Fix xemacs multiple image file buffer overflows and font issue
Reporter | Title | Published | Views | Family All 27 |
---|---|---|---|---|
Tenable Nessus | RHEL 4 : xemacs (Unpatched Vulnerability) | 3 Jun 202400:00 | – | nessus |
Tenable Nessus | Fedora 10 : xemacs-21.5.28-10.fc10 (2009-8997) | 4 Sep 200900:00 | – | nessus |
Tenable Nessus | openSUSE Security Update : xemacs (xemacs-1182) | 27 Aug 200900:00 | – | nessus |
Tenable Nessus | openSUSE Security Update : xemacs (xemacs-1182) | 27 Aug 200900:00 | – | nessus |
Tenable Nessus | openSUSE 10 Security Update : xemacs (xemacs-6412) | 6 Oct 200900:00 | – | nessus |
Tenable Nessus | GLSA-201006-15 : XEmacs: User-assisted execution of arbitrary code | 4 Jun 201000:00 | – | nessus |
Tenable Nessus | SuSE 11 Security Update : XEmacs (SAT Patch Number 1183) | 24 Sep 200900:00 | – | nessus |
Tenable Nessus | SuSE 10 Security Update : XEmacs (ZYPP Patch Number 6413) | 27 Jan 201100:00 | – | nessus |
Tenable Nessus | Fedora 11 : xemacs-21.5.29-2.fc11 (2009-8993) | 4 Sep 200900:00 | – | nessus |
Fedora | [SECURITY] Fedora 11 Update: xemacs-21.5.29-2.fc11 | 4 Sep 200904:07 | – | fedora |
Source | Link |
---|---|
bugzilla | www.bugzilla.redhat.com/show_bug.cgi |
# OpenVAS Vulnerability Test
# $Id: fcore_2009_8993.nasl 6624 2017-07-10 06:11:55Z cfischer $
# Description: Auto-generated from advisory FEDORA-2009-8993 (xemacs)
#
# Authors:
# Thomas Reinke <[email protected]>
#
# Copyright:
# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# or at your option, GNU General Public License version 3,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
include("revisions-lib.inc");
tag_insight = "Update Information:
This update fixes multiple buffer overflows when reading large image files, or
maliciously created image files whose headers misrepresent the actual image
size.
The update also addresses multiple font issues, some of which cause
warnings on startup. Some warnings remain, however, unless an ISO8859-13 fonts
(e.g., terminus) is installed. Also note that some warnings remain on Rawhide
pending a resolution for bz 507637.
ChangeLog:
* Mon Aug 24 2009 Jerry James - 21.5.29-2
- Fix image overflow bug (CVE-2009-2688).
- Fix calling xft-font-create-object in non-Xft builds (#512623).
- Rebase patches to eliminate fuzz/offsets.";
tag_solution = "Apply the appropriate updates.
This update can be installed with the yum update program. Use
su -c 'yum update xemacs' at the command line.
For more information, refer to Managing Software with yum,
available at http://docs.fedoraproject.org/yum/.
https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8993";
tag_summary = "The remote host is missing an update to xemacs
announced via advisory FEDORA-2009-8993.";
if(description)
{
script_id(64817);
script_version("$Revision: 6624 $");
script_tag(name:"last_modification", value:"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $");
script_tag(name:"creation_date", value:"2009-09-09 02:15:49 +0200 (Wed, 09 Sep 2009)");
script_cve_id("CVE-2009-2688");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_name("Fedora Core 11 FEDORA-2009-8993 (xemacs)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms");
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name : "URL" , value : "https://bugzilla.redhat.com/show_bug.cgi?id=511994");
exit(0);
}
#
# The script code starts here
#
include("pkg-lib-rpm.inc");
res = "";
report = "";
if ((res = isrpmvuln(pkg:"xemacs", rpm:"xemacs~21.5.29~2.fc11", rls:"FC11")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"xemacs-common", rpm:"xemacs-common~21.5.29~2.fc11", rls:"FC11")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"xemacs-devel", rpm:"xemacs-devel~21.5.29~2.fc11", rls:"FC11")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"xemacs-el", rpm:"xemacs-el~21.5.29~2.fc11", rls:"FC11")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"xemacs-nox", rpm:"xemacs-nox~21.5.29~2.fc11", rls:"FC11")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"xemacs-debuginfo", rpm:"xemacs-debuginfo~21.5.29~2.fc11", rls:"FC11")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"xemacs-info", rpm:"xemacs-info~21.5.29~2.fc11", rls:"FC11")) != NULL) {
report += res;
}
if (report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99); # Not vulnerable.
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo