAL)\nextension. An attacker could create a specially crafted PNG image\nthat, when opened, could cause an application using libpng to crash.\n(CVE-2011-2692)\n\nUsers of libpng and libpng10 should upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. All running\napplications using libpng or libpng10 must be restarted for the update\nto take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1107&L=scientific-linux-errata&T=0&P=2813\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?de4673db\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"libpng-1.2.7-8.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libpng-devel-1.2.7-8.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libpng10-1.0.16-9.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libpng10-devel-1.0.16-9.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:52", "description": "Updated libpng and libpng10 packages that fix one security issue are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files.\n\nAn uninitialized memory read issue was found in the way libpng processed certain PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash.\n(CVE-2011-2692)\n\nUsers of libpng and libpng10 should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libpng or libpng10 must be restarted for the update to take effect.", "cvss3": {}, "published": "2011-08-15T00:00:00", "type": "nessus", "title": "CentOS 4 : libpng (CESA-2011:1103)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2692"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:libpng", "p-cpe:/a:centos:centos:libpng-devel", "p-cpe:/a:centos:centos:libpng10", "p-cpe:/a:centos:centos:libpng10-devel", "cpe:/o:centos:centos:4"], "id": "CENTOS_RHSA-2011-1103.NASL", "href": "https://www.tenable.com/plugins/nessus/55838", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1103 and \n# CentOS Errata and Security Advisory 2011:1103 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55838);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-2692\");\n script_xref(name:\"RHSA\", value:\"2011:1103\");\n\n script_name(english:\"CentOS 4 : libpng (CESA-2011:1103)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libpng and libpng10 packages that fix one security issue are\nnow available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe libpng packages contain a library of functions for creating and\nmanipulating PNG (Portable Network Graphics) image format files.\n\nAn uninitialized memory read issue was found in the way libpng\nprocessed certain PNG images that use the Physical Scale (sCAL)\nextension. An attacker could create a specially crafted PNG image\nthat, when opened, could cause an application using libpng to crash.\n(CVE-2011-2692)\n\nUsers of libpng and libpng10 should upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. All running\napplications using libpng or libpng10 must be restarted for the update\nto take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-August/017667.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?034b4ad3\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-August/017668.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e599468e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpng-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpng10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpng10-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"libpng-1.2.7-8.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"libpng-1.2.7-8.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"libpng-devel-1.2.7-8.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"libpng-devel-1.2.7-8.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"libpng10-1.0.16-9.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"libpng10-1.0.16-9.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"libpng10-devel-1.0.16-9.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"libpng10-devel-1.0.16-9.el4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng / libpng-devel / libpng10 / libpng10-devel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:39:28", "description": "From Red Hat Security Advisory 2011:1103 :\n\nUpdated libpng and libpng10 packages that fix one security issue are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files.\n\nAn uninitialized memory read issue was found in the way libpng processed certain PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash.\n(CVE-2011-2692)\n\nUsers of libpng and libpng10 should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libpng or libpng10 must be restarted for the update to take effect.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 4 : libpng (ELSA-2011-1103)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2692"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:libpng", "p-cpe:/a:oracle:linux:libpng-devel", "p-cpe:/a:oracle:linux:libpng10", "p-cpe:/a:oracle:linux:libpng10-devel", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2011-1103.NASL", "href": "https://www.tenable.com/plugins/nessus/68316", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:1103 and \n# Oracle Linux Security Advisory ELSA-2011-1103 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68316);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2692\");\n script_xref(name:\"RHSA\", value:\"2011:1103\");\n\n script_name(english:\"Oracle Linux 4 : libpng (ELSA-2011-1103)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:1103 :\n\nUpdated libpng and libpng10 packages that fix one security issue are\nnow available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe libpng packages contain a library of functions for creating and\nmanipulating PNG (Portable Network Graphics) image format files.\n\nAn uninitialized memory read issue was found in the way libpng\nprocessed certain PNG images that use the Physical Scale (sCAL)\nextension. An attacker could create a specially crafted PNG image\nthat, when opened, could cause an application using libpng to crash.\n(CVE-2011-2692)\n\nUsers of libpng and libpng10 should upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. All running\napplications using libpng or libpng10 must be restarted for the update\nto take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-July/002250.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpng-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpng10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpng10-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"libpng-1.2.7-8.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libpng-devel-1.2.7-8.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libpng10-1.0.16-9.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libpng10-devel-1.0.16-9.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng / libpng-devel / libpng10 / libpng10-devel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:37", "description": "Updated libpng and libpng10 packages that fix one security issue are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files.\n\nAn uninitialized memory read issue was found in the way libpng processed certain PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash.\n(CVE-2011-2692)\n\nUsers of libpng and libpng10 should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libpng or libpng10 must be restarted for the update to take effect.", "cvss3": {}, "published": "2011-07-29T00:00:00", "type": "nessus", "title": "RHEL 4 : libpng (RHSA-2011:1103)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2692"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:libpng", "p-cpe:/a:redhat:enterprise_linux:libpng-devel", "p-cpe:/a:redhat:enterprise_linux:libpng10", "p-cpe:/a:redhat:enterprise_linux:libpng10-devel", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.8"], "id": "REDHAT-RHSA-2011-1103.NASL", "href": "https://www.tenable.com/plugins/nessus/55725", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1103. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55725);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2692\");\n script_xref(name:\"RHSA\", value:\"2011:1103\");\n\n script_name(english:\"RHEL 4 : libpng (RHSA-2011:1103)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libpng and libpng10 packages that fix one security issue are\nnow available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe libpng packages contain a library of functions for creating and\nmanipulating PNG (Portable Network Graphics) image format files.\n\nAn uninitialized memory read issue was found in the way libpng\nprocessed certain PNG images that use the Physical Scale (sCAL)\nextension. An attacker could create a specially crafted PNG image\nthat, when opened, could cause an application using libpng to crash.\n(CVE-2011-2692)\n\nUsers of libpng and libpng10 should upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. All running\napplications using libpng or libpng10 must be restarted for the update\nto take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1103\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpng-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpng10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpng10-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1103\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"libpng-1.2.7-8.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"libpng-devel-1.2.7-8.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"libpng10-1.0.16-9.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"libpng10-devel-1.0.16-9.el4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng / libpng-devel / libpng10 / libpng10-devel\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:44", "description": "New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues.", "cvss3": {}, "published": "2011-08-01T00:00:00", "type": "nessus", "title": "Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 8.1 / 9.0 / 9.1 / current : libpng (SSA:2011-210-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0421", "CVE-2011-2501"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:libpng", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:10.0", "cpe:/o:slackware:slackware_linux:10.1", "cpe:/o:slackware:slackware_linux:10.2", "cpe:/o:slackware:slackware_linux:11.0", "cpe:/o:slackware:slackware_linux:12.0", "cpe:/o:slackware:slackware_linux:12.1", "cpe:/o:slackware:slackware_linux:12.2", "cpe:/o:slackware:slackware_linux:13.0", "cpe:/o:slackware:slackware_linux:13.1", "cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:8.1", "cpe:/o:slackware:slackware_linux:9.0", "cpe:/o:slackware:slackware_linux:9.1"], "id": "SLACKWARE_SSA_2011-210-01.NASL", "href": "https://www.tenable.com/plugins/nessus/55735", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2011-210-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55735);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0421\", \"CVE-2011-2501\");\n script_bugtraq_id(48474);\n script_xref(name:\"SSA\", value:\"2011-210-01\");\n\n script_name(english:\"Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 8.1 / 9.0 / 9.1 / current : libpng (SSA:2011-210-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0,\n10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to\nfix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.617466\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0a1733c9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"8.1\", pkgname:\"libpng\", pkgver:\"1.2.46\", pkgarch:\"i386\", pkgnum:\"1_slack8.1\")) flag++;\n\nif (slackware_check(osver:\"9.0\", pkgname:\"libpng\", pkgver:\"1.2.46\", pkgarch:\"i386\", pkgnum:\"1_slack9.0\")) flag++;\n\nif (slackware_check(osver:\"9.1\", pkgname:\"libpng\", pkgver:\"1.2.46\", pkgarch:\"i486\", pkgnum:\"1_slack9.1\")) flag++;\n\nif (slackware_check(osver:\"10.0\", pkgname:\"libpng\", pkgver:\"1.2.46\", pkgarch:\"i486\", pkgnum:\"1_slack10.0\")) flag++;\n\nif (slackware_check(osver:\"10.1\", pkgname:\"libpng\", pkgver:\"1.2.46\", pkgarch:\"i486\", pkgnum:\"1_slack10.1\")) flag++;\n\nif (slackware_check(osver:\"10.2\", pkgname:\"libpng\", pkgver:\"1.2.46\", pkgarch:\"i486\", pkgnum:\"1_slack10.2\")) flag++;\n\nif (slackware_check(osver:\"11.0\", pkgname:\"libpng\", pkgver:\"1.2.46\", pkgarch:\"i486\", pkgnum:\"1_slack11.0\")) flag++;\n\nif (slackware_check(osver:\"12.0\", pkgname:\"libpng\", pkgver:\"1.2.46\", pkgarch:\"i486\", pkgnum:\"1_slack12.0\")) flag++;\n\nif (slackware_check(osver:\"12.1\", pkgname:\"libpng\", pkgver:\"1.2.46\", pkgarch:\"i486\", pkgnum:\"1_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"12.2\", pkgname:\"libpng\", pkgver:\"1.2.46\", pkgarch:\"i486\", pkgnum:\"1_slack12.2\")) flag++;\n\nif (slackware_check(osver:\"13.0\", pkgname:\"libpng\", pkgver:\"1.2.46\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"libpng\", pkgver:\"1.2.46\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"libpng\", pkgver:\"1.4.8\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"libpng\", pkgver:\"1.4.8\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"libpng\", pkgver:\"1.4.8\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"libpng\", pkgver:\"1.4.8\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"libpng\", pkgver:\"1.4.8\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"libpng\", pkgver:\"1.4.8\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:10", "description": "The remote host is missing Security Update 2004-08-09.\n\nlibpng is a library used for manipulating graphics files. Several buffer overflows have been discovered in libpng. A remote attacker could exploit these vulnerabilities by tricking a user into opening a maliciously crafted PNG file, resulting in the execution of arbitrary code.", "cvss3": {}, "published": "2004-08-10T00:00:00", "type": "nessus", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2004-08-09)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2002-1363", "CVE-2004-0421", "CVE-2004-0597", "CVE-2004-0598", "CVE-2004-0599"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD20040809.NASL", "href": "https://www.tenable.com/plugins/nessus/14242", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(14242);\n script_version (\"1.17\");\n script_cve_id(\n \"CVE-2002-1363\",\n \"CVE-2004-0421\",\n \"CVE-2004-0597\",\n \"CVE-2004-0598\",\n \"CVE-2004-0599\"\n );\n script_bugtraq_id(10857);\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2004-08-09)\");\n script_summary(english:\"Check for Security Update 2004-08-09\");\n \n script_set_attribute( attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes a security\nissue.