ID OPENVAS:1361412562310869877 Type openvas Reporter Copyright (C) 2015 Greenbone Networks GmbH Modified 2019-03-15T00:00:00
Description
The remote host is missing an update for the
###############################################################################
# OpenVAS Vulnerability Test
#
# Fedora Update for flac FEDORA-2015-13160
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.869877");
script_version("$Revision: 14223 $");
script_tag(name:"last_modification", value:"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $");
script_tag(name:"creation_date", value:"2015-08-20 06:40:50 +0200 (Thu, 20 Aug 2015)");
script_cve_id("CVE-2014-8962", "CVE-2014-9028");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_tag(name:"qod_type", value:"package");
script_name("Fedora Update for flac FEDORA-2015-13160");
script_tag(name:"summary", value:"The remote host is missing an update for the 'flac'
package(s) announced via the referenced advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"affected", value:"flac on Fedora 21");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_xref(name:"FEDORA", value:"2015-13160");
script_xref(name:"URL", value:"https://lists.fedoraproject.org/pipermail/package-announce/2015-August/163979.html");
script_tag(name:"solution_type", value:"VendorFix");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2015 Greenbone Networks GmbH");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC21");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
if(release == "FC21")
{
if ((res = isrpmvuln(pkg:"flac", rpm:"flac~1.3.1~5.fc21", rls:"FC21")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
{"id": "OPENVAS:1361412562310869877", "bulletinFamily": "scanner", "title": "Fedora Update for flac FEDORA-2015-13160", "description": "The remote host is missing an update for the ", "published": "2015-08-20T00:00:00", "modified": "2019-03-15T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869877", "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "references": ["2015-13160", "https://lists.fedoraproject.org/pipermail/package-announce/2015-August/163979.html"], "cvelist": ["CVE-2014-9028", "CVE-2014-8962"], "type": "openvas", "lastseen": "2019-05-29T18:36:40", "history": [{"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2014-9028", "CVE-2014-8962"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Check the version of flac", "edition": 1, "enchantments": {}, "hash": "bfe96743b823023d934ed43f5df92ee0bfe5dff54e3814eb11f50c6dba9f2076", "hashmap": [{"hash": "ee4b5a3d217d2a4603311b9865c0fc36", "key": "description"}, {"hash": "acee6edfc7b5add27a08c06075b77b9c", "key": "cvelist"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "c2b8fe7dbf4edaebfb0eed9c35f579e5", "key": "title"}, {"hash": "fccd2a461b6e11ab67c5ff4fafca5cae", "key": "pluginID"}, {"hash": "b893f6495f0629bfca8662d680c884f3", "key": "published"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "bfc192fd2b57fe40ac719f856d9d077b", "key": "sourceData"}, {"hash": "ed120e7c916dbd990f6afef208579aee", "key": "href"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "a4345f22fe35bbad77a2dd37a0801df6", "key": "modified"}, {"hash": "bb1e1fb1b166e4985a28af6e70902830", "key": "references"}, {"hash": "1e898993712db5cf9f9a110102684025", "key": "reporter"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869877", "id": "OPENVAS:1361412562310869877", "lastseen": "2017-07-02T21:11:28", "modified": "2017-05-31T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310869877", "published": "2015-08-20T00:00:00", "references": ["2015-13160", "https://lists.fedoraproject.org/pipermail/package-announce/2015-August/163979.html"], "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for flac FEDORA-2015-13160\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869877\");\n script_version(\"$Revision: 6254 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-31 11:04:18 +0200 (Wed, 31 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-20 06:40:50 +0200 (Thu, 20 Aug 2015)\");\n script_cve_id(\"CVE-2014-8962\", \"CVE-2014-9028\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for flac FEDORA-2015-13160\");\n script_tag(name: \"summary\", value: \"Check the version of flac\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"FLAC stands for Free Lossless Audio Codec.\nGrossly oversimplified, FLAC is similar to Ogg Vorbis, but lossless. The FLAC\nproject consists of the stream format, reference encoders and decoders in library\nform, flac, a command-line program to encode and decode FLAC files, metaflac, a\ncommand-line metadata editor for FLAC files and input plugins for various music\nplayers.\n\nThis package contains the command-line tools and documentation.\n\");\n script_tag(name: \"affected\", value: \"flac on Fedora 21\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-13160\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-August/163979.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"HostDetails/OS/cpe:/o:fedoraproject:fedora\", \"login/SSH/success\", \"ssh/login/release\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"flac\", rpm:\"flac~1.3.1~5.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "title": "Fedora Update for flac FEDORA-2015-13160", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2017-07-02T21:11:28"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2014-9028", "CVE-2014-8962"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "The remote host is missing an update for the ", "edition": 5, "enchantments": {"dependencies": {"modified": "2019-03-18T14:35:39", "references": [{"idList": ["GLSA-201412-40"], "type": "gentoo"}, {"idList": ["ALAS-2015-505"], "type": "amazon"}, {"idList": ["DEBIAN:DLA-99-1:94510", "DEBIAN:DSA-3082-1:2081C"], "type": "debian"}, {"idList": ["A33ADDF6-74E6-11E4-A615-F8B156B6DCC8"], "type": "freebsd"}, {"idList": ["FREEBSD_PKG_A33ADDF674E611E4A615F8B156B6DCC8.NASL", "ALA_ALAS-2015-505.NASL", "MANDRIVA_MDVSA-2015-188.NASL", "FEDORA_2014-16175.NASL", "SUSE_11_FLAC-141201.NASL", "FEDORA_2014-16272.NASL", "FEDORA_2015-13145.NASL", "FEDORA_2015-13353.NASL", "FEDORA_2014-16258.NASL", "REDHAT-RHSA-2015-0767.NASL"], "type": "nessus"}, {"idList": ["F5:K17301056"], "type": "f5"}, {"idList": ["USN-2426-1"], "type": "ubuntu"}, {"idList": ["OPENVAS:1361412562310868760", "OPENVAS:1361412562310868653", "OPENVAS:1361412562310882152", "OPENVAS:1361412562310703082", "OPENVAS:1361412562310868564", "OPENVAS:1361412562310871349", "OPENVAS:1361412562310869872", "OPENVAS:1361412562310882157", "OPENVAS:703082", "OPENVAS:1361412562310868621"], "type": "openvas"}, {"idList": ["CVE-2014-9028", "CVE-2014-8962"], "type": "cve"}, {"idList": ["RHSA-2015:0767"], "type": "redhat"}, {"idList": ["ASA-201411-30"], "type": "archlinux"}, {"idList": ["SECURITYVULNS:VULN:14107", "SECURITYVULNS:DOC:31408", "SECURITYVULNS:DOC:31402"], "type": "securityvulns"}, {"idList": ["CESA-2015:0767"], "type": "centos"}, {"idList": ["ELSA-2015-0767"], "type": "oraclelinux"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "9693e4ec088fc6d66e22f8985d84602db15597868b8da5356e01aaae0105ee42", "hashmap": [{"hash": "a3b5eb976c101cfbc49f1a241d12a08a", "key": "sourceData"}, {"hash": "acee6edfc7b5add27a08c06075b77b9c", "key": "cvelist"}, {"hash": "1693b96dcccf4fbcd463bf8baaa2bf3f", "key": "description"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "c2b8fe7dbf4edaebfb0eed9c35f579e5", "key": "title"}, {"hash": "fccd2a461b6e11ab67c5ff4fafca5cae", "key": "pluginID"}, {"hash": "b893f6495f0629bfca8662d680c884f3", "key": "published"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "ed120e7c916dbd990f6afef208579aee", "key": "href"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "4525bc09d1c4c408a417a5eb7b850972", "key": "modified"}, {"hash": "bb1e1fb1b166e4985a28af6e70902830", "key": "references"}, {"hash": "1e898993712db5cf9f9a110102684025", "key": "reporter"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869877", "id": "OPENVAS:1361412562310869877", "lastseen": "2019-03-18T14:35:39", "modified": "2019-03-15T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310869877", "published": "2015-08-20T00:00:00", "references": ["2015-13160", "https://lists.fedoraproject.org/pipermail/package-announce/2015-August/163979.html"], "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for flac FEDORA-2015-13160\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869877\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-20 06:40:50 +0200 (Thu, 20 Aug 2015)\");\n script_cve_id(\"CVE-2014-8962\", \"CVE-2014-9028\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for flac FEDORA-2015-13160\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'flac'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"flac on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-13160\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-August/163979.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"flac\", rpm:\"flac~1.3.1~5.