ID OPENVAS:1361412562310873450 Type openvas Reporter Copyright (C) 2017 Greenbone Networks GmbH Modified 2017-09-29T00:00:00
Description
Check the version of mpg123
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_fedora_2017_172410ec92_mpg123_fc25.nasl 7318 2017-09-29 05:31:27Z asteins $
#
# Fedora Update for mpg123 FEDORA-2017-172410ec92
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.873450");
script_version("$Revision: 7318 $");
script_tag(name:"last_modification", value:"$Date: 2017-09-29 07:31:27 +0200 (Fri, 29 Sep 2017) $");
script_tag(name:"creation_date", value:"2017-09-28 09:15:24 +0200 (Thu, 28 Sep 2017)");
script_cve_id("CVE-2017-10683", "CVE-2017-11126", "CVE-2017-9545", "CVE-2017-12797");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_tag(name:"qod_type", value:"package");
script_name("Fedora Update for mpg123 FEDORA-2017-172410ec92");
script_tag(name: "summary", value: "Check the version of mpg123");
script_tag(name: "vuldetect", value: "Get the installed version with the help
of detect NVT and check if the version is vulnerable or not.");
script_tag(name: "insight", value: "Real time MPEG 1.0/2.0/2.5 audio player/decoder
for layers 1, 2 and 3 (most commonly MPEG 1.0 layer 3 aka MP3), as well as re-usable
decoding and output libraries.");
script_tag(name: "affected", value: "mpg123 on Fedora 25");
script_tag(name: "solution", value: "Please Install the Updated Packages.");
script_xref(name: "FEDORA", value: "2017-172410ec92");
script_xref(name: "URL" , value: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZHNBDN6LWCRTV7QEIMAIFPWWVHWIVKZ");
script_tag(name:"solution_type", value:"VendorFix");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2017 Greenbone Networks GmbH");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "FC25")
{
if ((res = isrpmvuln(pkg:"mpg123", rpm:"mpg123~1.25.6~1.fc25", rls:"FC25")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
{"id": "OPENVAS:1361412562310873450", "bulletinFamily": "scanner", "title": "Fedora Update for mpg123 FEDORA-2017-172410ec92", "description": "Check the version of mpg123", "published": "2017-09-28T00:00:00", "modified": "2017-09-29T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873450", "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "references": ["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZHNBDN6LWCRTV7QEIMAIFPWWVHWIVKZ", "2017-172410ec92"], "cvelist": ["CVE-2017-12797", "CVE-2017-9545", "CVE-2017-10683", "CVE-2017-11126"], "type": "openvas", "lastseen": "2018-09-01T23:41:43", "history": [{"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2017-12797", "CVE-2017-9545", "CVE-2017-10683", "CVE-2017-11126"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Check the version of mpg123", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "d35894ca1782fe4c036c8733c5c22da49aaa29ecf99eb6cbb5652349a159dd9e", "hashmap": [{"hash": "1b80047fc25e133e710f5dd7f80138f4", "key": "published"}, {"hash": "8ae23f3f39c3488d34710424a1557159", "key": "pluginID"}, {"hash": "a2323bbbec1269474bb5afba0147298f", "key": "reporter"}, {"hash": "a284430ed1321b9730ad1dc252286816", "key": "references"}, {"hash": "2d87df38a56cc4701b0432ecd321e813", "key": "cvelist"}, {"hash": "dd98ad34040dfeaf62cde087ce9eef2b", "key": "description"}, {"hash": "c213c21617b267c9eb9d2f48ea7211c5", "key": "href"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "ed3b727e375b57c87b120d03c6a7a8c9", "key": "title"}, {"hash": "f39c9a1fc49d164063fd20bd132aad9b", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "a4f45435fef806a7a378042f63ee9e95", "key": "modified"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873450", "id": "OPENVAS:1361412562310873450", "lastseen": "2018-08-30T19:19:08", "modified": "2017-09-29T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310873450", "published": "2017-09-28T00:00:00", "references": ["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZHNBDN6LWCRTV7QEIMAIFPWWVHWIVKZ", "2017-172410ec92"], "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_172410ec92_mpg123_fc25.nasl 7318 2017-09-29 05:31:27Z asteins $\n#\n# Fedora Update for mpg123 FEDORA-2017-172410ec92\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873450\");\n script_version(\"$Revision: 7318 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-09-29 07:31:27 +0200 (Fri, 29 Sep 2017) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-28 09:15:24 +0200 (Thu, 28 Sep 2017)\");\n script_cve_id(\"CVE-2017-10683\", \"CVE-2017-11126\", \"CVE-2017-9545\", \"CVE-2017-12797\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mpg123 FEDORA-2017-172410ec92\");\n script_tag(name: \"summary\", value: \"Check the version of mpg123\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help \nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Real time MPEG 1.0/2.0/2.5 audio player/decoder \nfor layers 1, 2 and 3 (most commonly MPEG 1.0 layer 3 aka MP3), as well as re-usable \ndecoding and output libraries.