\" );\n script_set_attribute( attribute:\"description\", value:\n\"The remote host is missing Security Update 2004-08-09.\n\nlibpng is a library used for manipulating graphics files. Several\nbuffer overflows have been discovered in libpng. A remote attacker\ncould exploit these vulnerabilities by tricking a user into opening\na maliciously crafted PNG file, resulting in the execution of\narbitrary code.\" );\n # http://web.archive.org/web/20080915104713/http://support.apple.com/kb/HT1646?\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?210abeb5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install Security Update 2004-08-09.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/08/10\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2002/12/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2004/08/09\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\");\n exit(0);\n}\n\n#\n\npackages = get_kb_item(\"Host/MacOSX/packages\");\nif ( ! packages ) exit(0);\n\nuname = get_kb_item(\"Host/uname\");\n# MacOS X 10.2.x and 10.3.x only\nif ( egrep(pattern:\"Darwin.* (6\\.8\\.|7\\.4\\.)\", string:uname) )\n{\n if ( ! egrep(pattern:\"^SecUpd2004-08-09\", string:packages) ) security_warning(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:58:11", "description": "Chromium is an OpenGL-based shoot them up game with fine graphics. It is built with a private copy of libpng, and as such could be susceptible to some of the same vulnerabilities :\n\nBuffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to 'chunk error processing,' possibly involving the 'chunk_name'. (CVE-2006-3334)\n\nIt is questionable whether this issue is actually exploitable, but the patch to correct the issue has been included in versions < 1.2.12.\n\nIn addition, an patch to address several old vulnerabilities has been applied to this build. (CVE-2002-1363, CVE-2004-0421, CVE-2004-0597, CVE-2004-0598, CVE-2004-0599)\n\nPackages have been patched to correct these issues.", "cvss3": {}, "published": "2007-02-18T00:00:00", "type": "nessus", "title": "Mandrake Linux Security Advisory : chromium (MDKSA-2006:213)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2002-1363", "CVE-2004-0421", "CVE-2004-0597", "CVE-2004-0598", "CVE-2004-0599", "CVE-2006-3334"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:chromium", "p-cpe:/a:mandriva:linux:chromium-setup", "cpe:/o:mandriva:linux:2007"], "id": "MANDRAKE_MDKSA-2006-213.NASL", "href": "https://www.tenable.com/plugins/nessus/24598", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2006:213. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24598);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2002-1363\",\n \"CVE-2004-0421\",\n \"CVE-2004-0597\",\n \"CVE-2004-0598\",\n \"CVE-2004-0599\",\n \"CVE-2006-3334\"\n );\n script_bugtraq_id(\n 10244,\n 18698,\n 21078\n );\n script_xref(name:\"MDKSA\", value:\"2006:213\");\n\n script_name(english:\"Mandrake Linux Security Advisory : chromium (MDKSA-2006:213)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chromium is an OpenGL-based shoot them up game with fine graphics. It\nis built with a private copy of libpng, and as such could be\nsusceptible to some of the same vulnerabilities :\n\nBuffer overflow in the png_decompress_chunk function in pngrutil.c in\nlibpng before 1.2.12 allows context-dependent attackers to cause a\ndenial of service and possibly execute arbitrary code via unspecified\nvectors related to 'chunk error processing,' possibly involving the\n'chunk_name'. (CVE-2006-3334)\n\nIt is questionable whether this issue is actually exploitable, but the\npatch to correct the issue has been included in versions < 1.2.12.\n\nIn addition, an patch to address several old vulnerabilities has been\napplied to this build. (CVE-2002-1363, CVE-2004-0421, CVE-2004-0597,\nCVE-2004-0598, CVE-2004-0599)\n\nPackages have been patched to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected chromium and / or chromium-setup packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:chromium-setup\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/02/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.0\", reference:\"chromium-0.9.12-25.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"chromium-setup-0.9.12-25.1mdv2007.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:58:32", "description": "Doxygen is a documentation system for C, C++ and IDL. It is built with a private copy of libpng, and as such could be susceptible to some of the same vulnerabilities :\n\nBuffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to 'chunk error processing,' possibly involving the 'chunk_name'. (CVE-2006-3334)\n\nIt is questionable whether this issue is actually exploitable, but the patch to correct the issue has been included in versions < 1.2.12.\n\nTavis Ormandy, of the Gentoo Linux Security Auditing Team, discovered a typo in png_set_sPLT() that may cause an application using libpng to read out of bounds, resulting in a crash. (CVE-2006-5793)\n\nIn addition, an patch to address several old vulnerabilities has been applied to this build. (CVE-2002-1363, CVE-2004-0421, CVE-2004-0597, CVE-2004-0598, CVE-2004-0599)\n\nPackages have been patched to correct these issues.", "cvss3": {}, "published": "2007-02-18T00:00:00", "type": "nessus", "title": "Mandrake Linux Security Advisory : doxygen (MDKSA-2006:212)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2002-1363", "CVE-2004-0421", "CVE-2004-0597", "CVE-2004-0598", "CVE-2004-0599", "CVE-2006-3334", "CVE-2006-5793"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:doxygen", "cpe:/o:mandriva:linux:2006", "cpe:/o:mandriva:linux:2007"], "id": "MANDRAKE_MDKSA-2006-212.NASL", "href": "https://www.tenable.com/plugins/nessus/24597", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2006:212. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24597);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2002-1363\", \"CVE-2004-0421\", \"CVE-2004-0597\", \"CVE-2004-0598\", \"CVE-2004-0599\", \"CVE-2006-3334\", \"CVE-2006-5793\");\n script_bugtraq_id(10244, 18698);\n script_xref(name:\"MDKSA\", value:\"2006:212\");\n\n script_name(english:\"Mandrake Linux Security Advisory : doxygen (MDKSA-2006:212)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandrake Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Doxygen is a documentation system for C, C++ and IDL. It is built with\na private copy of libpng, and as such could be susceptible to some of\nthe same vulnerabilities :\n\nBuffer overflow in the png_decompress_chunk function in pngrutil.c in\nlibpng before 1.2.12 allows context-dependent attackers to cause a\ndenial of service and possibly execute arbitrary code via unspecified\nvectors related to 'chunk error processing,' possibly involving the\n'chunk_name'. (CVE-2006-3334)\n\nIt is questionable whether this issue is actually exploitable, but the\npatch to correct the issue has been included in versions < 1.2.12.\n\nTavis Ormandy, of the Gentoo Linux Security Auditing Team, discovered\na typo in png_set_sPLT() that may cause an application using libpng to\nread out of bounds, resulting in a crash. (CVE-2006-5793)\n\nIn addition, an patch to address several old vulnerabilities has been\napplied to this build. (CVE-2002-1363, CVE-2004-0421, CVE-2004-0597,\nCVE-2004-0598, CVE-2004-0599)\n\nPackages have been patched to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected doxygen package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:doxygen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/02/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2006.0\", reference:\"doxygen-1.4.4-1.1.20060mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK2007.0\", reference:\"doxygen-1.4.7-1.1mdv2007.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:30", "description": "The remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.2. This version contains numerous security-related fixes for the following components :\n\n - Apache\n - Application Firewall\n - ATS\n - BIND\n - Certificate Trust Policy\n - CFNetwork\n - CoreMedia\n - CoreProcesses\n - CoreStorage\n - File Systems\n - iChat Server\n - Kernel\n - libsecurity\n - Open Directory\n - PHP\n - python\n - QuickTime\n - SMB File Server\n - X11", "cvss3": {}, "published": "2011-10-13T00:00:00", "type": "nessus", "title": "Mac OS X 10.7.x < 10.7.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1634", "CVE-2010-2089", "CVE-2011-0185", "CVE-2011-0187", "CVE-2011-0226", "CVE-2011-0230", "CVE-2011-0260", "CVE-2011-1521", "CVE-2011-1755", "CVE-2011-1910", "CVE-2011-2464", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692", "CVE-2011-3192", "CVE-2011-3212", "CVE-2011-3213", "CVE-2011-3215", "CVE-2011-3216", "CVE-2011-3219", "CVE-2011-3220", "CVE-2011-3221", "CVE-2011-3222", "CVE-2011-3223", "CVE-2011-3225", "CVE-2011-3226", "CVE-2011-3227", "CVE-2011-3228", "CVE-2011-3246", "CVE-2011-3435", "CVE-2011-3436", "CVE-2011-3437"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_10_7_2.NASL", "href": "https://www.tenable.com/plugins/nessus/56480", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\nif (!defined_func(\"bn_random\")) exit(0);\nif (NASL_LEVEL < 3000) exit(0); # Avoid problems with large number of xrefs.\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(56480);\n script_version(\"1.23\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\n \"CVE-2010-1634\",\n \"CVE-2010-2089\",\n \"CVE-2011-0185\",\n \"CVE-2011-0187\",\n \"CVE-2011-0226\",\n \"CVE-2011-0230\",\n \"CVE-2011-0260\",\n \"CVE-2011-1521\",\n \"CVE-2011-1755\",\n \"CVE-2011-1910\",\n \"CVE-2011-2464\",\n \"CVE-2011-2690\",\n \"CVE-2011-2691\",\n \"CVE-2011-2692\",\n \"CVE-2011-3192\",\n \"CVE-2011-3212\",\n \"CVE-2011-3213\",\n \"CVE-2011-3215\",\n \"CVE-2011-3216\",\n \"CVE-2011-3219\",\n \"CVE-2011-3220\",\n \"CVE-2011-3221\",\n \"CVE-2011-3222\",\n \"CVE-2011-3223\",\n \"CVE-2011-3225\",\n \"CVE-2011-3226\",\n \"CVE-2011-3227\",\n \"CVE-2011-3228\",\n \"CVE-2011-3246\",\n \"CVE-2011-3435\",\n \"CVE-2011-3436\",\n \"CVE-2011-3437\"\n );\n script_bugtraq_id(\n 40370,\n 40863,\n 48007,\n 48250,\n 48566,\n 48618,\n 48619,\n 48660,\n 49303,\n 50085,\n 50092,\n 50100,\n 50101,\n 50109,\n 50112,\n 50113,\n 50114,\n 50115,\n 50116,\n 50120,\n 50121,\n 50127,\n 50129,\n 50130,\n 50131,\n 50144,\n 50146,\n 50153 \n );\n\n script_name(english:\"Mac OS X 10.7.x < 10.7.2 Multiple Vulnerabilities\");\n script_summary(english:\"Check the version of Mac OS X\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host is missing a Mac OS X update that fixes several\nsecurity issues.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is running a version of Mac OS X 10.7.x that is prior\nto 10.7.2. This version contains numerous security-related fixes for\nthe following components :\n\n - Apache\n - Application Firewall\n - ATS\n - BIND\n - Certificate Trust Policy\n - CFNetwork\n - CoreMedia\n - CoreProcesses\n - CoreStorage\n - File Systems\n - iChat Server\n - Kernel\n - libsecurity\n - Open Directory\n - PHP\n - python\n - QuickTime\n - SMB File Server\n - X11\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-11-303/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-12-136/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/523931/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT5002\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2011/Oct/msg00003.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Mac OS X 10.7.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/01/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n \n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n\n exit(0);\n}\n\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item(\"Host/OS\");\n if (isnull(os)) exit(0, \"The 'Host/OS' KB item is missing.\");\n if (\"Mac OS X\" >!< os) exit(0, \"The host does not appear to be running Mac OS X.\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70) exit(1, \"Can't determine the host's OS with sufficient confidence.\");\n}\nif (!os) exit(0, \"The host does not appear to be running Mac OS X.\");\n\n\nif (ereg(pattern:\"Mac OS X 10\\.7($|\\.[0-1]([^0-9]|$))\", string:os)) security_hole(0);\nelse exit(0, \"The host is not affected as it is running \"+os+\".\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:15:50", "description": "The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2011-006 applied. This update contains numerous security-related fixes for the following components :\n\n - Apache\n - Application Firewall\n - ATS\n - BIND\n - Certificate Trust Policy\n - CFNetwork\n - CoreFoundation\n - CoreMedia\n - File Systems\n - IOGraphics\n - iChat Server\n - Mailman\n - MediaKit\n - PHP\n - postfix\n - python\n - QuickTime\n - Tomcat\n - User Documentation\n - Web Server\n - X11", "cvss3": {}, "published": "2011-10-13T00:00:00", "type": "nessus", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2011-006)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-4022", "CVE-2010-0097", "CVE-2010-1157", "CVE-2010-1634", "CVE-2010-2089", "CVE-2010-2227", "CVE-2010-3436", "CVE-2010-3613", "CVE-2010-3614", "CVE-2010-3718", "CVE-2010-4172", "CVE-2010-4645", "CVE-2011-0013", "CVE-2011-0185", "CVE-2011-0224", "CVE-2011-0229", "CVE-2011-0230", "CVE-2011-0231", "CVE-2011-0249", "CVE-2011-0250", "CVE-2011-0251", "CVE-2011-0252", "CVE-2011-0259", "CVE-2011-0411", "CVE-2011-0419", "CVE-2011-0420", "CVE-2011-0421", "CVE-2011-0534", "CVE-2011-0707", "CVE-2011-0708", "CVE-2011-1092", "CVE-2011-1153", "CVE-2011-1466", "CVE-2011-1467", "CVE-2011-1468", "CVE-2011-1469", "CVE-2011-1470", "CVE-2011-1471", "CVE-2011-1521", "CVE-2011-1755", "CVE-2011-1910", "CVE-2011-2464", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692", "CVE-2011-3192", "CVE-2011-3213", "CVE-2011-3214", "CVE-2011-3217", "CVE-2011-3218", "CVE-2011-3219", "CVE-2011-3220", "CVE-2011-3221", "CVE-2011-3222", "CVE-2011-3223", "CVE-2011-3224", "CVE-2011-3228"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2011-006.NASL", "href": "https://www.tenable.com/plugins/nessus/56481", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\nif (!defined_func(\"bn_random\")) exit(0);\nif (NASL_LEVEL < 3000) exit(0); # Avoid problems with large number of xrefs.