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "title": "Fedora Update for flac FEDORA-2015-13160", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 5, "lastseen": "2019-03-18T14:35:39"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2014-9028", "CVE-2014-8962"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Check the version of flac", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "b2de9a3749f5307189abd58aa6212c4c7753f00f85ac8fc2bc9a17811152465f", "hashmap": [{"hash": "ee4b5a3d217d2a4603311b9865c0fc36", "key": "description"}, {"hash": "acee6edfc7b5add27a08c06075b77b9c", "key": "cvelist"}, {"hash": "c2b8fe7dbf4edaebfb0eed9c35f579e5", "key": "title"}, {"hash": "fccd2a461b6e11ab67c5ff4fafca5cae", "key": "pluginID"}, {"hash": "b893f6495f0629bfca8662d680c884f3", "key": "published"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "ed120e7c916dbd990f6afef208579aee", "key": "href"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "bb1e1fb1b166e4985a28af6e70902830", "key": "references"}, {"hash": "1e898993712db5cf9f9a110102684025", "key": "reporter"}, {"hash": "d532d49ab0a2b13725d15aceda7613a6", "key": "sourceData"}, {"hash": "0d134bf170d66438eb1e01173ee0187f", "key": "modified"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869877", "id": "OPENVAS:1361412562310869877", "lastseen": "2018-08-30T19:22:39", "modified": "2017-07-10T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310869877", "published": "2015-08-20T00:00:00", "references": ["2015-13160", "https://lists.fedoraproject.org/pipermail/package-announce/2015-August/163979.html"], "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for flac FEDORA-2015-13160\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869877\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-20 06:40:50 +0200 (Thu, 20 Aug 2015)\");\n script_cve_id(\"CVE-2014-8962\", \"CVE-2014-9028\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for flac FEDORA-2015-13160\");\n script_tag(name: \"summary\", value: \"Check the version of flac\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"FLAC stands for Free Lossless Audio Codec.\nGrossly oversimplified, FLAC is similar to Ogg Vorbis, but lossless. The FLAC\nproject consists of the stream format, reference encoders and decoders in library\nform, flac, a command-line program to encode and decode FLAC files, metaflac, a\ncommand-line metadata editor for FLAC files and input plugins for various music\nplayers.\n\nThis package contains the command-line tools and documentation.\n\");\n script_tag(name: \"affected\", value: \"flac on Fedora 21\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-13160\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-August/163979.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"flac\", rpm:\"flac~1.3.1~5.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "title": "Fedora Update for flac FEDORA-2015-13160", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:22:39"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2014-9028", "CVE-2014-8962"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Check the version of flac", "edition": 4, "enchantments": {"dependencies": {"modified": "2018-09-01T23:51:33", "references": [{"idList": ["FEDORA_2014-16270.NASL", "MANDRIVA_MDVSA-2015-188.NASL", "UBUNTU_USN-2426-1.NASL", "SUSE_11_FLAC-141201.NASL", "FEDORA_2014-16272.NASL", "FEDORA_2015-13145.NASL", "FEDORA_2015-13353.NASL", "FEDORA_2014-16258.NASL", "FEDORA_2014-16148.NASL", "DEBIAN_DSA-3082.NASL"], "type": "nessus"}, {"idList": ["GLSA-201412-40"], "type": "gentoo"}, {"idList": ["ALAS-2015-505"], "type": "amazon"}, {"idList": ["DEBIAN:DLA-99-1:94510", "DEBIAN:DSA-3082-1:2081C"], "type": "debian"}, {"idList": ["A33ADDF6-74E6-11E4-A615-F8B156B6DCC8"], "type": "freebsd"}, {"idList": ["F5:K17301056"], "type": "f5"}, {"idList": ["USN-2426-1"], "type": "ubuntu"}, {"idList": ["CVE-2014-9028", "CVE-2014-8962"], "type": "cve"}, {"idList": ["RHSA-2015:0767"], "type": "redhat"}, {"idList": ["ASA-201411-30"], "type": "archlinux"}, {"idList": ["SECURITYVULNS:VULN:14107", "SECURITYVULNS:DOC:31408", "SECURITYVULNS:DOC:31402"], "type": "securityvulns"}, {"idList": ["OPENVAS:1361412562310868760", "OPENVAS:1361412562310868653", "OPENVAS:1361412562310882152", "OPENVAS:1361412562310868592", "OPENVAS:1361412562310703082", "OPENVAS:1361412562310868564", "OPENVAS:1361412562310871349", "OPENVAS:1361412562310869872", "OPENVAS:703082", "OPENVAS:1361412562310868621"], "type": "openvas"}, {"idList": ["CESA-2015:0767"], "type": "centos"}, {"idList": ["ELSA-2015-0767"], "type": "oraclelinux"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "955f05686c80029edf14213a375bedf7045261cbf4e6c7ba138a85cc69137dd8", "hashmap": [{"hash": "ee4b5a3d217d2a4603311b9865c0fc36", "key": "description"}, {"hash": "acee6edfc7b5add27a08c06075b77b9c", "key": "cvelist"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "c2b8fe7dbf4edaebfb0eed9c35f579e5", "key": "title"}, {"hash": "fccd2a461b6e11ab67c5ff4fafca5cae", "key": "pluginID"}, {"hash": "b893f6495f0629bfca8662d680c884f3", "key": "published"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "ed120e7c916dbd990f6afef208579aee", "key": "href"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "bb1e1fb1b166e4985a28af6e70902830", "key": "references"}, {"hash": "1e898993712db5cf9f9a110102684025", "key": "reporter"}, {"hash": "d532d49ab0a2b13725d15aceda7613a6", "key": "sourceData"}, {"hash": "0d134bf170d66438eb1e01173ee0187f", "key": "modified"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869877", "id": "OPENVAS:1361412562310869877", "lastseen": "2018-09-01T23:51:33", "modified": "2017-07-10T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310869877", "published": "2015-08-20T00:00:00", "references": ["2015-13160", "https://lists.fedoraproject.org/pipermail/package-announce/2015-August/163979.html"], "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for flac FEDORA-2015-13160\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869877\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-20 06:40:50 +0200 (Thu, 20 Aug 2015)\");\n script_cve_id(\"CVE-2014-8962\", \"CVE-2014-9028\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for flac FEDORA-2015-13160\");\n script_tag(name: \"summary\", value: \"Check the version of flac\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"FLAC stands for Free Lossless Audio Codec.\nGrossly oversimplified, FLAC is similar to Ogg Vorbis, but lossless. The FLAC\nproject consists of the stream format, reference encoders and decoders in library\nform, flac, a command-line program to encode and decode FLAC files, metaflac, a\ncommand-line metadata editor for FLAC files and input plugins for various music\nplayers.\n\nThis package contains the command-line tools and documentation.\n\");\n script_tag(name: \"affected\", value: \"flac on Fedora 21\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-13160\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-August/163979.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"flac\", rpm:\"flac~1.3.1~5.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "title": "Fedora Update for flac FEDORA-2015-13160", "type": "openvas", "viewCount": 0}, "differentElements": ["description", "modified", "sourceData"], "edition": 4, "lastseen": "2018-09-01T23:51:33"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2014-9028", "CVE-2014-8962"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Check the version of flac", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "955f05686c80029edf14213a375bedf7045261cbf4e6c7ba138a85cc69137dd8", "hashmap": [{"hash": "ee4b5a3d217d2a4603311b9865c0fc36", "key": "description"}, {"hash": "acee6edfc7b5add27a08c06075b77b9c", "key": "cvelist"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "c2b8fe7dbf4edaebfb0eed9c35f579e5", "key": "title"}, {"hash": "fccd2a461b6e11ab67c5ff4fafca5cae", "key": "pluginID"}, {"hash": "b893f6495f0629bfca8662d680c884f3", "key": "published"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "ed120e7c916dbd990f6afef208579aee", "key": "href"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "bb1e1fb1b166e4985a28af6e70902830", "key": "references"}, {"hash": "1e898993712db5cf9f9a110102684025", "key": "reporter"}, {"hash": "d532d49ab0a2b13725d15aceda7613a6", "key": "sourceData"}, {"hash": "0d134bf170d66438eb1e01173ee0187f", "key": "modified"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869877", "id": "OPENVAS:1361412562310869877", "lastseen": "2017-07-25T10:52:18", "modified": "2017-07-10T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310869877", "published": "2015-08-20T00:00:00", "references": ["2015-13160", "https://lists.fedoraproject.org/pipermail/package-announce/2015-August/163979.html"], "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for flac FEDORA-2015-13160\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869877\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-20 06:40:50 +0200 (Thu, 20 Aug 2015)\");\n script_cve_id(\"CVE-2014-8962\", \"CVE-2014-9028\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for flac FEDORA-2015-13160\");\n script_tag(name: \"summary\", value: \"Check the version of flac\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"FLAC stands for Free Lossless Audio Codec.\nGrossly oversimplified, FLAC is similar to Ogg Vorbis, but lossless. The FLAC\nproject consists of the stream format, reference encoders and decoders in library\nform, flac, a command-line program to encode and decode FLAC files, metaflac, a\ncommand-line metadata editor for FLAC files and input plugins for various music\nplayers.