\");\n script_tag(name: \"affected\", value: \"mpg123 on Fedora 25\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"FEDORA\", value: \"2017-172410ec92\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZHNBDN6LWCRTV7QEIMAIFPWWVHWIVKZ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"mpg123\", rpm:\"mpg123~1.25.6~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "title": "Fedora Update for mpg123 FEDORA-2017-172410ec92", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-08-30T19:19:08"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2017-12797", "CVE-2017-9545", "CVE-2017-10683", "CVE-2017-11126"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "Check the version of mpg123", "edition": 1, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "395b2c00e4210811fcbb6096e0f8f2fa87d8d4d0614f86e0e62417f9e9de10b7", "hashmap": [{"hash": "1b80047fc25e133e710f5dd7f80138f4", "key": "published"}, {"hash": "8ae23f3f39c3488d34710424a1557159", "key": "pluginID"}, {"hash": "a2323bbbec1269474bb5afba0147298f", "key": "reporter"}, {"hash": "a284430ed1321b9730ad1dc252286816", "key": "references"}, {"hash": "2d87df38a56cc4701b0432ecd321e813", "key": "cvelist"}, {"hash": "dd98ad34040dfeaf62cde087ce9eef2b", "key": "description"}, {"hash": "c213c21617b267c9eb9d2f48ea7211c5", "key": "href"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "ed3b727e375b57c87b120d03c6a7a8c9", "key": "title"}, {"hash": "f39c9a1fc49d164063fd20bd132aad9b", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "a4f45435fef806a7a378042f63ee9e95", "key": "modified"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873450", "id": "OPENVAS:1361412562310873450", "lastseen": "2017-09-29T14:19:48", "modified": "2017-09-29T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310873450", "published": "2017-09-28T00:00:00", "references": ["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZHNBDN6LWCRTV7QEIMAIFPWWVHWIVKZ", "2017-172410ec92"], "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_172410ec92_mpg123_fc25.nasl 7318 2017-09-29 05:31:27Z asteins $\n#\n# Fedora Update for mpg123 FEDORA-2017-172410ec92\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873450\");\n script_version(\"$Revision: 7318 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-09-29 07:31:27 +0200 (Fri, 29 Sep 2017) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-28 09:15:24 +0200 (Thu, 28 Sep 2017)\");\n script_cve_id(\"CVE-2017-10683\", \"CVE-2017-11126\", \"CVE-2017-9545\", \"CVE-2017-12797\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mpg123 FEDORA-2017-172410ec92\");\n script_tag(name: \"summary\", value: \"Check the version of mpg123\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help \nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Real time MPEG 1.0/2.0/2.5 audio player/decoder \nfor layers 1, 2 and 3 (most commonly MPEG 1.0 layer 3 aka MP3), as well as re-usable \ndecoding and output libraries.\");\n script_tag(name: \"affected\", value: \"mpg123 on Fedora 25\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"FEDORA\", value: \"2017-172410ec92\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZHNBDN6LWCRTV7QEIMAIFPWWVHWIVKZ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"mpg123\", rpm:\"mpg123~1.25.6~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "title": "Fedora Update for mpg123 FEDORA-2017-172410ec92", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2017-09-29T14:19:48"}], "edition": 3, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "2d87df38a56cc4701b0432ecd321e813"}, {"key": "cvss", "hash": "84813b1457b92d6ba1174abffbb83a2f"}, {"key": "description", "hash": "dd98ad34040dfeaf62cde087ce9eef2b"}, {"key": "href", "hash": "c213c21617b267c9eb9d2f48ea7211c5"}, {"key": "modified", "hash": "a4f45435fef806a7a378042f63ee9e95"}, {"key": "naslFamily", "hash": "be931514784f88df80712740ad2723e7"}, {"key": "pluginID", "hash": "8ae23f3f39c3488d34710424a1557159"}, {"key": "published", "hash": "1b80047fc25e133e710f5dd7f80138f4"}, {"key": "references", "hash": "a284430ed1321b9730ad1dc252286816"}, {"key": "reporter", "hash": "a2323bbbec1269474bb5afba0147298f"}, {"key": "sourceData", "hash": "f39c9a1fc49d164063fd20bd132aad9b"}, {"key": "title", "hash": "ed3b727e375b57c87b120d03c6a7a8c9"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "395b2c00e4210811fcbb6096e0f8f2fa87d8d4d0614f86e0e62417f9e9de10b7", "viewCount": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_172410ec92_mpg123_fc25.nasl 7318 2017-09-29 05:31:27Z asteins $\n#\n# Fedora Update for mpg123 FEDORA-2017-172410ec92\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873450\");\n script_version(\"$Revision: 7318 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-09-29 07:31:27 +0200 (Fri, 29 Sep 2017) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-28 09:15:24 +0200 (Thu, 28 Sep 2017)\");\n script_cve_id(\"CVE-2017-10683\", \"CVE-2017-11126\", \"CVE-2017-9545\", \"CVE-2017-12797\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mpg123 FEDORA-2017-172410ec92\");\n script_tag(name: \"summary\", value: \"Check the version of mpg123\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help \nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Real time MPEG 1.0/2.0/2.5 audio player/decoder \nfor layers 1, 2 and 3 (most commonly MPEG 1.0 layer 3 aka MP3), as well as re-usable \ndecoding and output libraries.\");\n script_tag(name: \"affected\", value: \"mpg123 on Fedora 25\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"FEDORA\", value: \"2017-172410ec92\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZHNBDN6LWCRTV7QEIMAIFPWWVHWIVKZ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"mpg123\", rpm:\"mpg123~1.25.6~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks", "pluginID": "1361412562310873450"}