\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(56481);\n script_version(\"1.27\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\n \"CVE-2009-4022\",\n \"CVE-2010-0097\",\n \"CVE-2010-1157\",\n \"CVE-2010-1634\",\n \"CVE-2010-2089\",\n \"CVE-2010-2227\",\n \"CVE-2010-3436\",\n \"CVE-2010-3613\",\n \"CVE-2010-3614\",\n \"CVE-2010-3718\",\n \"CVE-2010-4172\",\n \"CVE-2010-4645\",\n \"CVE-2011-0013\",\n \"CVE-2011-0185\",\n \"CVE-2011-0224\",\n \"CVE-2011-0229\",\n \"CVE-2011-0230\",\n \"CVE-2011-0231\",\n \"CVE-2011-0249\",\n \"CVE-2011-0250\",\n \"CVE-2011-0251\",\n \"CVE-2011-0252\",\n \"CVE-2011-0259\",\n \"CVE-2011-0411\",\n \"CVE-2011-0419\",\n \"CVE-2011-0420\",\n \"CVE-2011-0421\",\n \"CVE-2011-0534\",\n \"CVE-2011-0707\",\n \"CVE-2011-0708\",\n \"CVE-2011-1092\",\n \"CVE-2011-1153\",\n \"CVE-2011-1466\",\n \"CVE-2011-1467\",\n \"CVE-2011-1468\",\n \"CVE-2011-1469\",\n \"CVE-2011-1470\",\n \"CVE-2011-1471\",\n \"CVE-2011-1521\",\n \"CVE-2011-1755\",\n \"CVE-2011-1910\",\n \"CVE-2011-2464\",\n \"CVE-2011-2690\",\n \"CVE-2011-2691\",\n \"CVE-2011-2692\",\n \"CVE-2011-3192\",\n \"CVE-2011-3213\",\n \"CVE-2011-3214\",\n \"CVE-2011-3217\",\n \"CVE-2011-3218\",\n \"CVE-2011-3219\",\n \"CVE-2011-3220\",\n \"CVE-2011-3221\",\n \"CVE-2011-3222\",\n \"CVE-2011-3223\",\n \"CVE-2011-3224\",\n \"CVE-2011-3228\"\n );\n script_bugtraq_id(\n 37118,\n 37865,\n 39635,\n 40370,\n 40863,\n 41544,\n 44723,\n 45015,\n 45133,\n 45137,\n 45668,\n 46164,\n 46174,\n 46177,\n 46354,\n 46365,\n 46429,\n 46464,\n 46767,\n 46786,\n 46854,\n 46967,\n 46968,\n 46969,\n 46970,\n 46975,\n 46977,\n 48007,\n 48250,\n 48566,\n 48618,\n 48660,\n 49303,\n 50085,\n 50091,\n 50092,\n 50095,\n 50098,\n 50100,\n 50101,\n 50111,\n 50116,\n 50117,\n 50122,\n 50127,\n 50130,\n 50131,\n 50150 \n );\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2011-006)\");\n script_summary(english:\"Check for the presence of Security Update 2011-006\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host is missing a Mac OS X update that fixes several\nsecurity issues.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is running a version of Mac OS X 10.6 that does not\nhave Security Update 2011-006 applied. This update contains numerous\nsecurity-related fixes for the following components :\n\n - Apache\n - Application Firewall\n - ATS\n - BIND\n - Certificate Trust Policy\n - CFNetwork\n - CoreFoundation\n - CoreMedia\n - File Systems\n - IOGraphics\n - iChat Server\n - Mailman\n - MediaKit\n - PHP\n - postfix\n - python\n - QuickTime\n - Tomcat\n - User Documentation\n - Web Server\n - X11\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-11-295/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-11-303/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-12-136/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/523931/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT5002\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2011/Oct/msg00003.html\");\n script_set_attribute(attribute:\"solution\", value:\"Install Security Update 2011-006 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) exit(0, \"The host does not appear to be running Mac OS X.\");\n\n\nif (ereg(pattern:\"Mac OS X 10\\.6([^0-9]|$)\", string:os)) \n{\n packages = get_kb_item_or_exit(\"Host/MacOSX/packages/boms\", exit_code:1);\n\n if (egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\.(2011\\.00[6-9]|201[2-9]\\.[0-9]+)(\\.snowleopard[0-9.]*)?\\.bom\", string:packages)) \n exit(0, \"The host has Security Update 2011-006 or later installed and therefore is not affected.\");\n else \n security_hole(0);\n}\nelse exit(0, \"The host is running \"+os+\" and therefore is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:18:35", "description": "The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2012-002 applied. This update contains multiple security-related fixes for the following components :\n\n - curl\n - Directory Service\n - ImageIO\n - libarchive\n - libsecurity\n - libxml\n - Quartz Composer\n - QuickTime\n - Ruby\n - Samba\n - Security Framework", "cvss3": {}, "published": "2012-05-10T00:00:00", "type": "nessus", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2012-002) (BEAST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0241", "CVE-2011-1004", "CVE-2011-1005", "CVE-2011-1167", "CVE-2011-1777", "CVE-2011-1778", "CVE-2011-1944", "CVE-2011-2692", "CVE-2011-2821", "CVE-2011-2834", "CVE-2011-3328", "CVE-2011-3389", "CVE-2011-3919", "CVE-2011-4815", "CVE-2012-0651", "CVE-2012-0654", "CVE-2012-0655", "CVE-2012-0657", "CVE-2012-0658", "CVE-2012-0659", "CVE-2012-0660", "CVE-2012-0662", "CVE-2012-0870", "CVE-2012-1182"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2012-002.NASL", "href": "https://www.tenable.com/plugins/nessus/59067", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59067);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2011-0241\",\n \"CVE-2011-1004\",\n \"CVE-2011-1005\",\n \"CVE-2011-1167\",\n \"CVE-2011-1777\",\n \"CVE-2011-1778\",\n \"CVE-2011-1944\",\n \"CVE-2011-2692\",\n \"CVE-2011-2821\",\n \"CVE-2011-2834\",\n \"CVE-2011-3328\",\n \"CVE-2011-3389\",\n \"CVE-2011-3919\",\n \"CVE-2011-4815\",\n \"CVE-2012-0651\",\n \"CVE-2012-0654\",\n \"CVE-2012-0655\",\n \"CVE-2012-0657\",\n \"CVE-2012-0658\",\n \"CVE-2012-0659\",\n \"CVE-2012-0660\",\n \"CVE-2012-0662\",\n \"CVE-2012-0870\",\n \"CVE-2012-1182\"\n );\n script_bugtraq_id(\n 46458,\n 46460,\n 46951,\n 47737,\n 48056,\n 48618,\n 48833,\n 49279,\n 49658,\n 49744,\n 49778,\n 51198,\n 51300,\n 52103,\n 52973,\n 53458,\n 53462,\n 53465,\n 53467,\n 53468,\n 53469,\n 53471,\n 53473\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2012-05-09-1\");\n script_xref(name:\"CERT\", value:\"864643\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2012-002) (BEAST)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes multiple\nsecurity vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.6 that does not\nhave Security Update 2012-002 applied. This update contains multiple\nsecurity-related fixes for the following components :\n\n - curl\n - Directory Service\n - ImageIO\n - libarchive\n - libsecurity\n - libxml\n - Quartz Composer\n - QuickTime\n - Ruby\n - Samba\n - Security Framework\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-12-137/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/523932/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT5281\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2012/May/msg00001.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2011/09/23/chromeandbeast.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/tls-cbc.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Security Update 2012-002 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\nif (!ereg(pattern:\"Mac OS X 10\\.6([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, \"Mac OS X 10.6\");\n\npackages = get_kb_item_or_exit(\"Host/MacOSX/packages/boms\", exit_code:1);\nif (\n egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\.(2012\\.00[2-9]|201[3-9]\\.[0-9]+)(\\.snowleopard[0-9.]*)?\\.bom\", string:packages) ||\n egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\.2012\\.002(\\.snowleopard)?\\.1\\.0\\.bom\", string:packages)\n) exit(0, \"The host has Security Update 2012-002 or later installed and therefore is not affected.\");\nelse\n{\n if (report_verbosity > 0)\n {\n security_boms = egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\", string:packages);\n\n report = '\\n Installed security updates : ';\n if (security_boms) report += str_replace(find:'\\n', replace:'\\n ', string:security_boms);\n else report += 'n/a';\n report += '\\n';\n\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:07:16", "description": "The version of Mac OS X on the remote system is unsupported, and therefore unable to receive the latest security updates from Apple.", "cvss3": {}, "published": "2004-07-06T00:00:00", "type": "nessus", "title": "MacOS X Version Unsupported", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2002-1363", "CVE-2003-0020", "CVE-2003-0542", "CVE-2003-0543", "CVE-2003-0544", "CVE-2003-0545", "CVE-2003-0987", "CVE-2004-0079", "CVE-2004-0081", "CVE-2004-0112", "CVE-2004-0174", "CVE-2004-0421", "CVE-2004-0485", "CVE-2004-0488", "CVE-2004-0492", "CVE-2004-0597", "CVE-2004-0598", "CVE-2004-0599", "CVE-2004-0642", "CVE-2004-0643", "CVE-2004-0644", "CVE-2004-0743", "CVE-2004-0744", "CVE-2004-0747", "CVE-2004-0748", "CVE-2004-0751", "CVE-2004-0772", "CVE-2004-0786", "CVE-2004-0803", "CVE-2004-0804", "CVE-2004-0885", "CVE-2004-0886", "CVE-2004-0940", "CVE-2004-1081", "CVE-2004-1082", "CVE-2004-1083", "CVE-2004-1084", "CVE-2004-1085", "CVE-2004-1086", "CVE-2004-1087", "CVE-2004-1088", "CVE-2004-1089", "CVE-2004-1121", "CVE-2004-1122", "CVE-2004-1123"], "modified": "2015-09-24T00:00:00", "cpe": [], "id": "MACOSX_VERSION.NASL", "href": "https://www.tenable.com/plugins/nessus/12521", "sourceData": "#%NASL_MIN_LEVEL 999999\n\n# @DEPRECATED@\n#\n# Disabled on 2014/07/06. Deprecated by unsupported_operating_system.nasl.\n#\n\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(12521);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/01\");\n\n script_cve_id(\"CVE-2004-0743\", \"CVE-2004-0744\", \"CVE-2004-0485\");\n script_bugtraq_id(10904, 10406, 10401, 10400);\n\n script_name(english:\"MacOS X Version Unsupported\");\n script_summary(english:\"Check for the version of MacOS X\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote host is using an unsupported version of Mac OS X.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mac OS X on the remote system is unsupported, and\ntherefore unable to receive the latest security updates from Apple.\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to an up-to-date version of Mac OS X.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"unsupported_by_vendor\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2004-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"os_fingerprint.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OS\");\n\n exit(0);\n}\n\n# Deprecated.\nexit(0, \"This plugin has been deprecated. Use plugin #33850 (unsupported_operating_system.nasl) instead.\");\n\n\n#\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif ( ! os ) os = get_kb_item(\"Host/OS\");\n\nif ( ! os ) exit(0, \"The 'Host/MacOSX/Version' and 'Host/OS' KB items are missing.\");\n\n\nif ( os && \"Mac OS X\" >< os )\n{\n version = os - \"Mac OS X \";\n\n set_kb_item(name:\"Host/MacOSX\", value: os);\n if ( ereg(pattern:\"Mac OS X 10\\.1\\.\", string:os ))\n {\n report = \"\nThe remote host is running Mac OS X 10.1. This version is not supported\nby Apple any more, you should upgrade the remote host to the latest version\nof Mac OS X.\n\";\n if ( ereg(pattern:\"Mac OS X 10\\.1\\.[0-4]\", string:os ))\n {\n report += \"\nIn addition to this, the remote host should at least be upgraded to\nMacOS 10.1.5 using 'softwareupdate', as it is the last supported version\nof the system.\n\";\n }\n if (defined_func(\"report_xml_tag\"))\n {\n report_xml_tag(tag:\"operating-system-unsupported\", value:\"true\");\n report_xml_tag(tag:\"UnsupportedProduct:apple:mac_os_x:\"+version, value:\"true\");\n }\n security_hole(port:0, extra:report);\n }\n\n if ( ereg(pattern:\"Mac OS X 10\\.2\\.\", string:os ))\n {\n report = \"\nThe remote host is running Mac OS X 10.2. This version is not supported\nby Apple any more, you should upgrade the remote host to the latest version\nof Mac OS X.\n\";\n if ( ereg(pattern:\"Mac OS X 10\\.2\\.[0-7]\", string:os ))\n {\n report += \"\nIn addition to this, the remote host should at least be upgraded to\nMacOS 10.2.8 using 'softwareupdate', as it is the last supported version\nof the system.\n\";\n }\n\n if (defined_func(\"report_xml_tag\"))\n {\n report_xml_tag(tag:\"operating-system-unsupported\", value:\"true\");\n report_xml_tag(tag:\"UnsupportedProduct:apple:mac_os_x:\"+version, value:\"true\"); \n }\n security_hole(port:0, extra:report);\n }\n\n if ( ereg(pattern:\"Mac OS X 10\\.([3-9]|2\\.8)\", string:os ) )\n {\n set_kb_item(name:\"CVE-2003-0542\", value:TRUE);\n set_kb_item(name:\"CVE-2003-0543\", value:TRUE);\n set_kb_item(name:\"CVE-2003-0544\", value:TRUE);\n set_kb_item(name:\"CVE-2003-0545\", value:TRUE);\n }\n\n\n\n\n\n if ( ereg(pattern:\"Mac OS X 10\\.3\\.[0-8]\", string:os ))\n {\n report = \"\nThe remote host is running a version of Mac OS X 10.3 which is older\nthan version 10.3.9.\n\nApple's newest security updates require Mac OS X 10.3.9 to be applied\nproperly. The remote host should be upgraded to this version as soon\nas possible.\n\";\n\n if (defined_func(\"report_xml_tag\"))\n {\n report_xml_tag(tag:\"operating-system-unsupported\", value:\"true\");\n report_xml_tag(tag:\"UnsupportedProduct:apple:mac_os_x:\"+version, value:\"true\"); \n }\n security_hole(port:0, extra:report);\n }\n\n if ( ereg(pattern:\"Mac OS X 10\\.(3\\.[3-9]|[4-9])\", string:os ))\n {\n set_kb_item(name:\"CVE-2004-0174\", value:TRUE);\n set_kb_item(name:\"CVE-2003-0020\", value:TRUE);\n }\n\n\n if ( ereg(pattern:\"Mac OS X 10\\.(3\\.[4-9]|[4-9])\", string:os))\n {\n set_kb_item(name:\"CVE-2004-0174\", value:TRUE);\n set_kb_item(name:\"CVE-2003-0020\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0079\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0081\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0112\", value:TRUE);\n }\n\n if ( ereg(pattern:\"Mac OS X 10\\.(3\\.[5-9]|[4-9])\", string:os))\n {\n set_kb_item(name:\"CVE-2002-1363\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0421\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0597\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0598\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0599\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0743\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0744\", value:TRUE);\n }\n if ( ereg(pattern:\"Mac OS X 10\\.(3\\.