\n\nThis package contains the command-line tools and documentation.\n\");\n script_tag(name: \"affected\", value: \"flac on Fedora 21\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-13160\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-August/163979.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"flac\", rpm:\"flac~1.3.1~5.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "title": "Fedora Update for flac FEDORA-2015-13160", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2017-07-25T10:52:18"}], "edition": 6, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "acee6edfc7b5add27a08c06075b77b9c"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "description", "hash": "1693b96dcccf4fbcd463bf8baaa2bf3f"}, {"key": "href", "hash": "ed120e7c916dbd990f6afef208579aee"}, {"key": "modified", "hash": "4525bc09d1c4c408a417a5eb7b850972"}, {"key": "naslFamily", "hash": "be931514784f88df80712740ad2723e7"}, {"key": "pluginID", "hash": "fccd2a461b6e11ab67c5ff4fafca5cae"}, {"key": "published", "hash": "b893f6495f0629bfca8662d680c884f3"}, {"key": "references", "hash": "bb1e1fb1b166e4985a28af6e70902830"}, {"key": "reporter", "hash": "1e898993712db5cf9f9a110102684025"}, {"key": "sourceData", "hash": "a3b5eb976c101cfbc49f1a241d12a08a"}, {"key": "title", "hash": "c2b8fe7dbf4edaebfb0eed9c35f579e5"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "ccb40770dc73ce1cb833ce03af7d7c8625a9d7c66b0e5cf80b631d6efb55292a", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "f5", "idList": ["F5:K17301056"]}, {"type": "cve", "idList": ["CVE-2014-9028", "CVE-2014-8962"]}, {"type": "redhat", "idList": ["RHSA-2015:0767"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31408", "SECURITYVULNS:DOC:31402", "SECURITYVULNS:VULN:14107"]}, {"type": "ubuntu", "idList": ["USN-2426-1"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-99.NASL", "REDHAT-RHSA-2015-0767.NASL", "UBUNTU_USN-2426-1.NASL", "FEDORA_2015-13160.NASL", "SUSE_11_FLAC-141201.NASL", "MANDRIVA_MDVSA-2014-239.NASL", "MANDRIVA_MDVSA-2015-188.NASL", "FEDORA_2014-16258.NASL", "FEDORA_2014-16251.NASL", "DEBIAN_DSA-3082.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310868588", "OPENVAS:1361412562310869872", "OPENVAS:1361412562310123145", "OPENVAS:1361412562310868592", "OPENVAS:1361412562310868621", "OPENVAS:1361412562310868760", "OPENVAS:1361412562310882152", "OPENVAS:1361412562310868653", "OPENVAS:1361412562310120372", "OPENVAS:1361412562310882157"]}, {"type": "debian", "idList": ["DEBIAN:DLA-99-1:94510", "DEBIAN:DSA-3082-1:2081C"]}, {"type": "amazon", "idList": ["ALAS-2015-505"]}, {"type": "archlinux", "idList": ["ASA-201411-30"]}, {"type": "freebsd", "idList": ["A33ADDF6-74E6-11E4-A615-F8B156B6DCC8"]}, {"type": "centos", "idList": ["CESA-2015:0767"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-0767"]}, {"type": "gentoo", "idList": ["GLSA-201412-40"]}], "modified": "2019-05-29T18:36:40"}, "score": {"value": 7.0, "vector": "NONE", "modified": "2019-05-29T18:36:40"}, "vulnersScore": 7.0}, "objectVersion": "1.3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for flac FEDORA-2015-13160\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869877\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-20 06:40:50 +0200 (Thu, 20 Aug 2015)\");\n script_cve_id(\"CVE-2014-8962\", \"CVE-2014-9028\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for flac FEDORA-2015-13160\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'flac'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"flac on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-13160\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-August/163979.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"flac\", rpm:\"flac~1.3.1~5.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks", "pluginID": "1361412562310869877", "scheme": null}
{"f5": [{"lastseen": "2017-08-03T22:23:38", "bulletinFamily": "software", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP AAM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP ASM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP DNS| None| 13.0.0 \n12.0.0 - 12.1.2| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1| Not vulnerable| None \nBIG-IP GTM| None| 11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP Link Controller| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP PEM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.1| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1| Not vulnerable| None \nBIG-IP WebSafe| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.3.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.2.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.2| Not vulnerable| None \nTraffix SDC| None| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "modified": "2017-07-19T21:00:00", "published": "2017-07-19T21:00:00", "href": "https://support.f5.com/csp/article/K17301056", "id": "F5:K17301056", "title": "libFLAC vulnerabilities CVE-2014-8962 and CVE-2014-9028", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cve": [{"lastseen": "2019-05-29T18:13:49", "bulletinFamily": "NVD", "description": "Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.", "modified": "2018-10-09T19:54:00", "id": "CVE-2014-9028", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9028", "published": "2014-11-26T15:59:00", "title": "CVE-2014-9028", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:13:49", "bulletinFamily": "NVD", "description": "Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.", "modified": "2018-10-09T19:54:00", "id": "CVE-2014-8962", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8962", "published": "2014-11-26T15:59:00", "title": "CVE-2014-8962", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-10-24T22:35:54", "bulletinFamily": "unix", "description": "Package : flac\nVersion : 1.2.1-2+deb6u1\nCVE ID : CVE-2014-8962 CVE-2014-9028\n\nMichele Spagnuolo, of Google Security Team, and Miroslav Lichvar, of\nRed Hat, discovered two issues in flac, a library handling Free\nLossless Audio Codec media: by providing a specially crafted FLAC\nfile, an attacker could execute arbitrary code.\n\nCVE-2014-8962\n\n heap-based buffer overflow in stream_decoder.c, allowing\n remote attackers to execute arbitrary code via a specially\n crafted .flac file.\n\n\nCVE-2014-9028\n\n stack-based buffer overflow in stream_decoder.c, allowing\n remote attackers to execute arbitrary code via a specially\n crafted .flac file.\n", "modified": "2014-12-05T19:00:39", "published": "2014-12-05T19:00:39", "id": "DEBIAN:DLA-99-1:94510", "href": "https://lists.debian.org/debian-lts-announce/2014/debian-lts-announce-201412/msg00002.html", "title": "[SECURITY] [DLA 99-1] flac security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-22T02:28:07", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3082-1 security@debian.org\nhttp://www.debian.org/security/ Sebastien Delafond\nNovember 30, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : flac\nCVE ID : CVE-2014-8962 CVE-2014-9028\nDebian Bug : 770918\n\nMichele Spagnuolo, of Google Security Team, and Miroslav Lichvar, of\nRed Hat, discovered two issues in flac, a library handling Free\nLossless Audio Codec media: by providing a specially crafted FLAC\nfile, an attacker could execute arbitrary code.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.2.1-6+deb7u1.\n\nFor the testing distribution (jessie) and unstable distribution (sid),\nthese problems have been fixed in version 1.3.0-3.\n\nWe recommend that you upgrade your flac packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2014-11-30T13:37:02", "published": "2014-11-30T13:37:02", "id": "DEBIAN:DSA-3082-1:2081C", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00272.html", "title": "[SECURITY] [DSA 3082-1] flac security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:36:40", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-01-05T00:00:00", "id": "OPENVAS:1361412562310868760", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868760", "title": "Fedora Update for mingw-flac FEDORA-2014-16148", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-flac FEDORA-2014-16148\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868760\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-05 14:50:12 +0100 (Mon, 05 Jan 2015)\");\n script_cve_id(\"CVE-2014-9028\", \"CVE-2014-8962\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mingw-flac FEDORA-2014-16148\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-flac'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mingw-flac on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2014-16148\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146167.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-flac\", rpm:\"mingw-flac~1.3.1~1.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:30", "bulletinFamily": "scanner", "description": "Check the version of mingw-flac", "modified": "2019-03-15T00:00:00", "published": "2014-12-14T00:00:00", "id": "OPENVAS:1361412562310868592", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868592", "title": "Fedora Update for mingw-flac FEDORA-2014-16251", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-flac FEDORA-2014-16251\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868592\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-12-14 06:03:51 +0100 (Sun, 14 Dec 2014)\");\n script_cve_id(\"CVE-2014-9028\", \"CVE-2014-8962\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mingw-flac FEDORA-2014-16251\");\n script_tag(name:\"summary\", value:\"Check the version of mingw-flac\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mingw-flac on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2014-16251\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146152.