{"cve": [{"lastseen": "2017-08-10T10:43:46", "references": ["http://seclists.org/fulldisclosure/2017/Jul/65"], "description": "The next_text function in src/libmpg123/id3.c in mpg123 1.24.0 allows remote attackers to cause a denial of service (buffer over-read) via a crafted mp3 file.", "edition": 2, "reporter": "NVD", "published": "2017-07-27T02:29:00", "title": "CVE-2017-9545", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2017-9545"], "scanner": [], "cpe": ["cpe:/a:mpg123:mpg123:1.24.0"], "modified": "2017-08-09T15:35:34", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9545", "id": "CVE-2017-9545", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-14T10:49:00", "references": ["https://blogs.gentoo.org/ago/2017/07/03/mpg123-global-buffer-overflow-in-iii_i_stereo-layer3-c/", "http://openwall.com/lists/oss-security/2017/07/10/4"], "description": "The III_i_stereo function in libmpg123/layer3.c in mpg123 through 1.25.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the \"block_type != 2\" case, a similar issue to CVE-2017-9870.", "edition": 3, "reporter": "NVD", "published": "2017-07-09T23:29:00", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "title": "CVE-2017-11126", "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2017-11126"], "scanner": [], "cpe": ["cpe:/a:mpg123:mpg123:1.25.1"], "modified": "2017-07-13T08:56:36", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11126", "id": "CVE-2017-11126", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-06T02:16:47", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1465819"], "description": "In mpg123 1.25.0, there is a heap-based buffer over-read in the convert_latin1 function in libmpg123/id3.c. A crafted input will lead to a remote denial of service attack.", "edition": 2, "reporter": "NVD", "published": "2017-06-29T19:29:00", "title": "CVE-2017-10683", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2017-10683"], "scanner": [], "cpe": ["cpe:/a:mpg123_project:mpg123:1.25.0"], "modified": "2017-07-05T11:35:40", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10683", "id": "CVE-2017-10683", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-09-07T12:06:26", "references": ["https://sourceforge.net/p/mpg123/bugs/254/", "https://sourceforge.net/p/mpg123/mailman/message/35987663/"], "description": "Integer overflow in the INT123_parse_new_id3 function in the ID3 parser in mpg123 before 1.25.5 on 32-bit platforms allows remote attackers to cause a denial of service via a crafted file, which triggers a heap-based buffer overflow.", "edition": 2, "reporter": "NVD", "published": "2017-08-29T11:29:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "title": "CVE-2017-12797", "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2017-12797"], "scanner": [], "cpe": ["cpe:/a:mpg123:mpg123:1.25.4::~~~~x86~"], "modified": "2017-09-06T15:24:50", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12797", "id": "CVE-2017-12797", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-09-01T23:43:46", "references": ["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B66YFWMEQIKVZJIZU5FOUVNGUJWNV23V", "2017-c89d94d812"], "pluginID": "1361412562310873442", "description": "Check the version of mpg123", "edition": 5, "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "published": "2017-09-21T00:00:00", "title": "Fedora Update for mpg123 FEDORA-2017-c89d94d812", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12797", "CVE-2017-9545", "CVE-2017-10683", "CVE-2017-11126"], "modified": "2017-10-27T00:00:00", "id": "OPENVAS:1361412562310873442", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873442", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_c89d94d812_mpg123_fc26.nasl 7593 2017-10-27 10:22:01Z cfischer $\n#\n# Fedora Update for mpg123 FEDORA-2017-c89d94d812\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873442\");\n script_version(\"$Revision: 7593 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-10-27 12:22:01 +0200 (Fri, 27 Oct 2017) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-21 07:36:51 +0200 (Thu, 21 Sep 2017)\");\n script_cve_id(\"CVE-2017-10683\", \"CVE-2017-11126\", \"CVE-2017-9545\", \"CVE-2017-12797\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mpg123 FEDORA-2017-c89d94d812\");\n script_tag(name: \"summary\", value: \"Check the version of mpg123\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Real time MPEG 1.0/2.0/2.5 audio player/decoder for layers 1, 2 and 3 (most\ncommonly MPEG 1.0 layer 3 aka MP3), as well as re-usable decoding and output\nlibraries.\n\");\n script_tag(name: \"affected\", value: \"mpg123 on Fedora 26\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"FEDORA\", value: \"2017-c89d94d812\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B66YFWMEQIKVZJIZU5FOUVNGUJWNV23V\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"mpg123\", rpm:\"mpg123~1.25.6~1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:39:43", "references": ["https://lists.debian.org/debian-lts-announce/2017/07/msg00009.html"], "pluginID": "1361412562310891017", "description": "It was discovered that there was a remote denial of service vulnerability in\nthe mpg123 audio library/player. This was caused by a heap-based buffer\nover-read in the ", "edition": 7, "reporter": "Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net", "published": "2018-02-05T00:00:00", "title": "Debian LTS Advisory ([SECURITY] [DLA 1017-1] mpg123 security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-10683"], "modified": "2018-07-10T00:00:00", "id": "OPENVAS:1361412562310891017", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891017", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_dla_1017.nasl 10474 2018-07-10 08:12:26Z cfischer $\n#\n# Auto-generated from advisory DLA 1017-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891017\");\n script_version(\"$Revision: 10474 $\");\n script_cve_id(\"CVE-2017-10683\");\n script_name(\"Debian LTS Advisory ([SECURITY] [DLA 1017-1] mpg123 security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-07-10 10:12:26 +0200 (Tue, 10 Jul 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-02-05 00:00:00 +0100 (Mon, 05 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/07/msg00009.