[7-9]|[4-9])\", string:os))\n {\n set_kb_item(name:\"CVE-2004-1082\", value:TRUE);\n set_kb_item(name:\"CVE-2003-0020\", value:TRUE);\n set_kb_item(name:\"CVE-2003-0987\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0174\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0488\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0492\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0885\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0940\", value:TRUE);\n set_kb_item(name:\"CVE-2004-1083\", value:TRUE);\n set_kb_item(name:\"CVE-2004-1084\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0747\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0786\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0751\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0748\", value:TRUE);\n set_kb_item(name:\"CVE-2004-1081\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0803\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0804\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0886\", value:TRUE);\n set_kb_item(name:\"CVE-2004-1089\", value:TRUE);\n set_kb_item(name:\"CVE-2004-1085\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0642\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0643\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0644\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0772\", value:TRUE);\n set_kb_item(name:\"CVE-2004-1088\", value:TRUE);\n set_kb_item(name:\"CVE-2004-1086\", value:TRUE);\n set_kb_item(name:\"CVE-2004-1123\", value:TRUE);\n set_kb_item(name:\"CVE-2004-1121\", value:TRUE);\n set_kb_item(name:\"CVE-2004-1122\", value:TRUE);\n set_kb_item(name:\"CVE-2004-1087\", value:TRUE);\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "osv": [{"lastseen": "2022-08-10T07:06:54", "description": "\nThe PNG library libpng has been affected by several vulnerabilities. The most \ncritical one is the identified as \n[\\\nCVE-2011-2690](https://security-tracker.debian.org/tracker/CVE-2011-2690). Using this vulnerability, an attacker is able to overwrite \nmemory with an arbitrary amount of data controlled by her via a crafted PNG \nimage.\n\n\nThe other vulnerabilities are less critical and allow an attacker to \ncause a crash in the program (denial of service) via a crafted PNG \nimage.\n\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.2.27-2+lenny5. Due to a technical limitation in the Debian\narchive processing scripts, the updated packages cannot be released\nin parallel with the packages for Squeeze. They will appear shortly.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.44-1+squeeze1.\n\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.2.46-1.\n\n\nWe recommend that you upgrade your libpng packages.\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2011-07-28T00:00:00", "type": "osv", "title": "libpng - several vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2501", "CVE-2011-2691", "CVE-2011-2692", "CVE-2011-2690"], "modified": "2022-08-10T07:06:22", "id": "OSV:DSA-2287-1", "href": "https://osv.dev/vulnerability/DSA-2287-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-12T05:43:07", "description": "\nSteve Grubb discovered a problem in the Portable Network Graphics\nlibrary libpng which is utilised in several applications. When\nprocessing a broken PNG image, the error handling routine will access\nmemory that is out of bounds when creating an error message.\nDepending on machine architecture, bounds checking and other\nprotective measures, this problem could cause the program to crash if\na defective or intentionally prepared PNG image file is handled by\nlibpng.\n\n\nThis could be used as a denial of service attack against various\nprograms that link against this library. The following commands will\nshow you which packages utilise this library and whose programs should\nprobably restarted after an upgrade:\n\n\n\n```\n\n apt-cache showpkg libpng2\n apt-cache showpkg libpng3\n\n```\n\nThe following security matrix explains which package versions will\ncontain a correction.\n\n\n\n\n| Package | stable (woody) | unstable (sid) |\n| --- | --- | --- |\n| libpng | 1.0.12-3.woody.5 | 1.0.15-5 |\n| libpng3 | 1.2.1-1.1.woody.5 | 1.2.5.0-6 |\n\n\nWe recommend that you upgrade your libpng and related packages.\n\n\n", "cvss3": {}, "published": "2004-04-30T00:00:00", "type": "osv", "title": "libpng - out of bound access", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0421"], "modified": "2014-04-29T17:19:40", "id": "OSV:DSA-498", "href": "https://osv.dev/vulnerability/DSA-498", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:43", "description": "[2:1.2.46-1]\n- Update to libpng 1.2.46, includes fixes for CVE-2011-2501, CVE-2011-2690,\n CVE-2011-2691, CVE-2011-2692\nResolves: #721305", "cvss3": {}, "published": "2011-07-28T00:00:00", "type": "oraclelinux", "title": "libpng security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2011-2501", "CVE-2011-2691", "CVE-2011-2692", "CVE-2011-2690"], "modified": "2011-07-28T00:00:00", "id": "ELSA-2011-1105", "href": "http://linux.oracle.com/errata/ELSA-2011-1105.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:43", "description": "libpng:\n[2:1.2.7-8]\n- Remove incorrect fix for CVE-2011-2690; that bug doesn't exist in 1.2.7\nResolves: #721302\n[2:1.2.7-7]\n- Back-port fixes for CVE-2011-2690, CVE-2011-2692\n Note: CVE-2011-2691, announced at the same time, does not apply to 1.2.7;\n likewise for CVE-2011-2501\nResolves: #721302\nlibpng10:\n[1.0.16-9]\n- Remove incorrect fix for CVE-2011-2690; that bug doesn't exist in 1.0.16\nResolves: #721308\n[1.0.16-8]\n- Back-port fixes for CVE-2011-2690, CVE-2011-2692\n Note: CVE-2011-2691, announced at the same time, does not apply to 1.0.16;\n likewise for CVE-2011-2501\nResolves: #721308", "cvss3": {}, "published": "2011-07-28T00:00:00", "type": "oraclelinux", "title": "libpng security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2011-2501", "CVE-2011-2691", "CVE-2011-2692", "CVE-2011-2690"], "modified": "2011-07-28T00:00:00", "id": "ELSA-2011-1103", "href": "http://linux.oracle.com/errata/ELSA-2011-1103.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:49", "description": "[2:1.2.10-7.1.el5_7.5]\n- Install the correct fix for CVE-2011-2690\nResolves: #721303\n[2:1.2.10-7.1.el5_7.4]\n- Back-port fixes for CVE-2011-2690, CVE-2011-2692\n Note: CVE-2011-2691, announced at the same time, does not apply to 1.2.10;\n likewise for CVE-2011-2501\nResolves: #721303", "cvss3": {}, "published": "2011-08-01T00:00:00", "type": "oraclelinux", "title": "libpng security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2011-2501", "CVE-2011-2691", "CVE-2011-2692", "CVE-2011-2690"], "modified": "2011-08-01T00:00:00", "id": "ELSA-2011-1104", "href": "http://linux.oracle.com/errata/ELSA-2011-1104.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2023-05-02T16:52:35", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2287-1 security@debian.org\nhttp://www.debian.org/security/ Luciano Bello\nJuly 28, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libpng\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-2501 CVE-2011-2690 CVE-2011-2691 CVE-2011-2692 \nDebian Bug : #632786 #633871\n\nThe PNG library libpng has been affected by several vulnerabilities. The\nmost critical one is the identified as CVE-2011-2690. Using this \nvulnerability, an attacker is able to overwrite memory with an\narbitrary amount of data controlled by her via a crafted PNG image.\n\nThe other vulnerabilities are less critical and allow an attacker to \ncause a crash in the program (denial of service) via a crafted PNG \nimage.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.2.27-2+lenny5. Due to a technical limitation in the Debian\narchive processing scripts, the updated packages cannot be released\nin paralell with the packages for Squeeze. They will appear shortly.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.44-1+squeeze1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.2.46-1.\n\nWe recommend that you upgrade your libpng packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2011-07-28T16:23:46", "type": "debian", "title": "[SECURITY] [DSA 2287-1] libpng security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2501", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692"], "modified": "2011-07-28T16:23:46", "id": "DEBIAN:DSA-2287-1:5F4DA", "href": "https://lists.debian.org/debian-security-announce/2011/msg00161.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-23T14:53:31", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 498-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nApril 30th, 2004 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : libpng, libpng3\nVulnerability : out of bound access\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CAN-2004-0421\n\nSteve Grubb discovered a problem in the Portable Network Graphics\nlibrary libpng which is utilised in several applications. When\nprocessing a broken PNG image, the error handling routine will access\nmemory that is out of bounds when creating an error message.\nDepending on machine architecture, bounds checking and other\nprotective measures, this problem could cause the program to crash if\na defective or intentionally prepared PNG image file is handled by\nlibpng.\n\nThis could be used as a denial of service attack against various\nprograms that link against this library. The following commands will\nshow you which packages utilise this library and whose programs should\nprobably restarted after an upgrade:\n\n apt-cache showpkg libpng2\n apt-cache showpkg libpng3\n\nThe following security matrix explains which package versions will\ncontain a correction.\n\nPackage stable (woody) unstable (sid)\nlibpng 1.0.12-3.woody.5 1.0.15-5\nlibpng3 1.2.1-1.1.woody.5 1.2.5.0-6\n\nWe recommend that you upgrade your libpng and related packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12-3.woody.5.dsc\n Size/MD5 checksum: 579 bb372469c10598bdab815584a793012e\n http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12-3.woody.5.diff.gz\n Size/MD5 checksum: 8544 eb859ba53f11527e17f9ee6f841dea51\n http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12.orig.tar.gz\n Size/MD5 checksum: 481387 3329b745968e41f6f9e55a4d04a4964c\n\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5.dsc\n Size/MD5 checksum: 582 474b8919fcd3913c2c0e269a4341cacb\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5.diff.gz\n Size/MD5 checksum: 8948 ec0d3a12f3fff3b54e0473832e8b4264\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1.orig.tar.gz\n Size/MD5 checksum: 493105 75a21cbfae566158a0ac6d9f39087c4d\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_alpha.deb\n Size/MD5 checksum: 129804 ba59e28e96642d247c49dec5b490df90\n http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_alpha.deb\n Size/MD5 checksum: 270048 5a0c90a374ec854b5245db92c64e18c0\n\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_alpha.deb\n Size/MD5 checksum: 276140 2a1277e1e48c0b04c09d1d6907458bb6\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_alpha.deb\n Size/MD5 checksum: 133120 e5aae07a6504392c3af924f0516594a5\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_arm.deb\n Size/MD5 checksum: 108432 ccde2f056e0573decab54dc9b5863a03\n http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_arm.deb\n Size/MD5 checksum: 241164 37f7b9a7e70f8ada93ef4144f3a7b112\n\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_arm.deb\n Size/MD5 checksum: 247362 9a03e85528176935ee656412d1d39f5c\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_arm.deb\n Size/MD5 checksum: 111638 61a50fb248af723cd7e7a8359531335f\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_i386.deb\n Size/MD5 checksum: 106928 5ebba610b5ea04e708b4b859a421e94d\n http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_i386.deb\n Size/MD5 checksum: 227334 4faf9b8916bbc2def04b0e15f4933c24\n\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_i386.deb\n Size/MD5 checksum: 233082 6a38ed52250de4c76eba02aef5fcb54d\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_i386.deb\n Size/MD5 checksum: 110082 4de92f1660f871372e1fad392ef03df0\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_ia64.deb\n Size/MD5 checksum: 146464 29a93c7fb358885d31607e68b796d70d\n http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_ia64.deb\n Size/MD5 checksum: 271462 c959b40f0e77635aaf9c24b8be1cf6bf\n\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_ia64.deb\n Size/MD5 checksum: 278608 1e09c2aaf8eeda61581891f6e3ffdaba\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_ia64.deb\n Size/MD5 checksum: 151148 ccbd7ac3077ea446070cde5d0717fee8\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_hppa.deb\n Size/MD5 checksum: 128434 415d56bb9afd5344b2bfadf70554119b\n http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_hppa.deb\n Size/MD5 checksum: 262252 dc6c82d209413d8200a1828de709f040\n\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_hppa.deb\n Size/MD5 checksum: 269434 e20f5d2fdb4cadea4010c47e6b4ce680\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_hppa.deb\n Size/MD5 checksum: 132630 e8ddf5e195465930111de2edafe3a1cb\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_m68k.deb\n Size/MD5 checksum: 103546 912b49f931e2c46730747da0f9aaf3d4\n http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_m68k.deb\n Size/MD5 checksum: 220492 3b0469efbda0028f53540c636ee3707a\n\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_m68k.deb\n Size/MD5 checksum: 226160 bef7a94af6aef0b3ef3379496e5e6f68\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_m68k.deb\n Size/MD5 checksum: 106560 1e5ba78b848a81e90a63b803e75be1de\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_mips.deb\n Size/MD5 checksum: 108554 c1e1f090aa49be62d693892b9e6681a1\n http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_mips.deb\n Size/MD5 checksum: 240312 e8e1fcacba1452118884dc3472405ff7\n\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_mips.deb\n Size/MD5 checksum: 246804 4f4cd388a577ff7e9d7b1ea646fdc820\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_mips.deb\n Size/MD5 checksum: 111908 cbff4d8f1bc4a8636bc2cdda221a8f4e\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_mipsel.deb\n Size/MD5 checksum: 108436 8a0dcd7bd57c59353824b91fedcb3d1a\n http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_mipsel.deb\n Size/MD5 checksum: 240178 204f4660f50b943e111a152a7c7a2c23\n\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_mipsel.deb\n Size/MD5 checksum: 246732 462742addee5f47e8488698bf30c365c\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_mipsel.deb\n Size/MD5 checksum: 111836 74db6d7fca696098b1470b93a9490895\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_powerpc.deb\n Size/MD5 checksum: 109962 a7fe7934ed97f30e8d7e86f21ffd5f46\n http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_powerpc.deb\n Size/MD5 checksum: 234432 a087736296563bb163fe7167eb157b6e\n\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_powerpc.deb\n Size/MD5 checksum: 240508 7ef271695467ea719eb29fe880300b9d\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_powerpc.deb\n Size/MD5 checksum: 113010 4163eb938e5f3b898debc77b700a9174\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_s390.deb\n Size/MD5 checksum: 110036 62680709ae57096ef5fe9a7c76da614d\n http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_s390.deb\n Size/MD5 checksum: 229300 f0203f50d15d203ce70dce008e1f671d\n\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_s390.deb\n Size/MD5 checksum: 234926 a0c5bd8af72b5e8acdec0b4b8c286300\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_s390.deb\n Size/MD5 checksum: 113080 10c4fdf29f8cd673424341f7d53e4c4f\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_sparc.deb\n Size/MD5 checksum: 109966 0b5f9a9e01934411c61ccbf5062a136c\n http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_sparc.deb\n Size/MD5 checksum: 231840 2c2a9b0892a2188264bddf54487de82f\n\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_sparc.deb\n Size/MD5 checksum: 237652 913dd15af5d3fb1a5cdb88aeb3cb2715\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_sparc.deb\n Size/MD5 checksum: 113390 f55bf3b2794d8f3370fae6ef82362d88\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;", "cvss3": {}, "published": "2004-04-30T10:31:34", "type": "debian", "title": "[SECURITY] [DSA 498-1] New libpng packages fix denial of service", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0421"], "modified": "2004-04-30T10:31:34", "id": "DEBIAN:DSA-498-1:A2156", "href": "https://lists.debian.org/debian-security-announce/2004/msg00098.