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-flac\", rpm:\"mingw-flac~1.3.1~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:58", "bulletinFamily": "scanner", "description": "Check the version of flac", "modified": "2019-03-08T00:00:00", "published": "2015-04-02T00:00:00", "id": "OPENVAS:1361412562310882152", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882152", "title": "CentOS Update for flac CESA-2015:0767 centos7", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for flac CESA-2015:0767 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882152\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-02 07:11:12 +0200 (Thu, 02 Apr 2015)\");\n script_cve_id(\"CVE-2014-8962\", \"CVE-2014-9028\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for flac CESA-2015:0767 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of flac\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The flac packages contain a decoder and an encoder for the FLAC (Free\nLossless Audio Codec) audio file format.\n\nA buffer overflow flaw was found in the way flac decoded FLAC audio files.\nAn attacker could create a specially crafted FLAC audio file that could\ncause an application using the flac library to crash or execute arbitrary\ncode when the file was read. (CVE-2014-9028)\n\nA buffer over-read flaw was found in the way flac processed certain ID3v2\nmetadata. An attacker could create a specially crafted FLAC audio file that\ncould cause an application using the flac library to crash when the file\nwas read. (CVE-2014-8962)\n\nAll flac users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdate, all applications linked against the flac library must be restarted\nfor this update to take effect.\");\n script_tag(name:\"affected\", value:\"flac on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:0767\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-April/021045.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"flac\", rpm:\"flac~1.3.0~5.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"flac-devel\", rpm:\"flac-devel~1.3.0~5.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"flac-libs\", rpm:\"flac-libs~1.3.0~5.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:30", "bulletinFamily": "scanner", "description": "Check the version of flac", "modified": "2019-03-15T00:00:00", "published": "2014-12-21T00:00:00", "id": "OPENVAS:1361412562310868621", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868621", "title": "Fedora Update for flac FEDORA-2014-16272", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for flac FEDORA-2014-16272\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868621\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-12-21 05:57:36 +0100 (Sun, 21 Dec 2014)\");\n script_cve_id(\"CVE-2014-9028\", \"CVE-2014-8962\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for flac FEDORA-2014-16272\");\n script_tag(name:\"summary\", value:\"Check the version of flac\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"flac on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2014-16272\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146545.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"flac\", rpm:\"flac~1.3.1~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:54", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-01-05T00:00:00", "id": "OPENVAS:1361412562310868653", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868653", "title": "Fedora Update for flac FEDORA-2014-16175", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for flac FEDORA-2014-16175\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868653\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-05 14:39:14 +0100 (Mon, 05 Jan 2015)\");\n script_cve_id(\"CVE-2014-9028\", \"CVE-2014-8962\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for flac FEDORA-2014-16175\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'flac'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"flac on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2014-16175\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146056.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"flac\", rpm:\"flac~1.3.1~1.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:07", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-08-15T00:00:00", "id": "OPENVAS:1361412562310869872", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869872", "title": "Fedora Update for flac FEDORA-2015-13145", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for flac FEDORA-2015-13145\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869872\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-15 05:04:45 +0200 (Sat, 15 Aug 2015)\");\n script_cve_id(\"CVE-2014-8962\", \"CVE-2014-9028\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for flac FEDORA-2015-13145\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'flac'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"flac on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-13145\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-August/163868.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"flac\", rpm:\"flac~1.3.1~5.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:14", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2015-0767", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123145", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123145", "title": "Oracle Linux Local Check: ELSA-2015-0767", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-0767.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123145\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 13:59:55 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-0767\");\n script_tag(name:\"insight\", value:\"ELSA-2015-0767 - flac security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-0767\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-0767.html\");\n script_cve_id(\"CVE-2014-8962\", \"CVE-2014-9028\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"flac\", rpm:\"flac~1.3.0~5.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"flac-devel\", rpm:\"flac-devel~1.3.0~5.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"flac-libs\", rpm:\"flac-libs~1.3.0~5.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"flac\", rpm:\"flac~1.2.1~7.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"flac-devel\", rpm:\"flac-devel~1.2.1~7.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:21", "bulletinFamily": "scanner", "description": "Check the version of mingw-flac", "modified": "2019-03-15T00:00:00", "published": "2014-12-14T00:00:00", "id": "OPENVAS:1361412562310868588", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868588", "title": "Fedora Update for mingw-flac FEDORA-2014-16270", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-flac FEDORA-2014-16270\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868588\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-12-14 06:03:12 +0100 (Sun, 14 Dec 2014)\");\n script_cve_id(\"CVE-2014-9028\", \"CVE-2014-8962\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mingw-flac FEDORA-2014-16270\");\n script_tag(name:\"summary\", value:\"Check the version of mingw-flac\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mingw-flac on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2014-16270\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146154.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-flac\", rpm:\"mingw-flac~1.3.1~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-31T10:49:07", "bulletinFamily": "scanner", "description": "Michele Spagnuolo, of Google Security\nTeam, and Miroslav Lichvar, of Red Hat, discovered two issues in flac, a library\nhandling Free Lossless Audio Codec media: by providing a specially crafted FLAC\nfile, an attacker could execute arbitrary code.", "modified": "2017-07-14T00:00:00", "published": "2014-11-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703082", "id": "OPENVAS:703082", "title": "Debian Security Advisory DSA 3082-1 (flac - security update)", "type": "openvas", "sourceData": "###########################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_3082.nasl 6724 2017-07-14 09:57:17Z teissa $\n# Auto-generated from advisory DSA 3082-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n##############################################################################\n\nif(description)\n{\n script_id(703082);\n script_version(\"$Revision: 6724 $\");\n script_cve_id(\"CVE-2014-8962\", \"CVE-2014-9028\");\n script_name(\"Debian Security Advisory DSA 3082-1 (flac - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-14 11:57:17 +0200 (Fri, 14 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2014-11-30 00:00:00 +0100 (Sun, 30 Nov 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3082.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"flac on Debian Linux\");\n script_tag(name: \"insight\", value: \"FLAC stands for Free Lossless Audio\nCodec. Grossly oversimplified, FLAC is similar to MP3, but lossless. The FLAC\nproject consists of:\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthese problems have been fixed in version 1.2.1-6+deb7u1.\n\nFor the testing distribution (jessie) and unstable distribution (sid),\nthese problems have been fixed in version 1.3.0-3.\n\nWe recommend that you upgrade your flac packages.\");\n script_tag(name: \"summary\", value: \"Michele Spagnuolo, of Google Security\nTeam, and Miroslav Lichvar, of Red Hat, discovered two issues in flac, a library\nhandling Free Lossless Audio Codec media: by providing a specially crafted FLAC\nfile, an attacker could execute arbitrary code.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"flac\", ver:\"1.2.1-6+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libflac++-dev\", ver:\"1.2.1-6+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libflac++6\", ver:\"1.2.1-6+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libflac-dev\", ver:\"1.2.1-6+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libflac-doc\", ver:\"1.2.1-6+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libflac8\", ver:\"1.2.1-6+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:02", "bulletinFamily": "scanner", "description": "Check the version of flac", "modified": "2019-03-08T00:00:00", "published": "2015-04-02T00:00:00", "id": "OPENVAS:1361412562310882157", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882157", "title": "CentOS Update for flac CESA-2015:0767 centos6", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for flac CESA-2015:0767 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882157\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-02 07:12:28 +0200 (Thu, 02 Apr 2015)\");\n script_cve_id(\"CVE-2014-8962\", \"CVE-2014-9028\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for flac CESA-2015:0767 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of flac\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The flac packages contain a decoder and an encoder for the FLAC (Free\nLossless Audio Codec) audio file format.\n\nA buffer overflow flaw was found in the way flac decoded FLAC audio files.\nAn attacker could create a specially crafted FLAC audio file that could\ncause an application using the flac library to crash or execute arbitrary\ncode when the file was read. (CVE-2014-9028)\n\nA buffer over-read flaw was found in the way flac processed certain ID3v2\nmetadata. An attacker could create a specially crafted FLAC audio file that\ncould cause an application using the flac library to crash when the file\nwas read. (CVE-2014-8962)\n\nAll flac users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdate, all applications linked against the flac library must be restarted\nfor this update to take effect.\");\n script_tag(name:\"affected\", value:\"flac on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:0767\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-March/021008.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"flac\", rpm:\"flac~1.2.1~7.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"flac-devel\", rpm:\"flac-devel~1.2.1~7.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2019-11-01T02:27:13", "bulletinFamily": "scanner", "description": "Security fix for CVE-2014-9028, CVE-2014-8962\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2014-16258.NASL", "href": "https://www.tenable.com/plugins/nessus/79792", "published": "2014-12-07T00:00:00", "title": "Fedora 20 : flac-1.3.1-1.fc20 (2014-16258)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-16258.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79792);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:23:30 $\");\n\n script_cve_id(\"CVE-2014-8962\", \"CVE-2014-9028\");\n script_bugtraq_id(71280, 71282);\n script_xref(name:\"FEDORA\", value:\"2014-16258\");\n\n script_name(english:\"Fedora 20 : flac-1.3.1-1.fc20 (2014-16258)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2014-9028, CVE-2014-8962\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1167236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1167741\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145728.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?57404630\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected flac package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:flac\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"flac-1.3.1-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flac\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:27:20", "bulletinFamily": "scanner", "description": "Update flac to fix security issue in xmms-flac plugin (previously an\nindependent subpackage that was out of date).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2015-13145.NASL", "href": "https://www.tenable.com/plugins/nessus/85424", "published": "2015-08-17T00:00:00", "title": "Fedora 22 : flac-1.3.1-5.fc22 (2015-13145)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-13145.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85424);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:57:25 $\");\n\n script_cve_id(\"CVE-2014-8962\", \"CVE-2014-9028\");\n script_xref(name:\"FEDORA\", value:\"2015-13145\");\n\n script_name(english:\"Fedora 22 : flac-1.3.1-5.fc22 (2015-13145)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update flac to fix security issue in xmms-flac plugin (previously an\nindependent subpackage that was out of date).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1167236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1167741\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-August/163868.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d0aa58aa\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected flac package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:flac\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"flac-1.3.1-5.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flac\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:39:16", "bulletinFamily": "scanner", "description": "Erik de Castro Lopo reports :\n\nGoogle Security Team member, Michele Spagnuolo, recently found two\npotential problems in the FLAC code base. They are :\n\n- CVE-2014-9028: Heap buffer write overflow.\n\n- CVE-2014-8962: Heap buffer read overflow.", "modified": "2019-11-02T00:00:00", "id": "FREEBSD_PKG_A33ADDF674E611E4A615F8B156B6DCC8.NASL", "href": "https://www.tenable.com/plugins/nessus/79567", "published": "2014-11-26T00:00:00", "title": "FreeBSD : flac -- Multiple vulnerabilities (a33addf6-74e6-11e4-a615-f8b156b6dcc8)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79567);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/11/10 11:49:43\");\n\n script_cve_id(\"CVE-2014-8962\", \"CVE-2014-9028\");\n\n script_name(english:\"FreeBSD : flac -- Multiple vulnerabilities (a33addf6-74e6-11e4-a615-f8b156b6dcc8)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Erik de Castro Lopo reports :\n\nGoogle Security Team member, Michele Spagnuolo, recently found two\npotential problems in the FLAC code base. They are :\n\n- CVE-2014-9028: Heap buffer write overflow.\n\n- CVE-2014-8962: Heap buffer read overflow.\"\n );\n # https://git.xiph.org/?p=flac.git;a=commit;h=5b3033a2b355068c11fe637e14ac742d273f076e\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?32a2259e\"\n );\n # https://git.xiph.org/?p=flac.git;a=commit;h=fcf0ba06ae12ccd7c67cee3c8d948df15f946b85\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?42f6725d\"\n );\n # https://vuxml.freebsd.org/freebsd/a33addf6-74e6-11e4-a615-f8b156b6dcc8.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ad01562d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:flac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c6-flac\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"flac<1.3.0_3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-c6-flac<1.2.1_3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:27:13", "bulletinFamily": "scanner", "description": "Security fix for CVE-2014-9028, CVE-2014-8962\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2014-16175.NASL", "href": "https://www.tenable.com/plugins/nessus/79918", "published": "2014-12-15T00:00:00", "title": "Fedora 21 : flac-1.3.1-1.fc21 (2014-16175)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-16175.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79918);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:23:29 $\");\n\n script_cve_id(\"CVE-2014-8962\", \"CVE-2014-9028\");\n script_xref(name:\"FEDORA\", value:\"2014-16175\");\n\n script_name(english:\"Fedora 21 : flac-1.3.1-1.fc21 (2014-16175)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2014-9028, CVE-2014-8962\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1167236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1167741\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146056.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4275d3be\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected flac package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:flac\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"flac-1.3.1-1.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flac\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:27:13", "bulletinFamily": "scanner", "description": "Security fix for CVE-2014-9028, CVE-2014-8962\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2014-16251.NASL", "href": "https://www.tenable.com/plugins/nessus/79925", "published": "2014-12-15T00:00:00", "title": "Fedora 19 : mingw-flac-1.3.1-1.fc19 (2014-16251)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-16251.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79925);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:23:30 $\");\n\n script_cve_id(\"CVE-2014-8962\", \"CVE-2014-9028\");\n script_xref(name:\"FEDORA\", value:\"2014-16251\");\n\n script_name(english:\"Fedora 19 : mingw-flac-1.3.1-1.fc19 (2014-16251)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2014-9028, CVE-2014-8962\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1167236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1167741\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146152.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?10eeba71\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-flac package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-flac\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"mingw-flac-1.3.1-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-flac\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:27:13", "bulletinFamily": "scanner", "description": "Security fix for CVE-2014-9028, CVE-2014-8962\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2014-16148.NASL", "href": "https://www.tenable.com/plugins/nessus/79916", "published": "2014-12-15T00:00:00", "title": "Fedora 21 : mingw-flac-1.3.1-1.fc21 (2014-16148)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-16148.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79916);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:23:29 $\");\n\n script_cve_id(\"CVE-2014-8962\", \"CVE-2014-9028\");\n script_xref(name:\"FEDORA\", value:\"2014-16148\");\n\n script_name(english:\"Fedora 21 : mingw-flac-1.3.1-1.fc21 (2014-16148)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2014-9028, CVE-2014-8962\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1167236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1167741\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146167.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5886f3e1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-flac package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-flac\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"mingw-flac-1.3.1-1.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-flac\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:21:19", "bulletinFamily": "scanner", "description": "Michele Spagnuolo, of Google Security Team, and Miroslav Lichvar, of\nRed Hat, discovered two issues in flac, a library handling Free\nLossless Audio Codec media: by providing a specially crafted FLAC\nfile, an attacker could execute arbitrary code.", "modified": "2019-11-02T00:00:00", "id": "DEBIAN_DSA-3082.NASL", "href": "https://www.tenable.com/plugins/nessus/79636", "published": "2014-12-01T00:00:00", "title": "Debian DSA-3082-1 : flac - security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3082. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79636);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/10 11:49:36\");\n\n script_cve_id(\"CVE-2014-8962\", \"CVE-2014-9028\");\n script_bugtraq_id(71280, 71282);\n script_xref(name:\"DSA\", value:\"3082\");\n\n script_name(english:\"Debian DSA-3082-1 : flac - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Michele Spagnuolo, of Google Security Team, and Miroslav Lichvar, of\nRed Hat, discovered two issues in flac, a library handling Free\nLossless Audio Codec media: by providing a specially crafted FLAC\nfile, an attacker could execute arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770918\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/flac\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-3082\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the flac packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 1.2.1-6+deb7u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:flac\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"flac\", reference:\"1.2.1-6+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libflac++-dev\", reference:\"1.2.1-6+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libflac++6\", reference:\"1.2.1-6+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libflac-dev\", reference:\"1.2.1-6+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libflac-doc\", reference:\"1.2.1-6+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libflac8\", reference:\"1.2.1-6+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-03T12:17:49", "bulletinFamily": "scanner", "description": "flac was updated to fix two security issues :\n\n - Stack overflow may result in arbitrary code execution.\n (CVE-2014-8962)\n\n - Heap overflow via specially crafted .flac files.\n (CVE-2014-9028)", "modified": "2019-11-02T00:00:00", "id": "SUSE_11_FLAC-141201.NASL", "href": "https://www.tenable.com/plugins/nessus/79761", "published": "2014-12-06T00:00:00", "title": "SuSE 11.3 Security Update : flac (SAT Patch Number 10029)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79761);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/12/06 16:28:19 $\");\n\n script_cve_id(\"CVE-2014-8962\", \"CVE-2014-9028\");\n\n script_name(english:\"SuSE 11.3 Security Update : flac (SAT Patch Number 10029)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"flac was updated to fix two security issues :\n\n - Stack overflow may result in arbitrary code execution.\n (CVE-2014-8962)\n\n - Heap overflow via specially crafted .flac files.\n (CVE-2014-9028)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=906831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=907016\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-8962.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-9028.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 10029.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libFLAC++6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libFLAC8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libFLAC8-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"libFLAC++6-1.2.1-68.17.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"libFLAC8-1.2.1-68.17.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libFLAC++6-1.2.1-68.17.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libFLAC8-1.2.1-68.17.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libFLAC8-32bit-1.2.1-68.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"libFLAC++6-1.2.1-68.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"libFLAC8-1.2.1-68.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"libFLAC8-32bit-1.2.1-68.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"libFLAC8-32bit-1.2.1-68.17.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-03T12:30:54", "bulletinFamily": "scanner", "description": "Michele Spagnuolo discovered that FLAC incorrectly handled certain\nmalformed audio files. An attacker could use this issue to cause FLAC\nto crash, resulting in a denial of service, or possibly execute\narbitrary code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "UBUNTU_USN-2426-1.NASL", "href": "https://www.tenable.com/plugins/nessus/79622", "published": "2014-11-28T00:00:00", "title": "Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : flac vulnerabilities (USN-2426-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2426-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79622);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/19 12:54:31\");\n\n script_cve_id(\"CVE-2014-8962\", \"CVE-2014-9028\");\n script_bugtraq_id(71280, 71282);\n script_xref(name:\"USN\", value:\"2426-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : flac vulnerabilities (USN-2426-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Michele Spagnuolo discovered that FLAC incorrectly handled certain\nmalformed audio files. An attacker could use this issue to cause FLAC\nto crash, resulting in a denial of service, or possibly execute\narbitrary code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2426-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libflac++6 and / or libflac8 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libflac++6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libflac8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|12\\.04|14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 12.04 / 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libflac++6\", pkgver:\"1.2.1-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libflac8\", pkgver:\"1.2.1-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libflac++6\", pkgver:\"1.2.1-6ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libflac8\", pkgver:\"1.2.1-6ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libflac++6\", pkgver:\"1.3.0-2ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libflac8\", pkgver:\"1.3.0-2ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"libflac++6\", pkgver:\"1.3.0-2ubuntu0.14.10.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"libflac8\", pkgver:\"1.3.0-2ubuntu0.14.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libflac++6 / libflac8\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:55:17", "bulletinFamily": "scanner", "description": "Updated flac packages fix security vulnerabilities :\n\nIn libFLAC before 1.3.1, a stack overflow (CVE-2014-8962) and a heap\noverflow (CVE-2014-9028), which may result in arbitrary code\nexecution, can be triggered by passing a maliciously crafted .flac\nfile to the libFLAC decoder.", "modified": "2019-11-02T00:00:00", "id": "MANDRIVA_MDVSA-2014-239.NASL", "href": "https://www.tenable.com/plugins/nessus/79984", "published": "2014-12-15T00:00:00", "title": "Mandriva Linux Security Advisory : flac (MDVSA-2014:239)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:239. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79984);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/08/02 13:32:56\");\n\n script_cve_id(\"CVE-2014-8962\", \"CVE-2014-9028\");\n script_bugtraq_id(71280, 71282);\n script_xref(name:\"MDVSA\", value:\"2014:239\");\n\n script_name(english:\"Mandriva Linux Security Advisory : flac (MDVSA-2014:239)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated flac packages fix security vulnerabilities :\n\nIn libFLAC before 1.3.1, a stack overflow (CVE-2014-8962) and a heap\noverflow (CVE-2014-9028), which may result in arbitrary code\nexecution, can be triggered by passing a maliciously crafted .flac\nfile to the libFLAC decoder.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0499.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:flac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64flac++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64flac++6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64flac-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64flac8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"flac-1.2.1-11.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64flac++-devel-1.2.1-11.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64flac++6-1.2.1-11.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64flac-devel-1.2.1-11.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64flac8-1.2.1-11.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2019-05-29T17:22:33", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nA buffer overflow flaw was found in the way flac decoded FLAC audio files. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash or execute arbitrary code when the file was read. ([CVE-2014-9028 __](<https://access.redhat.com/security/cve/CVE-2014-9028>))\n\nA buffer over-read flaw was found in the way flac processed certain ID3v2 metadata. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash when the file was read. ([CVE-2014-8962 __](<https://access.redhat.com/security/cve/CVE-2014-8962>))\n\n \n**Affected Packages:** \n\n\nflac\n\n \n**Issue Correction:** \nRun _yum update flac_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n flac-1.2.1-7.7.amzn1.i686 \n flac-devel-1.2.1-7.7.amzn1.i686 \n flac-debuginfo-1.2.1-7.7.amzn1.i686 \n \n src: \n flac-1.2.1-7.7.amzn1.src \n \n x86_64: \n flac-devel-1.2.1-7.7.amzn1.x86_64 \n flac-1.2.1-7.7.amzn1.x86_64 \n flac-debuginfo-1.2.1-7.7.amzn1.x86_64 \n \n \n", "modified": "2015-04-15T22:16:00", "published": "2015-04-15T22:16:00", "id": "ALAS-2015-505", "href": "https://alas.aws.amazon.com/ALAS-2015-505.html", "title": "Important: flac", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:44:40", "bulletinFamily": "unix", "description": "The flac packages contain a decoder and an encoder for the FLAC (Free\nLossless Audio Codec) audio file format.\n\nA buffer overflow flaw was found in the way flac decoded FLAC audio files.\nAn attacker could create a specially crafted FLAC audio file that could\ncause an application using the flac library to crash or execute arbitrary\ncode when the file was read. (CVE-2014-9028)\n\nA buffer over-read flaw was found in the way flac processed certain ID3v2\nmetadata. An attacker could create a specially crafted FLAC audio file that\ncould cause an application using the flac library to crash when the file\nwas read. (CVE-2014-8962)\n\nAll flac users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdate, all applications linked against the flac library must be restarted\nfor this update to take effect.\n", "modified": "2018-06-06T20:24:25", "published": "2015-03-31T04:00:00", "id": "RHSA-2015:0767", "href": "https://access.redhat.com/errata/RHSA-2015:0767", "type": "redhat", "title": "(RHSA-2015:0767) Important: flac security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:55", "bulletinFamily": "software", "description": "\r\n\r\n\r\nDescription:\r\n\r\nFLAC is an open source lossless audio codec supported by several software\r\nand music players.\r\n\r\nThe libFLAC project, an open source library implementing reference\r\nencoders and decoders for native FLAC and Ogg FLAC audio content,\r\nsuffers from multiple implementation issues.\r\n\r\nIn particular, a stack overflow and a heap overflow condition, which may\r\nresult in arbitrary code execution, can be triggered by passing a maliciously\r\ncrafted .flac file to the libFLAC decoder.\r\n\r\nAffected version:\r\n\r\nlibFLAC <= 1.3.0\r\n\r\nThe following packages were identified as affected as they statically\r\ninclude libFLAC in their own packages.\r\n\r\nMax <= 0.9.1\r\nCog <= 0.07\r\ncinelerra <= 4.6\r\nJUCE <= 3.1.0 (juce_audio_formats module)\r\n\r\nFixed version:\r\n\r\nlibFLAC >= 1.3.1\r\n\r\nMax N/A\r\nCog N/A\r\ncinelerra N/A\r\nJUCE N/A\r\n\r\nCredit: vulnerability report from Michele Spagnuolo of Google Security Team <mikispag AT google.com>\r\n\r\nCVE:\r\n\r\nCVE-2014-8962 (stack overflow)\r\nCVE-2014-9028 (heap overflow)\r\n\r\nTimeline:\r\n\r\n2014-11-12: heap overflow report received\r\n2014-11-12: contacted maintainer\r\n2014-11-14: patch provided by maintainer\r\n2014-11-17: reporter confirms patch\r\n2014-11-20: stack overflow vulnerability reported\r\n2014-11-21: assigned CVE (heap overflow)\r\n2014-11-22: contacted affected vendors\r\n2014-11-23: contacted additional affected vendors\r\n2014-11-25: advisory release\r\n\r\nReferences:\r\n\r\nhttps://git.xiph.org/?p=flac.git;a=commit;h=5b3033a2b355068c11fe637e14ac742d273f076e\r\nhttps://git.xiph.org/?p=flac.git;a=commit;h=fcf0ba06ae12ccd7c67cee3c8d948df15f946b85\r\n\r\nPermalink:\r\n\r\nhttp://www.ocert.org/advisories/ocert-2014-008.html\r\n\r\n--\r\n Daniele Bianco Open Source Computer Security Incident Response Team\r\n <danbia@ocert.org> http://www.ocert.org\r\n\r\n GPG Key 0x9544A497\r\n GPG Key fingerprint = 88A7 43F4 F28F 1B9D 6F2D 4AC5 AE75 822E 9544 A497\r\n\r\n", "modified": "2014-11-30T00:00:00", "published": "2014-11-30T00:00:00", "id": "SECURITYVULNS:DOC:31408", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31408", "title": "[oCERT 2014-008] libFLAC multiple issues", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:55", "bulletinFamily": "software", "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2426-1\r\nNovember 27, 2014\r\n\r\nflac vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 14.10\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n- Ubuntu 10.04 LTS\r\n\r\nSummary:\r\n\r\nFLAC could be made to crash or run programs as your login if it opened a\r\nspecially crafted file.\r\n\r\nSoftware Description:\r\n- flac: Free Lossless Audio Codec\r\n\r\nDetails:\r\n\r\nMichele Spagnuolo discovered that FLAC incorrectly handled certain\r\nmalformed audio files. An attacker could use this issue to cause FLAC to\r\ncrash, resulting in a denial of service, or possibly execute arbitrary\r\ncode.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 14.10:\r\n libflac++6 1.3.0-2ubuntu0.14.10.1\r\n libflac8 1.3.0-2ubuntu0.14.10.1\r\n\r\nUbuntu 14.04 LTS:\r\n libflac++6 1.3.0-2ubuntu0.14.04.1\r\n libflac8 1.3.0-2ubuntu0.14.04.1\r\n\r\nUbuntu 12.04 LTS:\r\n libflac++6 1.2.1-6ubuntu0.1\r\n libflac8 1.2.1-6ubuntu0.1\r\n\r\nUbuntu 10.04 LTS:\r\n libflac++6 1.2.1-2ubuntu0.1\r\n libflac8 1.2.1-2ubuntu0.1\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2426-1\r\n CVE-2014-8962, CVE-2014-9028\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/flac/1.3.0-2ubuntu0.14.10.1\r\n https://launchpad.net/ubuntu/+source/flac/1.3.0-2ubuntu0.14.04.1\r\n https://launchpad.net/ubuntu/+source/flac/1.2.1-6ubuntu0.1\r\n https://launchpad.net/ubuntu/+source/flac/1.2.1-2ubuntu0.1\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "modified": "2014-11-30T00:00:00", "published": "2014-11-30T00:00:00", "id": "SECURITYVULNS:DOC:31402", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31402", "title": "[USN-2426-1] FLAC vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:58", "bulletinFamily": "software", "description": "Buffer overflows on audio files parsing.", "modified": "2014-11-30T00:00:00", "published": "2014-11-30T00:00:00", "id": "SECURITYVULNS:VULN:14107", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14107", "title": "flac memory corruptions", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2019-05-29T17:23:19", "bulletinFamily": "unix", "description": "Michele Spagnuolo discovered that FLAC incorrectly handled certain malformed audio files. An attacker could use this issue to cause FLAC to crash, resulting in a denial of service, or possibly execute arbitrary code.", "modified": "2014-11-27T00:00:00", "published": "2014-11-27T00:00:00", "id": "USN-2426-1", "href": "https://usn.ubuntu.com/2426-1/", "title": "FLAC vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-05-29T18:35:14", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2015:0767\n\n\nThe flac packages contain a decoder and an encoder for the FLAC (Free\nLossless Audio Codec) audio file format.