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\\.[0-9]+\");\n script_tag(name:\"affected\", value:\"mpg123 on Debian Linux\");\n script_tag(name:\"insight\", value:\"mpg123 is a real time MPEG 1.0/2.0/2.5 audio player/decoder for layers\n1, 2 and 3 (MPEG 1.0 layer 3 also known as MP3).\");\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', this issue has been fixed in mpg123 version\n1.14.4-1+deb7u2.\n\nWe recommend that you upgrade your mpg123 packages.\");\n script_tag(name:\"summary\", value:\"It was discovered that there was a remote denial of service vulnerability in\nthe mpg123 audio library/player. This was caused by a heap-based buffer\nover-read in the 'convert_latin1' function.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libmpg123-0\", ver:\"1.14.4-1+deb7u2\", rls_regex:\"DEB7\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmpg123-dev\", ver:\"1.14.4-1+deb7u2\", rls_regex:\"DEB7\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mpg123\", ver:\"1.14.4-1+deb7u2\", rls_regex:\"DEB7\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-09-02T00:05:24", "references": ["https://packages.debian.org/source/wheezy/mpg123", "https://lists.debian.org/debian-lts-announce/2017/07/msg00009.html"], "pluginID": "101318", "description": "It was discovered that there was a remote denial of service vulnerability in the mpg123 audio library/player. This was caused by a heap-based buffer over-read in the 'convert_latin1' function.\n\nFor Debian 7 'Wheezy', this issue has been fixed in mpg123 version 1.14.4-1+deb7u2.\n\nWe recommend that you upgrade your mpg123 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 8, "reporter": "Tenable", "published": "2017-07-10T00:00:00", "title": "Debian DLA-1017-1 : mpg123 security update", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-10683"], "modified": "2018-07-09T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libmpg123-dev", "p-cpe:/a:debian:debian_linux:mpg123", "p-cpe:/a:debian:debian_linux:libmpg123-0", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1017.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=101318", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1017-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101318);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2018/07/09 12:26:57\");\n\n script_cve_id(\"CVE-2017-10683\");\n\n script_name(english:\"Debian DLA-1017-1 : mpg123 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that there was a remote denial of service\nvulnerability in the mpg123 audio library/player. This was caused by a\nheap-based buffer over-read in the 'convert_latin1' function.\n\nFor Debian 7 'Wheezy', this issue has been fixed in mpg123 version\n1.14.4-1+deb7u2.\n\nWe recommend that you upgrade your mpg123 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/07/msg00009.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/mpg123\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected libmpg123-0, libmpg123-dev, and mpg123 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmpg123-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmpg123-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mpg123\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libmpg123-0\", reference:\"1.14.4-1+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmpg123-dev\", reference:\"1.14.4-1+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mpg123\", reference:\"1.14.4-1+deb7u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:40:58", "references": ["https://bodhi.fedoraproject.org/updates/FEDORA-2017-12794057a6"], "pluginID": "105818", "description": "Update to upstream release 1.25.6\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2018-01-15T00:00:00", "title": "Fedora 27 : mpg123 (2017-12794057a6)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-10683"], "modified": "2018-02-01T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:27", "p-cpe:/a:fedoraproject:fedora:mpg123"], "id": "FEDORA_2017-12794057A6.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=105818", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-12794057a6.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105818);\n script_version(\"$Revision: 3.2 $\");\n script_cvs_date(\"$Date: 2018/02/01 15:56:51 $\");\n\n script_cve_id(\"CVE-2017-10683\");\n script_xref(name:\"FEDORA\", value:\"2017-12794057a6\");\n\n script_name(english:\"Fedora 27 : mpg123 (2017-12794057a6)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to upstream release 1.25.6\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-12794057a6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mpg123 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mpg123\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"mpg123-1.25.6-1.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mpg123\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:47:39", "references": ["https://bodhi.fedoraproject.org/updates/FEDORA-2017-172410ec92"], "pluginID": "103540", "description": "Update to upstream release 1.25.6\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2017-09-29T00:00:00", "title": "Fedora 25 : mpg123 (2017-172410ec92)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-10683"], "modified": "2018-02-01T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:25", "p-cpe:/a:fedoraproject:fedora:mpg123"], "id": "FEDORA_2017-172410EC92.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=103540", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-172410ec92.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103540);\n script_version(\"$Revision: 3.2 $\");\n script_cvs_date(\"$Date: 2018/02/01 15:56:51 $\");\n\n script_cve_id(\"CVE-2017-10683\");\n script_xref(name:\"FEDORA\", value:\"2017-172410ec92\");\n\n script_name(english:\"Fedora 25 : mpg123 (2017-172410ec92)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to upstream release 1.25.6\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-172410ec92\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mpg123 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mpg123\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"mpg123-1.25.6-1.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mpg123\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:35:59", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=1046766"], "pluginID": "103763", "description": "This update for mpg123 to version 1.25.7 fixes the following issues :\n\n - CVE-2017-10683: Improvement over previous fix for xrpnt overflow problems (boo#1046766)\n\nThe following changes are also included in version 1.25.7 :\n\n - Do not play with cursor and inverse video for progress bar when TERM=dumb\n\n - Fix parsing of host port for numerical IPv6 addresses", "edition": 5, "reporter": "Tenable", "published": "2017-10-11T00:00:00", "title": "openSUSE Security Update : mpg123 (openSUSE-2017-1139)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-10683"], "modified": "2018-01-26T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mpg123", "p-cpe:/a:novell:opensuse:mpg123-pulse-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mpg123-devel", "p-cpe:/a:novell:opensuse:mpg123-sdl-32bit", "p-cpe:/a:novell:opensuse:mpg123-portaudio", "p-cpe:/a:novell:opensuse:libmpg123-0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mpg123-esound-32bit", "p-cpe:/a:novell:opensuse:mpg123-sdl-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmpg123-0", "p-cpe:/a:novell:opensuse:mpg123-openal", "p-cpe:/a:novell:opensuse:mpg123-portaudio-32bit", "p-cpe:/a:novell:opensuse:mpg123-esound-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mpg123-debuginfo", "p-cpe:/a:novell:opensuse:mpg123-pulse", "p-cpe:/a:novell:opensuse:libmpg123-0-debuginfo", "p-cpe:/a:novell:opensuse:mpg123-esound", "p-cpe:/a:novell:opensuse:mpg123-jack-32bit", "p-cpe:/a:novell:opensuse:mpg123-openal-debuginfo", "p-cpe:/a:novell:opensuse:libout123-0-debuginfo", "p-cpe:/a:novell:opensuse:mpg123-portaudio-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mpg123-sdl", "p-cpe:/a:novell:opensuse:mpg123-devel-32bit", "p-cpe:/a:novell:opensuse:mpg123-portaudio-debuginfo", "p-cpe:/a:novell:opensuse:mpg123-pulse-32bit", "p-cpe:/a:novell:opensuse:mpg123-openal-32bit", "cpe:/o:novell:opensuse:42.3", "p-cpe:/a:novell:opensuse:mpg123-debugsource", "p-cpe:/a:novell:opensuse:mpg123-openal-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mpg123-sdl-debuginfo", "p-cpe:/a:novell:opensuse:libout123-0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmpg123-0-32bit", "p-cpe:/a:novell:opensuse:libout123-0-32bit", "p-cpe:/a:novell:opensuse:mpg123-jack-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mpg123-jack", "p-cpe:/a:novell:opensuse:libout123-0", "p-cpe:/a:novell:opensuse:mpg123-esound-debuginfo", "p-cpe:/a:novell:opensuse:mpg123-pulse-debuginfo", "p-cpe:/a:novell:opensuse:mpg123-jack-debuginfo"], "id": "OPENSUSE-2017-1139.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=103763", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1139.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103763);\n script_version(\"$Revision: 3.2 $\");\n script_cvs_date(\"$Date: 2018/01/26 17:32:51 $\");\n\n script_cve_id(\"CVE-2017-10683\");\n\n script_name(english:\"openSUSE Security Update : mpg123 (openSUSE-2017-1139)\");\n script_summary(english:\"Check for the openSUSE-2017-1139 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for mpg123 to version 1.25.7 fixes the following issues :\n\n - CVE-2017-10683: Improvement over previous fix for xrpnt\n overflow problems (boo#1046766)\n\nThe following changes are also included in version 1.25.7 :\n\n - Do not play with cursor and inverse video for progress\n bar when TERM=dumb\n\n - Fix parsing of host port for numerical IPv6 addresses\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1046766\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mpg123 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmpg123-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmpg123-0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmpg123-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmpg123-0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libout123-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libout123-0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libout123-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libout123-0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-esound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-esound-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-esound-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-esound-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-jack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-jack-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-jack-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-jack-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-openal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-openal-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-openal-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-openal-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-portaudio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-portaudio-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-portaudio-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-portaudio-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-pulse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-pulse-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-pulse-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-pulse-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-sdl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-sdl-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-sdl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-sdl-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmpg123-0-1.25.7-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmpg123-0-debuginfo-1.25.7-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libout123-0-1.25.7-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libout123-0-debuginfo-1.25.7-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mpg123-1.25.7-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mpg123-debuginfo-1.25.7-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mpg123-debugsource-1.25.7-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mpg123-devel-1.25.7-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mpg123-esound-1.25.7-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mpg123-esound-debuginfo-1.25.7-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mpg123-jack-1.25.7-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mpg123-jack-debuginfo-1.25.7-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mpg123-openal-1.25.7-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mpg123-openal-debuginfo-1.25.7-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mpg123-portaudio-1.25.7-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mpg123-portaudio-debuginfo-1.25.7-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mpg123-pulse-1.25.7-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mpg123-pulse-debuginfo-1.25.7-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mpg123-sdl-1.25.7-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mpg123-sdl-debuginfo-1.25.7-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libmpg123-0-32bit-1.25.7-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libmpg123-0-debuginfo-32bit-1.25.7-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libout123-0-32bit-1.25.7-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libout123-0-debuginfo-32bit-1.25.7-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"mpg123-devel-32bit-1.25.7-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"mpg123-esound-32bit-1.25.7-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"mpg123-esound-debuginfo-32bit-1.25.7-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"mpg123-jack-32bit-1.25.7-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"mpg123-jack-debuginfo-32bit-1.25.7-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"mpg123-openal-32bit-1.25.7-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"mpg123-openal-debuginfo-32bit-1.25.7-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"mpg123-portaudio-32bit-1.25.7-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"mpg123-portaudio-debuginfo-32bit-1.25.7-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"mpg123-pulse-32bit-1.25.7-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"mpg123-pulse-debuginfo-32bit-1.25.7-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"mpg123-sdl-32bit-1.25.7-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"mpg123-sdl-debuginfo-32bit-1.25.7-10.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmpg123-0 / libmpg123-0-32bit / libmpg123-0-debuginfo / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:36:17", "references": ["https://bodhi.fedoraproject.org/updates/FEDORA-2017-c89d94d812"], "pluginID": "103366", "description": "Update to upstream release 1.25.6\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2017-09-21T00:00:00", "title": "Fedora 26 : mpg123 (2017-c89d94d812)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-10683"], "modified": "2018-02-02T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mpg123", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-C89D94D812.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=103366", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-c89d94d812.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103366);\n script_version(\"$Revision: 3.2 $\");\n script_cvs_date(\"$Date: 2018/02/02 14:59:05 $\");\n\n script_cve_id(\"CVE-2017-10683\");\n script_xref(name:\"FEDORA\", value:\"2017-c89d94d812\");\n\n script_name(english:\"Fedora 26 : mpg123 (2017-c89d94d812)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to upstream release 1.25.6\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-c89d94d812\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mpg123 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mpg123\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"mpg123-1.25.6-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mpg123\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:01:08", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=1056999"], "pluginID": "103203", "description": "This update for mpg123 fixes the following issues :\n\n - Update to version 1.25.6\n\n - Hotfix for bug 255: Overflow reading frame data bits in layer II decoding. Now, all-zero data is returned if the frame data is exhausted. This might have a slight impact on performance, but not easily measurable so far.\n\n - Update to version 1.25.5\n\n - Avoid another buffer read overflow in the ID3 parser on 32 bit platforms (bug 254). (CVE-2017-12797/boo#1056999)\n\n - Update to version 1.25.4 libmpg123 :\n\n - Prevent harmless call to memcpy(NULL, NULL, 0).\n\n - More early checking of ID3v2 encoding values to avoid bogus text being stored.", "edition": 5, "reporter": "Tenable", "published": "2017-09-14T00:00:00", "title": "openSUSE Security Update : mpg123 (openSUSE-2017-1035)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12797"], "modified": "2018-01-26T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mpg123", "p-cpe:/a:novell:opensuse:mpg123-pulse-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mpg123-devel", "p-cpe:/a:novell:opensuse:mpg123-sdl-32bit", "p-cpe:/a:novell:opensuse:mpg123-portaudio", "p-cpe:/a:novell:opensuse:libmpg123-0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mpg123-esound-32bit", "p-cpe:/a:novell:opensuse:mpg123-sdl-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmpg123-0", "p-cpe:/a:novell:opensuse:mpg123-openal", "p-cpe:/a:novell:opensuse:mpg123-portaudio-32bit", "p-cpe:/a:novell:opensuse:mpg123-esound-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mpg123-debuginfo", "p-cpe:/a:novell:opensuse:mpg123-pulse", "p-cpe:/a:novell:opensuse:libmpg123-0-debuginfo", "p-cpe:/a:novell:opensuse:mpg123-esound", "p-cpe:/a:novell:opensuse:mpg123-jack-32bit", "p-cpe:/a:novell:opensuse:mpg123-openal-debuginfo", "p-cpe:/a:novell:opensuse:libout123-0-debuginfo", "p-cpe:/a:novell:opensuse:mpg123-portaudio-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mpg123-sdl", "p-cpe:/a:novell:opensuse:mpg123-devel-32bit", "p-cpe:/a:novell:opensuse:mpg123-portaudio-debuginfo", "p-cpe:/a:novell:opensuse:mpg123-pulse-32bit", "p-cpe:/a:novell:opensuse:mpg123-openal-32bit", "cpe:/o:novell:opensuse:42.3", "p-cpe:/a:novell:opensuse:mpg123-debugsource", "p-cpe:/a:novell:opensuse:mpg123-openal-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mpg123-sdl-debuginfo", "p-cpe:/a:novell:opensuse:libout123-0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmpg123-0-32bit", "p-cpe:/a:novell:opensuse:libout123-0-32bit", "p-cpe:/a:novell:opensuse:mpg123-jack-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mpg123-jack", "p-cpe:/a:novell:opensuse:libout123-0", "p-cpe:/a:novell:opensuse:mpg123-esound-debuginfo", "p-cpe:/a:novell:opensuse:mpg123-pulse-debuginfo", "p-cpe:/a:novell:opensuse:mpg123-jack-debuginfo"], "id": "OPENSUSE-2017-1035.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=103203", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1035.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103203);\n script_version(\"$Revision: 3.2 $\");\n script_cvs_date(\"$Date: 2018/01/26 17:15:59 $\");\n\n script_cve_id(\"CVE-2017-12797\");\n\n script_name(english:\"openSUSE Security Update : mpg123 (openSUSE-2017-1035)\");\n script_summary(english:\"Check for the openSUSE-2017-1035 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for mpg123 fixes the following issues :\n\n - Update to version 1.25.6\n\n - Hotfix for bug 255: Overflow reading frame data bits in\n layer II decoding. Now, all-zero data is returned if the\n frame data is exhausted. This might have a slight impact\n on performance, but not easily measurable so far.\n\n - Update to version 1.25.5\n\n - Avoid another buffer read overflow in the ID3 parser on\n 32 bit platforms (bug 254). (CVE-2017-12797/boo#1056999)\n\n - Update to version 1.25.4 libmpg123 :\n\n - Prevent harmless call to memcpy(NULL, NULL, 0).\n\n - More early checking of ID3v2 encoding values to avoid\n bogus text being stored.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056999\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mpg123 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmpg123-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmpg123-0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmpg123-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmpg123-0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libout123-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libout123-0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libout123-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libout123-0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-esound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-esound-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-esound-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-esound-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-jack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-jack-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-jack-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-jack-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-openal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-openal-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-openal-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-openal-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-portaudio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-portaudio-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-portaudio-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-portaudio-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-pulse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-pulse-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-pulse-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-pulse-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-sdl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-sdl-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-sdl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mpg123-sdl-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmpg123-0-1.25.6-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmpg123-0-debuginfo-1.25.6-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libout123-0-1.25.6-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libout123-0-debuginfo-1.25.6-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mpg123-1.25.6-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mpg123-debuginfo-1.25.6-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mpg123-debugsource-1.25.6-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mpg123-devel-1.25.6-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mpg123-esound-1.25.6-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mpg123-esound-debuginfo-1.25.6-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mpg123-jack-1.25.6-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mpg123-jack-debuginfo-1.25.6-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mpg123-openal-1.25.6-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mpg123-openal-debuginfo-1.25.6-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mpg123-portaudio-1.25.6-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mpg123-portaudio-debuginfo-1.25.6-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mpg123-pulse-1.25.6-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mpg123-pulse-debuginfo-1.25.6-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mpg123-sdl-1.25.6-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"mpg123-sdl-debuginfo-1.25.6-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libmpg123-0-32bit-1.25.6-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libmpg123-0-debuginfo-32bit-1.25.6-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libout123-0-32bit-1.25.6-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libout123-0-debuginfo-32bit-1.25.6-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"mpg123-devel-32bit-1.25.6-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"mpg123-esound-32bit-1.25.6-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"mpg123-esound-debuginfo-32bit-1.25.6-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"mpg123-jack-32bit-1.25.6-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"mpg123-jack-debuginfo-32bit-1.25.6-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"mpg123-openal-32bit-1.25.6-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"mpg123-openal-debuginfo-32bit-1.25.6-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"mpg123-portaudio-32bit-1.25.6-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"mpg123-portaudio-debuginfo-32bit-1.25.6-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"mpg123-pulse-32bit-1.25.6-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"mpg123-pulse-debuginfo-32bit-1.25.6-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"mpg123-sdl-32bit-1.25.6-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"mpg123-sdl-debuginfo-32bit-1.25.6-7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmpg123-0 / libmpg123-0-32bit / libmpg123-0-debuginfo / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-18T13:50:03", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "7", "packageVersion": "1.14.4-1+deb7u2", "arch": "all", "packageFilename": "mpg123_1.14.4-1+deb7u2_all.deb", "packageName": "mpg123", "operator": "lt"}], "description": "Package : mpg123\nVersion : 1.14.4-1+deb7u2\nCVE ID : CVE-2017-10683\nDebian Bug : #866860\n\nIt was discovered that there was a remote denial of service vulnerability in\nthe mpg123 audio library/player. This was caused by a heap-based buffer\nover-read in the "convert_latin1" function.\n\nFor Debian 7 "Wheezy", this issue has been fixed in mpg123 version\n1.14.4-1+deb7u2.\n\nWe recommend that you upgrade your mpg123 packages.\n\n\nRegards,\n\n- -- \n ,''`.\n : :' : Chris Lamb\n `. `'` lamby@debian.org / chris-lamb.co.uk\n `-\n\n", "edition": 2, "reporter": "Debian", "published": "2017-07-08T08:58:32", "title": "[SECURITY] [DLA 1017-1] mpg123 security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-18T13:50:03", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-10683"], "modified": "2017-07-08T08:58:32", "id": "DEBIAN:DLA-1017-1:73A7E", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201707/msg00009.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}]}