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-02T17:59:49", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 498-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nApril 30th, 2004 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : libpng, libpng3\nVulnerability : out of bound access\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CAN-2004-0421\n\nSteve Grubb discovered a problem in the Portable Network Graphics\nlibrary libpng which is utilised in several applications. When\nprocessing a broken PNG image, the error handling routine will access\nmemory that is out of bounds when creating an error message.\nDepending on machine architecture, bounds checking and other\nprotective measures, this problem could cause the program to crash if\na defective or intentionally prepared PNG image file is handled by\nlibpng.\n\nThis could be used as a denial of service attack against various\nprograms that link against this library. The following commands will\nshow you which packages utilise this library and whose programs should\nprobably restarted after an upgrade:\n\n apt-cache showpkg libpng2\n apt-cache showpkg libpng3\n\nThe following security matrix explains which package versions will\ncontain a correction.\n\nPackage stable (woody) unstable (sid)\nlibpng 1.0.12-3.woody.5 1.0.15-5\nlibpng3 1.2.1-1.1.woody.5 1.2.5.0-6\n\nWe recommend that you upgrade your libpng and related packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12-3.woody.5.dsc\n Size/MD5 checksum: 579 bb372469c10598bdab815584a793012e\n http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12-3.woody.5.diff.gz\n Size/MD5 checksum: 8544 eb859ba53f11527e17f9ee6f841dea51\n http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12.orig.tar.gz\n Size/MD5 checksum: 481387 3329b745968e41f6f9e55a4d04a4964c\n\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5.dsc\n Size/MD5 checksum: 582 474b8919fcd3913c2c0e269a4341cacb\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5.diff.gz\n Size/MD5 checksum: 8948 ec0d3a12f3fff3b54e0473832e8b4264\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1.orig.tar.gz\n Size/MD5 checksum: 493105 75a21cbfae566158a0ac6d9f39087c4d\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_alpha.deb\n Size/MD5 checksum: 129804 ba59e28e96642d247c49dec5b490df90\n http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_alpha.deb\n Size/MD5 checksum: 270048 5a0c90a374ec854b5245db92c64e18c0\n\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_alpha.deb\n Size/MD5 checksum: 276140 2a1277e1e48c0b04c09d1d6907458bb6\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_alpha.deb\n Size/MD5 checksum: 133120 e5aae07a6504392c3af924f0516594a5\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_arm.deb\n Size/MD5 checksum: 108432 ccde2f056e0573decab54dc9b5863a03\n http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_arm.deb\n Size/MD5 checksum: 241164 37f7b9a7e70f8ada93ef4144f3a7b112\n\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_arm.deb\n Size/MD5 checksum: 247362 9a03e85528176935ee656412d1d39f5c\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_arm.deb\n Size/MD5 checksum: 111638 61a50fb248af723cd7e7a8359531335f\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_i386.deb\n Size/MD5 checksum: 106928 5ebba610b5ea04e708b4b859a421e94d\n http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_i386.deb\n Size/MD5 checksum: 227334 4faf9b8916bbc2def04b0e15f4933c24\n\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_i386.deb\n Size/MD5 checksum: 233082 6a38ed52250de4c76eba02aef5fcb54d\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_i386.deb\n Size/MD5 checksum: 110082 4de92f1660f871372e1fad392ef03df0\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_ia64.deb\n Size/MD5 checksum: 146464 29a93c7fb358885d31607e68b796d70d\n http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_ia64.deb\n Size/MD5 checksum: 271462 c959b40f0e77635aaf9c24b8be1cf6bf\n\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_ia64.deb\n Size/MD5 checksum: 278608 1e09c2aaf8eeda61581891f6e3ffdaba\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_ia64.deb\n Size/MD5 checksum: 151148 ccbd7ac3077ea446070cde5d0717fee8\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_hppa.deb\n Size/MD5 checksum: 128434 415d56bb9afd5344b2bfadf70554119b\n http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_hppa.deb\n Size/MD5 checksum: 262252 dc6c82d209413d8200a1828de709f040\n\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_hppa.deb\n Size/MD5 checksum: 269434 e20f5d2fdb4cadea4010c47e6b4ce680\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_hppa.deb\n Size/MD5 checksum: 132630 e8ddf5e195465930111de2edafe3a1cb\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_m68k.deb\n Size/MD5 checksum: 103546 912b49f931e2c46730747da0f9aaf3d4\n http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_m68k.deb\n Size/MD5 checksum: 220492 3b0469efbda0028f53540c636ee3707a\n\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_m68k.deb\n Size/MD5 checksum: 226160 bef7a94af6aef0b3ef3379496e5e6f68\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_m68k.deb\n Size/MD5 checksum: 106560 1e5ba78b848a81e90a63b803e75be1de\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_mips.deb\n Size/MD5 checksum: 108554 c1e1f090aa49be62d693892b9e6681a1\n http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_mips.deb\n Size/MD5 checksum: 240312 e8e1fcacba1452118884dc3472405ff7\n\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_mips.deb\n Size/MD5 checksum: 246804 4f4cd388a577ff7e9d7b1ea646fdc820\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_mips.deb\n Size/MD5 checksum: 111908 cbff4d8f1bc4a8636bc2cdda221a8f4e\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_mipsel.deb\n Size/MD5 checksum: 108436 8a0dcd7bd57c59353824b91fedcb3d1a\n http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_mipsel.deb\n Size/MD5 checksum: 240178 204f4660f50b943e111a152a7c7a2c23\n\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_mipsel.deb\n Size/MD5 checksum: 246732 462742addee5f47e8488698bf30c365c\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_mipsel.deb\n Size/MD5 checksum: 111836 74db6d7fca696098b1470b93a9490895\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_powerpc.deb\n Size/MD5 checksum: 109962 a7fe7934ed97f30e8d7e86f21ffd5f46\n http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_powerpc.deb\n Size/MD5 checksum: 234432 a087736296563bb163fe7167eb157b6e\n\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_powerpc.deb\n Size/MD5 checksum: 240508 7ef271695467ea719eb29fe880300b9d\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_powerpc.deb\n Size/MD5 checksum: 113010 4163eb938e5f3b898debc77b700a9174\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_s390.deb\n Size/MD5 checksum: 110036 62680709ae57096ef5fe9a7c76da614d\n http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_s390.deb\n Size/MD5 checksum: 229300 f0203f50d15d203ce70dce008e1f671d\n\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_s390.deb\n Size/MD5 checksum: 234926 a0c5bd8af72b5e8acdec0b4b8c286300\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_s390.deb\n Size/MD5 checksum: 113080 10c4fdf29f8cd673424341f7d53e4c4f\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_sparc.deb\n Size/MD5 checksum: 109966 0b5f9a9e01934411c61ccbf5062a136c\n http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_sparc.deb\n Size/MD5 checksum: 231840 2c2a9b0892a2188264bddf54487de82f\n\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_sparc.deb\n Size/MD5 checksum: 237652 913dd15af5d3fb1a5cdb88aeb3cb2715\n http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_sparc.deb\n Size/MD5 checksum: 113390 f55bf3b2794d8f3370fae6ef82362d88\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;", "cvss3": {}, "published": "2004-04-30T10:31:34", "type": "debian", "title": "[SECURITY] [DSA 498-1] New libpng packages fix denial of service", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0421"], "modified": "2004-04-30T10:31:34", "id": "DEBIAN:DSA-498-1:EC484", "href": "https://lists.debian.org/debian-security-announce/2004/msg00098.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:43", "description": "Multiple vulnerabilities on PNG parsing.", "cvss3": {}, "published": "2011-07-26T00:00:00", "type": "securityvulns", "title": "libpng library multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-2501", "CVE-2011-2692", "CVE-2011-2690"], "modified": "2011-07-26T00:00:00", "id": "SECURITYVULNS:VULN:11816", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11816", "sourceData": "", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:41", "description": "==========================================================================\r\nUbuntu Security Notice USN-1175-1\r\nJuly 26, 2011\r\n\r\nlibpng vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 11.04\r\n- Ubuntu 10.10\r\n- Ubuntu 10.04 LTS\r\n- Ubuntu 8.04 LTS\r\n\r\nSummary:\r\n\r\nLibpng could be made to run programs as your login if it opened a\r\nspecially crafted file.\r\n\r\nSoftware Description:\r\n- libpng: PNG &#40;Portable Network Graphics&#41; file library\r\n\r\nDetails:\r\n\r\nFrank Busse discovered that libpng did not properly handle certain\r\nmalformed PNG images. If a user or automated system were tricked into\r\nopening a crafted PNG file, an attacker could cause libpng to crash,\r\nresulting in a denial of service. This issue only affected Ubuntu\r\n10.04 LTS, 10.10, and 11.04. &#40;CVE-2011-2501&#41;\r\n\r\nIt was discovered that libpng did not properly handle certain malformed PNG\r\nimages. If a user or automated system were tricked into opening a crafted\r\nPNG file, an attacker could cause a denial of service or possibly execute\r\narbitrary code with the privileges of the user invoking the program.\r\n&#40;CVE-2011-2690&#41;\r\n\r\nFrank Busse discovered that libpng did not properly handle certain PNG\r\nimages with invalid sCAL chunks. If a user or automated system were tricked\r\ninto opening a crafted PNG file, an attacker could cause a denial of\r\nservice or possibly execute arbitrary code with the privileges of the user\r\ninvoking the program. &#40;CVE-2011-2692&#41;\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 11.04:\r\n libpng12-0 1.2.44-1ubuntu3.1\r\n\r\nUbuntu 10.10:\r\n libpng12-0 1.2.44-1ubuntu0.1\r\n\r\nUbuntu 10.04 LTS:\r\n libpng12-0 1.2.42-1ubuntu2.2\r\n\r\nUbuntu 8.04 LTS:\r\n libpng12-0 1.2.15~beta5-3ubuntu0.4\r\n\r\nAfter a standard system update you need to reboot your computer to make\r\nall the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1175-1\r\n CVE-2011-2501, CVE-2011-2690, CVE-2011-2692\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/libpng/1.2.44-1ubuntu3.1\r\n https://launchpad.net/ubuntu/+source/libpng/1.2.44-1ubuntu0.1\r\n https://launchpad.net/ubuntu/+source/libpng/1.2.42-1ubuntu2.2\r\n https://launchpad.net/ubuntu/+source/libpng/1.2.15~beta5-3ubuntu0.4\r\n\r\n", "cvss3": {}, "published": "2011-07-26T00:00:00", "type": "securityvulns", "title": "[USN-1175-1] libpng vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-2501", "CVE-2011-2692", "CVE-2011-2690"], "modified": "2011-07-26T00:00:00", "id": "SECURITYVULNS:DOC:26714", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26714", "sourceData": "", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:09", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n________________________________________________________________________\r\n\r\nOpenPKG Security Advisory The OpenPKG Project\r\nhttp://www.openpkg.org/security.html http://www.openpkg.org\r\nopenpkg-security@openpkg.org openpkg@openpkg.org\r\nOpenPKG-SA-2004.017 29-Apr-2004\r\n________________________________________________________________________\r\n\r\nPackage: png\r\nVulnerability: denial of service\r\nOpenPKG Specific: no\r\n\r\nAffected Releases: Affected Packages: Corrected Packages:\r\nOpenPKG CURRENT &lt;= abiword-2.1.1-20040406 &gt;= abiword-2.1.2-20040429\r\n &lt;= analog-5.32-20040207 &gt;= analog-5.32-20040429\r\n &lt;= doxygen-1.3.6-20040212 &gt;= doxygen-1.3.6-20040429\r\n &lt;= firefox-0.8-20040210 &gt;= firefox-0.8-20040429\r\n &lt;= ghostscript-8.14-20040220 &gt;= ghostscript-8.14-20040429\r\n &lt;= kde-3.2.3-20040406 &gt;= kde-qt-3.2.3-20040429\r\n &lt;= mozilla-1.7rc1-20040423 &gt;= mozilla-1.7rc1-20040429\r\n &lt;= pdflib-5.0.3-20040212 &gt;= pdflib-5.0.3-20040429\r\n &lt;= perl-tk-5.8.4-20040422 &gt;= perl-tk-5.8.4-20040429\r\n &lt;= png-1.2.5-20040207 &gt;= png-1.2.5-20040429\r\n &lt;= qt-3.3.2-20040428 &gt;= qt-3.3.2-20040429\r\n &lt;= rrdtool-1.0.48-20040407 &gt;= rrdtool-1.0.48-20040429\r\n &lt;= tetex-2.0.2-20040207 &gt;= tetex-2.0.2-20040429\r\n &lt;= wx-2.4.2-20040425 &gt;= wx-2.4.2-20040429\r\n\r\nOpenPKG 2.0 &lt;= analog-5.32-2.0.0 &gt;= analog-5.32-2.0.1\r\n &lt;= doxygen-1.3.6-2.0.0 &gt;= doxygen-1.3.6-2.0.1\r\n &lt;= ghostscript-8.13-2.0.0 &gt;= ghostscript-8.13-2.0.1\r\n &lt;= mozilla-1.6-2.0.0 &gt;= mozilla-1.6-2.0.1\r\n &lt;= pdflib-5.0.3-2.0.0 &gt;= pdflib-5.0.3-2.0.1\r\n &lt;= perl-tk-5.8.3-2.0.0 &gt;= perl-tk-5.8.3-2.0.1\r\n &lt;= png-1.2.5-2.0.0 &gt;= png-1.2.5-2.0.1\r\n &lt;= qt-3.2.3-2.0.0 &gt;= qt-3.2.3-2.0.1\r\n &lt;= rrdtool-1.0.46-2.0.0 &gt;= rrdtool-1.0.46-2.0.1\r\n &lt;= tetex-2.0.2-2.0.0 &gt;= tetex-2.0.2-2.0.1\r\n\r\nOpenPKG 1.3 &lt;= analog-5.32-1.3.0 &gt;= analog-5.32-1.3.1\r\n &lt;= doxygen-1.3.3-1.3.0 &gt;= doxygen-1.3.3-1.3.1\r\n &lt;= ghostscript-8.10-1.3.0 &gt;= ghostscript-8.10-1.3.1\r\n &lt;= pdflib-5.0.1-1.3.0 &gt;= pdflib-5.0.1-1.3.1\r\n &lt;= perl-tk-1.3.0-1.3.0 &gt;= perl-tk-1.3.0-1.3.1\r\n &lt;= png-1.2.5-1.3.0 &gt;= png-1.2.5-1.3.1\r\n &lt;= rrdtool-1.0.45-1.3.0 &gt;= rrdtool-1.0.45-1.3.1\r\n &lt;= tetex-2.0.2-1.3.0 &gt;= tetex-2.0.2-1.3.1\r\n\r\nAffected Releases: Dependent Packages:\r\nOpenPKG CURRENT apache autotrace blender cups emacs gd gdk-pixbuf\r\n gif2png gimp gnuplot gqview graphviz gtk2\r\n imagemagick imlib latex2html lbreakout libwmf\r\n mplayer mrtg nagios netpbm perl-gd php php3 php5\r\n povray pstoedit scribus transfig webalizer wml wv\r\n xemacs xfig xine-ui xplanet xv zimg\r\n\r\nOpenPKG 2.0 apache autotrace emacs gd gdk-pixbuf ghostscript\r\n gif2png gimp gnuplot graphviz gtk2 imagemagick\r\n imlib latex2html libwmf mozilla netpbm perl-gd\r\n perl-tk php png pstoedit qt transfig webalizer wml\r\n xfig xv\r\n\r\nOpenPKG 1.3 apache autotrace emacs gd gdk-pixbuf gif2png gimp\r\n gnuplot graphviz gtk2 imagemagick imlib latex2html\r\n libwmf netpbm perl-gd php pstoedit webalizer wml xv\r\n\r\n\r\nDescription:\r\n Steve Grubb discovered that the Portable Network Graphics &#40;PNG&#41;\r\n library libpng [1] accesses memory that is out of bounds when creating\r\n an error message. Depending on machine architecture, bounds checking\r\n and other protective measures, this problem could cause the program\r\n to crash if a defective or intentionally prepared PNG image file is\r\n handled by libpng. This can even lead to a Denial of Service &#40;DoS&#41;\r\n situation. The Common Vulnerabilities and Exposures &#40;CVE&#41; project\r\n assigned the id CAN-2004-0421 [2] to the problem.