\n\nA buffer overflow flaw was found in the way flac decoded FLAC audio files.\nAn attacker could create a specially crafted FLAC audio file that could\ncause an application using the flac library to crash or execute arbitrary\ncode when the file was read. (CVE-2014-9028)\n\nA buffer over-read flaw was found in the way flac processed certain ID3v2\nmetadata. An attacker could create a specially crafted FLAC audio file that\ncould cause an application using the flac library to crash when the file\nwas read. (CVE-2014-8962)\n\nAll flac users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdate, all applications linked against the flac library must be restarted\nfor this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-April/021045.html\nhttp://lists.centos.org/pipermail/centos-announce/2015-March/021008.html\n\n**Affected packages:**\nflac\nflac-devel\nflac-libs\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0767.html", "modified": "2015-04-01T04:28:23", "published": "2015-03-31T23:41:43", "href": "http://lists.centos.org/pipermail/centos-announce/2015-March/021008.html", "id": "CESA-2015:0767", "title": "flac security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:42", "bulletinFamily": "unix", "description": "A stack overflow and a heap overflow condition have been found in\nlibFLAC when parsing a maliciously crafted .flac file, which may result\nin arbitrary code execution.", "modified": "2014-11-26T00:00:00", "published": "2014-11-26T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2014-November/000155.html", "id": "ASA-201411-30", "title": "flac: arbitrary code execution", "type": "archlinux", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:23", "bulletinFamily": "unix", "description": "\nErik de Castro Lopo reports:\n\nGoogle Security Team member, Michele Spagnuolo, recently\n\t found two potential problems in the FLAC code base. They are:\n\nCVE-2014-9028: Heap buffer write overflow.\nCVE-2014-8962: Heap buffer read overflow.\n\n\n", "modified": "2015-07-15T00:00:00", "published": "2014-11-25T00:00:00", "id": "A33ADDF6-74E6-11E4-A615-F8B156B6DCC8", "href": "https://vuxml.freebsd.org/freebsd/a33addf6-74e6-11e4-a615-f8b156b6dcc8.html", "title": "flac -- Multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:41", "bulletinFamily": "unix", "description": "[1.3.0-5]\n- fix buffer overflow when processing ID3v2 metadata (CVE-2014-8962)\n- fix buffer overflow with invalid blocksize (CVE-2014-9028)", "modified": "2015-03-31T00:00:00", "published": "2015-03-31T00:00:00", "id": "ELSA-2015-0767", "href": "http://linux.oracle.com/errata/ELSA-2015-0767.html", "title": "flac security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:08", "bulletinFamily": "unix", "description": "### Background\n\nThe Free Lossless Audio Codec (FLAC) library is the reference implementation of the FLAC audio file format. \n\n### Description\n\nA stack-based buffer overflow flaw has been discovered in FLAC.\n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted .flac file using an application linked against FLAC, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll FLAC users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/flac-1.3.1-r1\"\n \n\nPackages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying these packages.", "modified": "2014-12-26T00:00:00", "published": "2014-12-26T00:00:00", "id": "GLSA-201412-40", "href": "https://security.gentoo.org/glsa/201412-40", "type": "gentoo", "title": "FLAC: User-assisted execution of arbitrary code", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "threatpost": [{"lastseen": "2019-11-21T12:16:22", "bulletinFamily": "info", "description": "Most people think if they keep their mobile apps updated to the latest version, they also are patching for critical vulnerabilities. Not so, said researchers from [Check Point Software](<https://www.checkpoint.com/pt/>), which discovered that outdated code\u2014including known vulnerabilities\u2014are still present in hundreds of popular apps on the Google Play Store, including Facebook, Instagram, WeChat and Yahoo Browser.\n\nIn a month-long study, Check Point Research cross-examined the latest versions of these and other high-profile mobile apps for three known remote control execution (RCE) vulnerabilities dating from 2014, 2015 and 2016, Check Point security researcher Slava Makkaveev revealed in research posted online Thursday.\n\nResearchers assigned each vulnerability two signatures, then ran a static engine to examine hundreds of mobile applications in Google\u2019s Play Store to see if old, vulnerable code was present in the latest version of the application.[](<https://threatpost.com/newsletter-sign/>)\n\nWhat they found may surprise many: critical vulnerabilities that app makers claim has been patched still existed in the latest versions of popular mobile applications, according to Makkaveev.\n\n\u201cJust three vulnerabilities, all fixed over two years ago, make hundreds of apps potentially vulnerable to remote code execution,\u201d he wrote. \u201cCan you imagine how many popular apps an attacker can target if he scans Google Play for a hundred known vulnerabilities?\u201d\n\nThe research proves that updates pushed out by apps manufacturers are not a failsafe to keeping mobile devices secure from threats, according to Check Point.\n\n\u201cTheoretically, threat actors can steal and alter posts on Facebook, extract location data from Instagram and read SMS messages in WeChat,\u201d Check Point said in an email to Threatpost.\n\nThe research is more bad news for Google, which [has struggled](<https://threatpost.com/malicious-app-tallies-100-million-downloads/147748/>) with keeping [bad apps](<https://threatpost.com/google-play-malicious-apps-racked-up-335m-installs-in-september/148810/>)\u2014some [impersonating legitimate ones](<https://threatpost.com/threatlist-fake-mobile-apps-impersonating-legit-ones/149505/>)\u2014from finding their way onto Google Play. Now users have to contend with legitimate apps containing malicious code even if they diligently keep them up to date.\n\nThe problem lies in very old code in the form of reusable components called native libraries that are still running on mobile apps and typically can\u2019t be fixed with an update, according to Check Point.\n\nPart of Check Point\u2019s research focused on three critical vulnerabilities; a FLAC audio codec bug (CVE-2014-8962), a FFmpeg RTMP video streaming flaw (CVE-2015-8271) and a FFmpeg libavformat media handling issue (CVE-2016-3062).\n\n\u201cJust three vulnerabilities, all fixed over two years ago, make hundreds of apps potentially vulnerable to remote code execution,\u201d researchers wrote.\n\nThis code is \u201coften derived from open-source projects or incorporate fragments of code from open-source projects,\u201d Makkaveev wrote. \u201cWhen a vulnerability is found and fixed in an open-source project, its maintainers typically have no control over the native libraries which may be affected by the vulnerability, nor the apps using these native libraries.\u201d\n\nIn this way, an app may keep using the outdated version of the code even years after the vulnerability is discovered and ostensibly fixed, he wrote.\n\n\u201cIt may be overstating matters a bit to declare such an app vulnerable, as its flow may never reach the affected library code, but it certainly warrants an in-depth investigation by the app maintainers,\u201d according to Makkaveev.\n\nCheck Point has informed the companies responsible for the applications that it found in its study were still vulnerable, including Google. For the time being, the security firm urges people to install an antivirus-app that monitors vulnerable apps on their mobile devices, the company said.\n\n_**Is MFA enough to protect modern enterprises in the peak era of data breaches? How can you truly secure consumer accounts? Prevent account takeover? Find out: Catch our free, on-demand **_[_**Threatpost webinar**_](<https://attendee.gotowebinar.com/register/3127445778613605890?source=post>)_**, \u201cTrends in Fortune 1000 Breach Exposure\u201d to hear advice from breach expert Chip Witt of SpyCloud. **_[_**Click here to register**_](<https://attendee.gotowebinar.com/register/3127445778613605890?source=post>)_**.**_\n", "modified": "2019-11-21T12:05:58", "published": "2019-11-21T12:05:58", "id": "THREATPOST:FAAEF5703152D189DDBD05F50F1B38CC", "href": "https://threatpost.com/popular-apps-on-google-play-store-remain-unpatched/150502/", "type": "threatpost", "title": "Popular Apps on Google Play Store Remain Unpatched", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}