\r\n\r\n Please check whether you are affected by running &quot;&lt;prefix&gt;/bin/rpm\r\n -q png&quot; &#40;and similarly for the other affected packages which have\r\n PNG included&#41;. If you have the &quot;png&quot; package &#40;or one of the others&#41;\r\n installed and its version is affected &#40;see above&#41;, we recommend that\r\n you immediately upgrade it &#40;see Solution&#41; and its dependent packages\r\n &#40;see above&#41;, if any, too [3][4].\r\n\r\nSolution:\r\n Select the updated source RPM appropriate for your OpenPKG release\r\n [5][6], fetch it from the OpenPKG FTP service [7][8] or a mirror\r\n location, verify its integrity [9], build a corresponding binary RPM\r\n from it [3] and update your OpenPKG installation by applying the\r\n binary RPM [4]. For the most recent release OpenPKG 2.0, perform the\r\n following operations to permanently fix the security problem &#40;for\r\n other releases adjust accordingly&#41;.\r\n\r\n $ ftp ftp.openpkg.org\r\n ftp&gt; bin\r\n ftp&gt; cd release/2.0/UPD\r\n ftp&gt; get png-1.2.5-2.0.1.src.rpm\r\n ftp&gt; bye\r\n $ &lt;prefix&gt;/bin/openpkg rpm -v --checksig png-1.2.5-2.0.1.src.rpm\r\n $ &lt;prefix&gt;/bin/openpkg rpm --rebuild png-1.2.5-2.0.1.src.rpm\r\n $ su -\r\n # &lt;prefix&gt;/bin/openpkg rpm -Fvh &lt;prefix&gt;/RPM/PKG/png-1.2.5-2.0.1.*.rpm\r\n\r\n Additionally, we recommend that you rebuild and reinstall\r\n all dependent packages &#40;see above&#41;, if any, too [3][4].\r\n________________________________________________________________________\r\n\r\nReferences:\r\n [1] http://www.libpng.org/pub/png/\r\n [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0421\r\n [3] http://www.openpkg.org/tutorial.html#regular-source\r\n [4] http://www.openpkg.org/tutorial.html#regular-binary\r\n [5] ftp://ftp.openpkg.org/release/1.3/UPD/png-1.2.5-1.3.1.src.rpm\r\n [6] ftp://ftp.openpkg.org/release/2.0/UPD/png-1.2.5-2.0.1.src.rpm\r\n [7] ftp://ftp.openpkg.org/release/1.3/UPD/\r\n [8] ftp://ftp.openpkg.org/release/2.0/UPD/\r\n [9] http://www.openpkg.org/security.html#signature\r\n________________________________________________________________________\r\n\r\nFor security reasons, this advisory was digitally signed with the\r\nOpenPGP public key &quot;OpenPKG &lt;openpkg@openpkg.org&gt;&quot; &#40;ID 63C4CB9F&#41; of the\r\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\r\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org/\r\nfor details on how to verify the integrity of this advisory.\r\n________________________________________________________________________\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nComment: OpenPKG &lt;openpkg@openpkg.org&gt;\r\n\r\niD8DBQFAkWdagHWT4GPEy58RAhUzAJ91BK7ra6vUQfzOxYR0tF6OJKD9ZACcDu9K\r\nbQeFjP+LBoyEg6ikl+zNOf4=\r\n=EMRS\r\n-----END PGP SIGNATURE-----\r\n\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.netsys.com/full-disclosure-charter.html", "cvss3": {}, "published": "2004-04-30T00:00:00", "type": "securityvulns", "title": "[Full-Disclosure] [OpenPKG-SA-2004.017] OpenPKG Security Advisory &#40;png&#41;", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2004-0421"], "modified": "2004-04-30T00:00:00", "id": "SECURITYVULNS:DOC:6146", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:6146", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:20", "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n \r\n Mandriva Linux Security Advisory MDKSA-2006:213\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n \r\n Package : chromium\r\n Date : November 16, 2006\r\n Affected: 2007.0, Corporate 3.0\r\n _______________________________________________________________________\r\n \r\n Problem Description:\r\n \r\n Chromium is an OpenGL-based shoot them up game with fine graphics. It\r\n is built with a private copy of libpng, and as such could be\r\n susceptible to some of the same vulnerabilities:\r\n\r\n Buffer overflow in the png_decompress_chunk function in pngrutil.c in\r\n libpng before 1.2.12 allows context-dependent attackers to cause a\r\n denial of service and possibly execute arbitrary code via unspecified\r\n vectors related to &quot;chunk error processing,&quot; possibly involving the\r\n &quot;chunk_name&quot;. &#40;CVE-2006-3334&#41;\r\n\r\n It is questionable whether this issue is actually exploitable, but the\r\n patch to correct the issue has been included in versions &lt; 1.2.12.\r\n\r\n In addition, an patch to address several old vulnerabilities has been\r\n applied to this build. &#40;CAN-2002-1363, CAN-2004-0421, CAN-2004-0597,\r\n CAN-2004-0598, CAN-2004-0599&#41;\r\n\r\n Packages have been patched to correct these issues.\r\n _______________________________________________________________________\r\n\r\n References:\r\n \r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1363\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0421\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3334\r\n _______________________________________________________________________\r\n \r\n Updated Packages:\r\n \r\n Mandriva Linux 2007.0:\r\n 7d7fd24f8be5c881673c11ed7fdda1d0 2007.0/i586/chromium-0.9.12-25.1mdv2007.0.i586.rpm\r\n 6175ab1df71466a69049dbda899c7c4b 2007.0/i586/chromium-setup-0.9.12-25.1mdv2007.0.i586.rpm \r\n 4dda1bbb70cce5cb6f1112995992ee1e 2007.0/SRPMS/chromium-0.9.12-25.1mdv2007.0.src.rpm\r\n\r\n Mandriva Linux 2007.0/X86_64:\r\n c2b87550ef24da183d0fe78e850080b5 2007.0/x86_64/chromium-0.9.12-25.1mdv2007.0.x86_64.rpm\r\n 91e024a81f7ff04e49f429259feaf4cd 2007.0/x86_64/chromium-setup-0.9.12-25.1mdv2007.0.x86_64.rpm \r\n 4dda1bbb70cce5cb6f1112995992ee1e 2007.0/SRPMS/chromium-0.9.12-25.1mdv2007.0.src.rpm\r\n\r\n Corporate 3.0:\r\n 69ca9e0a4887c915bc283164b763b054 corporate/3.0/i586/chromium-0.9.12-21.1.C30mdk.i586.rpm\r\n 4ca444ca9edb34229f0d1449f2e4d82f corporate/3.0/i586/chromium-setup-0.9.12-21.1.C30mdk.i586.rpm \r\n 5007614bdfc283a0f5bb854955606ed1 corporate/3.0/SRPMS/chromium-0.9.12-21.1.C30mdk.src.rpm\r\n\r\n Corporate 3.0/X86_64:\r\n 96a4f2c6ba97c16d04f816656a88d674 corporate/3.0/x86_64/chromium-0.9.12-21.1.C30mdk.x86_64.rpm\r\n 5b229452f499143e5d1dd73420d120aa corporate/3.0/x86_64/chromium-setup-0.9.12-21.1.C30mdk.x86_64.rpm \r\n 5007614bdfc283a0f5bb854955606ed1 corporate/3.0/SRPMS/chromium-0.9.12-21.1.C30mdk.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.2.2 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFFXMdZmqjQ0CJFipgRAn+MAKDbprCYkWVqDHH1ivaZLylt1jjxKwCeMhhY\r\n92WG8JUMC6mrEwxfMCrOhEc=\r\n=odb2\r\n-----END PGP SIGNATURE-----\r\n", "cvss3": {}, "published": "2006-11-18T00:00:00", "type": "securityvulns", "title": "[ MDKSA-2006:213 ] - Updated chromium packages to fix embedded libpng vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2006-3334", "CVE-2002-1363", "CVE-2004-0421", "CVE-2004-0599", "CVE-2004-0597", "CVE-2004-0598"], "modified": "2006-11-18T00:00:00", "id": "SECURITYVULNS:DOC:15127", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:15127", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:20", "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n \r\n Mandriva Linux Security Advisory MDKSA-2006:212\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n \r\n Package : doxygen\r\n Date : November 16, 2006\r\n Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0\r\n _______________________________________________________________________\r\n \r\n Problem Description:\r\n \r\n Doxygen is a documentation system for C, C++ and IDL. It is built with\r\n a private copy of libpng, and as such could be susceptible to some of\r\n the same vulnerabilities:\r\n\r\n Buffer overflow in the png_decompress_chunk function in pngrutil.c in\r\n libpng before 1.2.12 allows context-dependent attackers to cause a\r\n denial of service and possibly execute arbitrary code via unspecified\r\n vectors related to &quot;chunk error processing,&quot; possibly involving the\r\n &quot;chunk_name&quot;. &#40;CVE-2006-3334&#41;\r\n\r\n It is questionable whether this issue is actually exploitable, but the\r\n patch to correct the issue has been included in versions &lt; 1.2.12.\r\n\r\n Tavis Ormandy, of the Gentoo Linux Security Auditing Team, discovered a\r\n typo in png_set_sPLT&#40;&#41; that may cause an application using libpng to\r\n read out of bounds, resulting in a crash. &#40;CVE-2006-5793&#41;\r\n\r\n In addition, an patch to address several old vulnerabilities has been\r\n applied to this build. &#40;CAN-2002-1363, CAN-2004-0421, CAN-2004-0597,\r\n CAN-2004-0598, CAN-2004-0599&#41;\r\n\r\n Packages have been patched to correct these issues.\r\n _______________________________________________________________________\r\n\r\n References:\r\n \r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1363\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0421\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3334\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5793\r\n _______________________________________________________________________\r\n \r\n Updated Packages:\r\n \r\n Mandriva Linux 2006.0:\r\n f85fd4b73ca06136e4346df073851e5f 2006.0/i586/doxygen-1.4.4-1.1.20060mdk.i586.rpm \r\n 0842c1496bbb02b79d5cef3386b19380 2006.0/SRPMS/doxygen-1.4.4-1.1.20060mdk.src.rpm\r\n\r\n Mandriva Linux 2006.0/X86_64:\r\n fc3e569bd8ad2aa9aea76a6f4246cfec 2006.0/x86_64/doxygen-1.4.4-1.1.20060mdk.x86_64.rpm \r\n 0842c1496bbb02b79d5cef3386b19380 2006.0/SRPMS/doxygen-1.4.4-1.1.20060mdk.src.rpm\r\n\r\n Mandriva Linux 2007.0:\r\n 9d0af28627560057e6c80e64bbacf030 2007.0/i586/doxygen-1.4.7-1.1mdv2007.0.i586.rpm \r\n f673aab0185f79a8aa048f69b06807bf 2007.0/SRPMS/doxygen-1.4.7-1.1mdv2007.0.src.rpm\r\n\r\n Mandriva Linux 2007.0/X86_64:\r\n 7fca6ebbe6f07e51de7fd771678277b4 2007.0/x86_64/doxygen-1.4.7-1.1mdv2007.0.x86_64.rpm \r\n f673aab0185f79a8aa048f69b06807bf 2007.0/SRPMS/doxygen-1.4.7-1.1mdv2007.0.src.rpm\r\n\r\n Corporate 3.0:\r\n 9452cede2d92671808eebe1adfc395ef corporate/3.0/i586/doxygen-1.3.5-2.1.C30mdk.i586.rpm \r\n 9e84b6e12b77f43d123888b7ae05e5f4 corporate/3.0/SRPMS/doxygen-1.3.5-2.1.C30mdk.src.rpm\r\n\r\n Corporate 3.0/X86_64:\r\n d988dc94c39515b3855116709bcc84de corporate/3.0/x86_64/doxygen-1.3.5-2.1.C30mdk.x86_64.rpm \r\n 9e84b6e12b77f43d123888b7ae05e5f4 corporate/3.0/SRPMS/doxygen-1.3.5-2.1.C30mdk.src.rpm\r\n\r\n Corporate 4.0:\r\n a3b4702c81d1739249d59782efb316dc corporate/4.0/i586/doxygen-1.4.4-1.1.20060mlcs4.i586.rpm \r\n 8223a356c6cf8a790dd20b3d70533f19 corporate/4.0/SRPMS/doxygen-1.4.4-1.1.20060mlcs4.src.rpm\r\n\r\n Corporate 4.0/X86_64:\r\n 0568b10460c651f18fd3e2a8e76b4300 corporate/4.0/x86_64/doxygen-1.4.4-1.1.20060mlcs4.x86_64.rpm \r\n 8223a356c6cf8a790dd20b3d70533f19 corporate/4.0/SRPMS/doxygen-1.4.4-1.1.20060mlcs4.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.2.2 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFFXMIpmqjQ0CJFipgRAnt1AJ9NuzEsIC9PzHE278eZAhOPHjMh8QCePD/Q\r\npK8OJ2vhx3DqZ400EPH5QMw=\r\n=R8Jo\r\n-----END PGP SIGNATURE-----\r\n", "cvss3": {}, "published": "2006-11-18T00:00:00", "type": "securityvulns", "title": "[ MDKSA-2006:212 ] - Updated doxygen packages to fix embedded libpng vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2006-5793", "CVE-2006-3334", "CVE-2002-1363", "CVE-2004-0421", "CVE-2004-0599", "CVE-2004-0597", "CVE-2004-0598"], "modified": "2006-11-18T00:00:00", "id": "SECURITYVULNS:DOC:15126", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:15126", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:58:44", "description": "Unauthorized access, DoS.", "cvss3": {}, "published": "2012-06-17T00:00:00", "type": "securityvulns", "title": "HP Onboard Administrator multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-1473", "CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4619", "CVE-2012-1583", "CVE-2012-0053", "CVE-2012-0050", "CVE-2011-2691", "CVE-2011-3192", "CVE-2012-2110", "CVE-2012-0884"], "modified": "2012-06-17T00:00:00", "id": "SECURITYVULNS:VULN:12425", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12425", "sourceData": "", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:44", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c03315912\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c03315912\r\nVersion: 1\r\n\r\nHPSBMU02776 SSRT100852 rev.1 - HP Onboard Administrator &#40;OA&#41;, Remote\r\nUnauthorized Access to Data, Unauthorized Disclosure of Information Denial of\r\nService &#40;DoS&#41;\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2012-06-07\r\nLast Updated: 2012-06-07\r\n\r\nPotential Security Impact: Remote unauthorized access to data, unauthorized\r\ndisclosure of information, Denial of Service &#40;DoS&#41;\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nPotential security vulnerabilities have been identified with HP Onboard\r\nAdministrator &#40;OA&#41;. The vulnerabilities could be exploited remotely resulting\r\nin unauthorized access to data, unauthorized disclosure of information, and\r\nDenial of Service &#40;DoS&#41;.\r\n\r\nReferences: CVE-2011-3192, CVE-2011-1473, CVE-2011-2691, CVE-2011-4108,\r\nCVE-2011-4576, CVE-2011-4619, CVE-2012-0050, CVE-2012-0053, CVE-2012-0884,\r\nCVE-2012-2110, CVE-2012-1583, SSRT100654, Nessus 53360\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP Onboard Administrator &#40;OA&#41; up to and including v3.55\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2012-0053 &#40;AV:N/AC:M/Au:N/C:P/I:N/A:N&#41; 4.3\r\nCVE-2012-0050 &#40;AV:N/AC:L/Au:N/C:N/I:N/A:P&#41; 5.0\r\nCVE-2011-4619 &#40;AV:N/AC:L/Au:N/C:N/I:N/A:P&#41; 5.0\r\nCVE-2011-4576 &#40;AV:N/AC:L/Au:N/C:P/I:N/A:N&#41; 5.0\r\nCVE-2011-4108 &#40;AV:N/AC:M/Au:N/C:P/I:N/A:N&#41; 4.3\r\nCVE-2011-3192 &#40;AV:N/AC:L/Au:N/C:N/I:N/A:C&#41; 7.8\r\nCVE-2011-2691 &#40;AV:N/AC:L/Au:N/C:N/I:N/A:P&#41; 5.0\r\nCVE-2011-1473 &#40;AV:N/AC:M/Au:N/C:N/I:P/A:P&#41; 5.8\r\nCVE-2012-0884 &#40;AV:N/AC:L/Au:N/C:P/I:N/A:N&#41; 5.0\r\nCVE-2012-2110 &#40;AV:N/AC:L/Au:N/C:P/I:P/A:P&#41; 7.5\r\nCVE-2012-1583 &#40;AV:N/AC:L/Au:N/C:N/I:N/A:C&#41; 7.8\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP has made Onboard Administrator &#40;OA&#41; v3.56 or subsequent available to\r\nresolve the vulnerabilities.\r\n\r\nOnboard Administrator &#40;OA&#41; v3.56 is available here:\r\n\r\nhttp://www.hp.com/swpublishing/MTX-e41b71e6cfbe471dbd029deaab\r\n\r\nHISTORY\r\nVersion:1 &#40;rev.1&#41; - 7 June 2012 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer&#39;s patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin List: A list of HP Security Bulletins, updated\r\nperiodically, is contained in HP Security Notice HPSN-2011-001:\r\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c02964430\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttp://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2012 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided &quot;as is&quot;\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits;damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 &#40;GNU/Linux&#41;\r\n\r\niEYEARECAAYFAk/RB94ACgkQ4B86/C0qfVlG8ACfVds+3MuA3kLohkKj3BKSsjT2\r\nIKsAn34/TSWNZNR4LqwwVbCfScPGxTjw\r\n=gxe7\r\n-----END PGP SIGNATURE-----\r\n", "cvss3": {}, "published": "2012-06-17T00:00:00", "type": "securityvulns", "title": "[security bulletin] HPSBMU02776 SSRT100852 rev.1 - HP Onboard Administrator &#40;OA&#41;, Remote Unauthorized Access to Data, Unauthorized Disclosure of Information Denial of Service &#40;DoS&#41;", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-1473", "CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4619", "CVE-2012-1583", "CVE-2012-0053", "CVE-2012-0050", "CVE-2011-2691", "CVE-2011-3192", "CVE-2012-2110", "CVE-2012-0884"], "modified": "2012-06-17T00:00:00", "id": "SECURITYVULNS:DOC:28164", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28164", "sourceData": "", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:03:07", "description": "Multiple vulnerabilities in different system components.", "cvss3": {}, "published": "2011-10-24T00:00:00", "type": "securityvulns", "title": "Apple OS X multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-0187", "CVE-2011-0421", "CVE-2011-1467", "CVE-2011-1153", "CVE-2011-1471", "CVE-2011-3221", "CVE-2011-3227", "CVE-2011-0259", "CVE-2011-3216", "CVE-2011-3246", "CVE-2011-1466", "CVE-2011-3435", "CVE-2011-3222", "CVE-2011-0229", "CVE-2011-1521", "CVE-2010-4172", "CVE-2011-0419", "CVE-2011-1092", "CVE-2011-0252", "CVE-2011-3223", "CVE-2011-0185", "CVE-2011-1755", "CVE-2011-3220", "CVE-2011-0224", "CVE-2011-2464", "CVE-2010-4645", "CVE-2011-3214", "CVE-2010-3436", "CVE-2010-1157", "CVE-2011-0013", "CVE-2011-0708", "CVE-2011-3228", "CVE-2011-0249", "CVE-2011-0231", "CVE-2011-0534", "CVE-2011-3437", "CVE-2011-2691", "CVE-2011-1468", "CVE-2011-0420", "CVE-2010-2089", "CVE-2011-3224", "CVE-2011-0226", "CVE-2011-1470", "CVE-2011-3192", "CVE-2011-3219", "CVE-2011-3436", "CVE-2011-3225", "CVE-2011-3215", "CVE-2011-0260", "CVE-2011-2692", "CVE-2010-2227", "CVE-2011-1469", "CVE-2011-3218", "CVE-2010-3614", "CVE-2011-3213", "CVE-2010-3718", "CVE-2011-0250", "CVE-2011-3217", "CVE-2010-3613", "CVE-2010-1634", "CVE-2010-0097", "CVE-2011-0251", "CVE-2011-0707", "CVE-2011-0230", "CVE-2011-3226", "CVE-2011-2690", "CVE-2011-0411", "CVE-2011-3212", "CVE-2009-4022", "CVE-2011-1910"], "modified": "2011-10-24T00:00:00", "id": "SECURITYVULNS:VULN:11973", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11973", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:42", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2011-10-12-3 OS X Lion v10.7.2 and Security Update 2011-006\r\n\r\nOS X Lion v10.7.2 and Security Update 2011-006 is now available and\r\naddresses the following:\r\n\r\nApache\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Multiple vulnerabilities in Apache\r\nDescription: Apache is updated to version 2.2.20 to address several\r\nvulnerabilities, the most serious of which may lead to a denial of\r\nservice. CVE-2011-0419 does not affect OS X Lion systems. Further\r\ninformation is available via the Apache web site at\r\nhttp://httpd.apache.org/\r\nCVE-ID\r\nCVE-2011-0419\r\nCVE-2011-3192\r\n\r\nApplication Firewall\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Executing a binary with a maliciously crafted name may lead\r\nto arbitrary code execution with elevated privileges\r\nDescription: A format string vulnerability existed in Application\r\nFirewall&#39;s debug logging.\r\nCVE-ID\r\nCVE-2011-0185 : an anonymous reporter\r\n\r\nATS\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing or downloading a document containing a maliciously\r\ncrafted embedded font may lead to arbitrary code execution\r\nDescription: A signedness issue existed in ATS&#39; handling of Type 1\r\nfonts. This issue does not affect systems prior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-3437\r\n\r\nATS\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing or downloading a document containing a maliciously\r\ncrafted embedded font may lead to arbitrary code execution\r\nDescription: An out of bounds memory access issue existed in ATS&#39;\r\nhandling of Type 1 fonts. This issue does not affect OS X Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2011-0229 : Will Dormann of the CERT/CC\r\n\r\nATS\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Applications which use the ATSFontDeactivate API may be\r\nvulnerable to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: A buffer overflow issue existed in the\r\nATSFontDeactivate API.\r\nCVE-ID\r\nCVE-2011-0230 : Steven Michaud of Mozilla\r\n\r\nBIND\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Multiple vulnerabilities in BIND 9.7.3\r\nDescription: Multiple denial of service issues existed in BIND\r\n9.7.3. These issues are addressed by updating BIND to version\r\n9.7.3-P3.\r\nCVE-ID\r\nCVE-2011-1910\r\nCVE-2011-2464\r\n\r\nBIND\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Multiple vulnerabilities in BIND\r\nDescription: Multiple denial of service issues existed in BIND.\r\nThese issues are addressed by updating BIND to version 9.6-ESV-R4-P3.\r\nCVE-ID\r\nCVE-2009-4022\r\nCVE-2010-0097\r\nCVE-2010-3613\r\nCVE-2010-3614\r\nCVE-2011-1910\r\nCVE-2011-2464\r\n\r\nCertificate Trust Policy\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1.\r\nImpact: Root certificates have been updated\r\nDescription: Several trusted certificates were added to the list of\r\nsystem roots. Several existing certificates were updated to their\r\nmost recent version. The complete list of recognized system roots may\r\nbe viewed via the Keychain Access application.\r\n\r\nCFNetwork\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Safari may store cookies it is not configured to accept\r\nDescription: A synchronization issue existed in CFNetwork&#39;s handling\r\nof cookie policies. Safari&#39;s cookie preferences may not be honored,\r\nallowing websites to set cookies that would be blocked were the\r\npreference enforced. This update addresses the issue through improved\r\nhandling of cookie storage.\r\nCVE-ID\r\nCVE-2011-0231 : Martin Tessarek, Steve Riggins of Geeks R Us, Justin\r\nC. Walker, and Stephen Creswell\r\n\r\nCFNetwork\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Visiting a maliciously crafted website may lead to the\r\ndisclosure of sensitive information\r\nDescription: An issue existed in CFNetwork&#39;s handling of HTTP\r\ncookies. When accessing a maliciously crafted HTTP or HTTPS URL,\r\nCFNetwork could incorrectly send the cookies for a domain to a server\r\noutside that domain. This issue does not affect systems prior to OS X\r\nLion.\r\nCVE-ID\r\nCVE-2011-3246 : Erling Ellingsen of Facebook\r\n\r\nCoreFoundation\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing a maliciously crafted website or e-mail message may\r\nlead to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: A memory corruption issue existed in CoreFoundation&#39;s\r\nhandling of string tokenization. This issue does not affect OS X Lion\r\nsystems. This update addresses the issue through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2011-0259 : Apple\r\n\r\nCoreMedia\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Visiting a maliciously crafted website may lead to the\r\ndisclosure of video data from another site\r\nDescription: A cross-origin issue existed in CoreMedia&#39;s handling of\r\ncross-site redirects. This issue is addressed through improved origin\r\ntracking.\r\nCVE-ID\r\nCVE-2011-0187 : Nirankush Panchbhai and Microsoft Vulnerability\r\nResearch &#40;MSVR&#41;\r\n\r\nCoreMedia\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in the\r\nhandling of QuickTime movie files. These issues do not affect OS X\r\nLion systems.\r\nCVE-ID\r\nCVE-2011-0224 : Apple\r\n\r\nCoreProcesses\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: A person with physical access to a system may partially\r\nbypass the screen lock\r\nDescription: A system window, such as a VPN password prompt, that\r\nappeared while the screen was locked may have accepted keystrokes\r\nwhile the screen was locked. This issue is addressed by preventing\r\nsystem windows from requesting keystrokes while the screen is locked.\r\nThis issue does not affect systems prior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-0260 : Clint Tseng of the University of Washington, Michael\r\nKobb, and Adam Kemp\r\n\r\nCoreStorage\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Converting to FileVault does not erase all existing data\r\nDescription: After enabling FileVault, approximately 250MB at the\r\nstart of the volume was left unencrypted on the disk in an unused\r\narea. Only data which was present on the volume before FileVault was\r\nenabled was left unencrypted. This issue is addressed by erasing this\r\narea when enabling FileVault, and on the first use of an encrypted\r\nvolume affected by this issue. This issue does not affect systems\r\nprior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-3212 : Judson Powers of ATC-NY\r\n\r\nFile Systems\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: An attacker in a privileged network position may manipulate\r\nHTTPS server certificates, leading to the disclosure of sensitive\r\ninformation\r\nDescription: An issue existed in the handling of WebDAV volumes on\r\nHTTPS servers. If the server presented a certificate chain that could\r\nnot be automatically verified, a warning was displayed and the\r\nconnection was closed. If the user clicked the &quot;Continue&quot; button in\r\nthe warning dialog, any certificate was accepted on the following\r\nconnection to that server. An attacker in a privileged network\r\nposition may have manipulated the connection to obtain sensitive\r\ninformation or take action on the server on the user&#39;s behalf. This\r\nupdate addresses the issue by validating that the certificate\r\nreceived on the second connection is the same certificate originally\r\npresented to the user.\r\nCVE-ID\r\nCVE-2011-3213 : Apple\r\n\r\nIOGraphics\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: A person with physical access may be able to bypass the\r\nscreen lock\r\nDescription: An issue existed with the screen lock when used with\r\nApple Cinema Displays. When a password is required to wake from\r\nsleep, a person with physical access may be able to access the system\r\nwithout entering a password if the system is in display sleep mode.\r\nThis update addresses the issue by ensuring that the lock screen is\r\ncorrectly activated in display sleep mode. This issue does not affect\r\nOS X Lion systems.\r\nCVE-ID\r\nCVE-2011-3214 : Apple\r\n\r\niChat Server\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: A remote attacker may cause the Jabber server to consume\r\nsystem resources disproportionately\r\nDescription: An issue existed in the handling of XML external\r\nentities in jabberd2, a server for the Extensible Messaging and\r\nPresence Protocol &#40;XMPP&#41;. jabberd2 expands external entities in\r\nincoming requests. This allows an attacker to consume system\r\nresources very quickly, denying service to legitimate users of the\r\nserver. This update addresses the issue by disabling entity expansion\r\nin incoming requests.\r\nCVE-ID\r\nCVE-2011-1755\r\n\r\nKernel\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: A person with physical access may be able to access the\r\nuser&#39;s password\r\nDescription: A logic error in the kernel&#39;s DMA protection permitted\r\nfirewire DMA at loginwindow, boot, and shutdown, although not at\r\nscreen lock. This update addresses the issue by preventing firewire\r\nDMA at all states where the user is not logged in.\r\nCVE-ID\r\nCVE-2011-3215 : Passware, Inc.\r\n\r\nKernel\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: An unprivileged user may be able to delete another user&#39;s\r\nfiles in a shared directory\r\nDescription: A logic error existed in the kernel&#39;s handling of file\r\ndeletions in directories with the sticky bit.\r\nCVE-ID\r\nCVE-2011-3216 : Gordon Davisson of Crywolf, Linc Davis, R. Dormer,\r\nand Allan Schmid and Oliver Jeckel of brainworks Training\r\n\r\nlibsecurity\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted website or e-mail message may\r\nlead to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: An error handling issue existed when parsing a\r\nnonstandard certificate revocation list extension.\r\nCVE-ID\r\nCVE-2011-3227 : Richard Godbee of Virginia Tech\r\n\r\nMailman\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Multiple vulnerabilities in Mailman 2.1.14\r\nDescription: Multiple cross-site scripting issues existed in Mailman\r\n2.1.14. These issues are addressed by improved encoding of characters\r\nin HTML output. Further information is available via the Mailman site\r\nat http://mail.python.org/pipermail/mailman-\r\nannounce/2011-February/000158.html This issue does not affect OS X\r\nLion systems.\r\nCVE-ID\r\nCVE-2011-0707\r\n\r\nMediaKit\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Opening a maliciously crafted disk image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in the\r\nhandling of disk images. These issues do not affect OS X Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2011-3217 : Apple\r\n\r\nOpen Directory\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Any user may read another local user&#39;s password data\r\nDescription: An access control issue existed in Open Directory. This\r\nissue does not affect systems prior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-3435 : Arek Dreyer of Dreyer Network Consultants, Inc, and\r\nPatrick Dunstan at defenseindepth.net\r\n\r\nOpen Directory\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: An authenticated user may change that account&#39;s password\r\nwithout providing the current password\r\nDescription: An access control issue existed in Open Directory. This\r\nissue does not affect systems prior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-3436 : Patrick Dunstan at defenceindepth.net\r\n\r\nOpen Directory\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: A user may be able to log in without a password\r\nDescription: When Open Directory is bound to an LDAPv3 server using\r\nRFC2307 or custom mappings, such that there is no\r\nAuthenticationAuthority attribute for a user, an LDAP user may be\r\nallowed to log in without a password. This issue does not affect\r\nsystems prior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-3226 : Jeffry Strunk of The University of Texas at Austin,\r\nSteven Eppler of Colorado Mesa University, Hugh Cole-Baker, and\r\nFrederic Metoz of Institut de Biologie Structurale\r\n\r\nPHP\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted PDF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A signedness issue existed in FreeType&#39;s handling of\r\nType 1 fonts. This issue is addressed by updating FreeType to version\r\n2.4.6. This issue does not affect systems prior to OS X Lion. Further\r\ninformation is available via the FreeType site at\r\nhttp://www.freetype.org/\r\nCVE-ID\r\nCVE-2011-0226\r\n\r\nPHP\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Multiple vulnerabilities in libpng 1.4.3\r\nDescription: libpng is updated to version 1.5.4 to address multiple\r\nvulnerabilities, the most serious of which may lead to arbitrary code\r\nexecution. Further information is available via the libpng website at\r\nhttp://www.libpng.org/pub/png/libpng.html\r\nCVE-ID\r\nCVE-2011-2690\r\nCVE-2011-2691\r\nCVE-2011-2692\r\n\r\nPHP\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Multiple vulnerabilities in PHP 5.3.4\r\nDescription: PHP is updated to version 5.3.6 to address multiple\r\nvulnerabilities, the most serious of which may lead to arbitrary code\r\nexecution. This issues do not affect OS X Lion systems. Further\r\ninformation is available via the PHP website at http://www.php.net/\r\nCVE-ID\r\nCVE-2010-3436\r\nCVE-2010-4645\r\nCVE-2011-0420\r\nCVE-2011-0421\r\nCVE-2011-0708\r\nCVE-2011-1092\r\nCVE-2011-1153\r\nCVE-2011-1466\r\nCVE-2011-1467\r\nCVE-2011-1468\r\nCVE-2011-1469\r\nCVE-2011-1470\r\nCVE-2011-1471\r\n\r\npostfix\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: An attacker in a privileged network position may manipulate\r\nmail sessions, resulting in the disclosure of sensitive information\r\nDescription: A logic issue existed in Postfix in the handling of the\r\nSTARTTLS command. After receiving a STARTTLS command, Postfix may\r\nprocess other plain-text commands. An attacker in a privileged\r\nnetwork position may manipulate the mail session to obtain sensitive\r\ninformation from the encrypted traffic. This update addresses the\r\nissue by clearing the command queue after processing a STARTTLS\r\ncommand. This issue does not affect OS X Lion systems. Further\r\ninformation is available via the Postfix site at\r\nhttp://www.postfix.org/announcements/postfix-2.7.3.html\r\nCVE-ID\r\nCVE-2011-0411\r\n\r\npython\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Multiple vulnerabilities in python\r\nDescription: Multiple vulnerabilities existed in python, the most\r\nserious of which may lead to arbitrary code execution. This update\r\naddresses the issues by applying patches from the python project.\r\nFurther information is available via the python site at\r\nhttp://www.python.org/download/releases/\r\nCVE-ID\r\nCVE-2010-1634\r\nCVE-2010-2089\r\nCVE-2011-1521\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in\r\nQuickTime&#39;s handling of movie files.\r\nCVE-ID\r\nCVE-2011-3228 : Apple\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in the handling of STSC\r\natoms in QuickTime movie files. This issue does not affect OS X Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2011-0249 : Matt &#39;j00ru&#39; Jurczyk working with TippingPoint&#39;s Zero\r\nDay Initiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in the handling of STSS\r\natoms in QuickTime movie files. This issue does not affect OS X Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2011-0250 : Matt &#39;j00ru&#39; Jurczyk working with TippingPoint&#39;s Zero\r\nDay Initiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in the handling of STSZ\r\natoms in QuickTime movie files. This issue does not affect OS X Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2011-0251 : Matt &#39;j00ru&#39; Jurczyk working with TippingPoint&#39;s Zero\r\nDay Initiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in the handling of STTS\r\natoms in QuickTime movie files. This issue does not affect OS X Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2011-0252 : Matt &#39;j00ru&#39; Jurczyk working with TippingPoint&#39;s Zero\r\nDay Initiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: An attacker in a privileged network position may inject\r\nscript in the local domain when viewing template HTML\r\nDescription: A cross-site scripting issue existed in QuickTime\r\nPlayer&#39;s &quot;Save for Web&quot; export. The template HTML files generated by\r\nthis feature referenced a script file from a non-encrypted origin. An\r\nattacker in a privileged network position may be able to inject\r\nmalicious scripts in the local domain if the user views a template\r\nfile locally. This issue is resolved by removing the reference to an\r\nonline script. This issue does not affect OS X Lion systems.\r\nCVE-ID\r\nCVE-2011-3218 : Aaron Sigel of vtty.com\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in QuickTime&#39;s handling of\r\nH.264 encoded movie files.\r\nCVE-ID\r\nCVE-2011-3219 : Damian Put working with TippingPoint&#39;s Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted movie file may lead to the\r\ndisclosure of memory contents\r\nDescription: An uninitialized memory access issue existed in\r\nQuickTime&#39;s handling of URL data handlers within movie files.\r\nCVE-ID\r\nCVE-2011-3220 : Luigi Auriemma working with TippingPoint&#39;s Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An implementation issue existed in QuickTime&#39;s handling\r\nof the atom hierarchy within a movie file.\r\nCVE-ID\r\nCVE-2011-3221 : an anonymous researcher working with TippingPoint&#39;s\r\nZero Day Initiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted FlashPix file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in QuickTime&#39;s handling of\r\nFlashPix files.\r\nCVE-ID\r\nCVE-2011-3222 : Damian Put working with TippingPoint&#39;s Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in QuickTime&#39;s handling of\r\nFLIC files.\r\nCVE-ID\r\nCVE-2011-3223 : Matt &#39;j00ru&#39; Jurczyk working with TippingPoint&#39;s Zero\r\nDay Initiative\r\n\r\nSMB File Server\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: A guest user may browse shared folders\r\nDescription: An access control issue existed in the SMB File Server.\r\nDisallowing guest access to the share point record for a folder\r\nprevented the &#39;_unknown&#39; user from browsing the share point but not\r\nguests &#40;user &#39;nobody&#39;&#41;. This issue is addressed by applying the\r\naccess control to the guest user. This issue does not affect systems\r\nprior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-3225\r\n\r\nTomcat\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Multiple vulnerabilities in Tomcat 6.0.24\r\nDescription: Tomcat is updated to version 6.0.32 to address multiple\r\nvulnerabilities, the most serious of which may lead to a cross site\r\nscripting attack. Tomcat is only provided on Mac OS X Server systems.\r\nThis issue does not affect OS X Lion systems. Further information is\r\navailable via the Tomcat site at http://tomcat.apache.org/\r\nCVE-ID\r\nCVE-2010-1157\r\nCVE-2010-2227\r\nCVE-2010-3718\r\nCVE-2010-4172\r\nCVE-2011-0013\r\nCVE-2011-0534\r\n\r\nUser Documentation\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: An attacker in a privileged network position may manipulate\r\nApp Store help content, leading to arbitrary code execution\r\nDescription: App Store help content was updated over HTTP. This\r\nupdate addresses the issue by updating App Store help content over\r\nHTTPS. This issue does not affect OS X Lion systems.\r\nCVE-ID\r\nCVE-2011-3224 : Aaron Sigel of vtty.com\r\n\r\nWeb Server\r\nAvailable for: Mac OS X Server v10.6.8\r\nImpact: Clients may be unable to access web services that require\r\ndigest authentication\r\nDescription: An issue in the handling of HTTP Digest authentication\r\nwas addressed. Users may be denied access to the server&#39;s resources,\r\nwhen the server configuration should have allowed the access. This\r\nissue does not represent a security risk, and was addressed to\r\nfacilitate the use of stronger authentication mechanisms. Systems\r\nrunning OS X Lion Server are not affected by this issue.\r\n\r\nX11\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Multiple vulnerabilities in libpng\r\nDescription: Multiple vulnerabilities existed in libpng, the most\r\nserious of which may lead to arbitrary code execution. These issues\r\nare addressed by updating libpng to version 1.5.4 on OS Lion systems,\r\nand to 1.2.46 on Mac OS X v10.6 systems. Further information is\r\navailable via the libpng website at\r\nhttp://www.libpng.org/pub/png/libpng.html\r\nCVE-ID\r\nCVE-2011-2690\r\nCVE-2011-2691\r\nCVE-2011-2692\r\n\r\nOS X Lion v10.7.2 also includes Safari 5.1.1. For information on\r\nthe security content of Safari 5.1.1, please visit:\r\nhttp://support.apple.com/kb/HT5000\r\n\r\nOS X Lion v10.7.2 and Security Update 2011-006 may be obtained from\r\nthe Software Update pane in System Preferences, or Apple&#39;s Software\r\nDownloads web site:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nThe Software Update utility will present the update that applies\r\nto your system configuration. Only one is needed, either\r\nSecurity Update 2011-006 or OS X v10.7.2.\r\n\r\nFor OS X Lion v10.7.1\r\nThe download file is named: MacOSXUpd10.7.2.dmg\r\nIts SHA-1 digest is: 37f784e08d4461e83a891a7f8b8af24c2ceb8229\r\n\r\nFor OS X Lion v10.7\r\nThe download file is named: MacOSXUpdCombo10.7.2.dmg\r\nIts SHA-1 digest is: accd06d610af57df24f62ce7af261395944620eb\r\n\r\nFor OS X Lion Server v10.7.1\r\nThe download file is named: MacOSXServerUpd10.7.2.dmg\r\nIts SHA-1 digest is: e4084bf1dfa295a42f619224d149e515317955da\r\n\r\nFor OS X Lion Server v10.7\r\nThe download file is named: MacOSXServerUpdCombo10.7.2.dmg\r\nIts SHA-1 digest is: 25e86f5cf97b6644c7a025230431b1992962ec4a\r\n\r\nFor Mac OS X v10.6.8\r\nThe download file is named: SecUpd2011-006Snow.dmg\r\nIts SHA-1 digest is: 0f9c29610a06370d0c85a4c92dc278a48ba17a84\r\n\r\nFor Mac OS X Server v10.6.8\r\nThe download file is named: SecUpdSrvr2011-006.dmg\r\nIts SHA-1 digest is: 12de3732710bb03059f93527189d221c97ef8a06\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple&#39;s Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.16 &#40;Darwin&#41;\r\n\r\niQEcBAEBAgAGBQJOlc/zAAoJEGnF2JsdZQeeWFcH/RDHS+dCP8T4a92uYRIbs9T3\r\nTFbT7hnOoTB0H+2eN3oziLNime2N4mO921heHobiAKSXv/luU41ZPHxVd6rE77Md\r\n/BHDqLv65RA0XFTIPmrTcfpLhI5UgXDLfOLrsmdwTm52l5zQZkoxufYFf3mB3h7U\r\nZJUD1s081Pjy45/Cbao097+JrDwS7ahhgkvTmpmSvJK/wWRz4JtZkvIYcQ2uQFR4\r\nsTg4l6pmi3d8sJJ4wzrEaxDpclRjvjURI4DiBMYwGAXeCMRgYi0y03tYtkjXoaSG\r\n69h2yD8EXQBuJkDyouak7/M/eMwUfb2S6o1HyXTldjdvFBFvvwvl+Y3xp8YmDzU=\r\n=gsvn\r\n-----END PGP SIGNATURE-----\r\n", "cvss3": {}, "published": "2011-10-16T00:00:00", "type": "securityvulns", "title": "APPLE-SA-2011-10-12-3 OS X Lion v10.7.2 and Security Update 2011-006", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-0187", "CVE-2011-0421", "CVE-2011-1467", "CVE-2011-1153", "CVE-2011-1471", "CVE-2011-3221", "CVE-2011-3227", "CVE-2011-0259", "CVE-2011-3216", "CVE-2011-3246", "CVE-2011-1466", "CVE-2011-3435", "CVE-2011-3222", "CVE-2011-0229", "CVE-2011-1521", "CVE-2010-4172", "CVE-2011-0419", "CVE-2011-1092", "CVE-2011-0252", "CVE-2011-3223", "CVE-2011-0185", "CVE-2011-1755", "CVE-2011-3220", "CVE-2011-0224", "CVE-2011-2464", "CVE-2010-4645", "CVE-2011-3214", "CVE-2010-3436", "CVE-2010-1157", "CVE-2011-0013", "CVE-2011-0708", "CVE-2011-3228", "CVE-2011-0249", "CVE-2011-0231", "CVE-2011-0534", "CVE-2011-3437", "CVE-2011-2691", "CVE-2011-1468", "CVE-2011-0420", "CVE-2010-2089", "CVE-2011-3224", "CVE-2011-0226", "CVE-2011-1470", "CVE-2011-3192", "CVE-