Search...

Slackware Advisory SSA:2011-041-03 httpd

2012-09-11T00:00:00

ID OPENVAS:68922
Type openvas
Reporter Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
Modified 2017-07-07T00:00:00

Description

The remote host is missing an update as announced via advisory SSA:2011-041-03.

                                        
                                            # OpenVAS Vulnerability Test
# $Id: esoft_slk_ssa_2011_041_03.nasl 6598 2017-07-07 09:36:44Z cfischer $
# Description: Auto-generated from the corresponding slackware advisory
#
# Authors:
# Thomas Reinke &lt;reinke@securityspace.com&gt;
#
# Copyright:
# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# or at your option, GNU General Public License version 3,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

include("revisions-lib.inc");
tag_insight = "New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,
and -current to fix security issues.";
tag_summary = "The remote host is missing an update as announced
via advisory SSA:2011-041-03.";

tag_solution = "https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2011-041-03";
                                                                                
if(description)
{
 script_id(68922);
 script_tag(name:"creation_date", value:"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)");
 script_tag(name:"last_modification", value:"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $");
 script_cve_id("CVE-2009-3560", "CVE-2009-3720", "CVE-2010-1623");
 script_tag(name:"cvss_base", value:"5.0");
 script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
 script_version("$Revision: 6598 $");
 script_name("Slackware Advisory SSA:2011-041-03 httpd ");



 script_category(ACT_GATHER_INFO);

 script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
 script_family("Slackware Local Security Checks");
 script_dependencies("gather-package-list.nasl");
 script_mandatory_keys("ssh/login/slackware_linux", "ssh/login/slackpack");
 script_tag(name : "solution" , value : tag_solution);
 script_tag(name : "insight" , value : tag_insight);
 script_tag(name : "summary" , value : tag_summary);
 script_tag(name:"qod_type", value:"package");
 script_tag(name:"solution_type", value:"VendorFix");
 exit(0);
}

#
# The script code starts here
#

include("pkg-lib-slack.inc");
vuln = 0;
if(isslkpkgvuln(pkg:"httpd", ver:"2.2.17-i486-1_slack12.0", rls:"SLK12.0")) {
    vuln = 1;
}
if(isslkpkgvuln(pkg:"httpd", ver:"2.2.17-i486-1_slack12.1", rls:"SLK12.1")) {
    vuln = 1;
}
if(isslkpkgvuln(pkg:"httpd", ver:"2.2.17-i486-1_slack12.2", rls:"SLK12.2")) {
    vuln = 1;
}
if(isslkpkgvuln(pkg:"httpd", ver:"2.2.17-i486-1_slack13.0", rls:"SLK13.0")) {
    vuln = 1;
}
if(isslkpkgvuln(pkg:"httpd", ver:"2.2.17-i486-1_slack13.1", rls:"SLK13.1")) {
    vuln = 1;
}

if(vuln) {
    security_message(0);
} else if (__pkg_match) {
    exit(99); # Not vulnerable.
}

JSON Vulners Source

Initial Source

{"href": "http://plugins.openvas.org/nasl.php?oid=68922", "history": [{"lastseen": "2017-07-02T21:10:29", "differentElements": ["modified", "sourceData"], "edition": 1, "bulletin": {"href": "http://plugins.openvas.org/nasl.php?oid=68922", "history": [], "naslFamily": "Slackware Local Security Checks", "id": "OPENVAS:68922", "title": "Slackware Advisory SSA:2011-041-03 httpd ", "description": "The remote host is missing an update as announced\nvia advisory SSA:2011-041-03.", "published": "2012-09-11T00:00:00", "type": "openvas", "bulletinFamily": "scanner", "hashmap": [{"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvelist", "hash": "4da1a6c3b420153901ea3b6e32da0fb7"}, {"key": "title", "hash": "ac091b42b2178f049db369bc0f5c9253"}, {"key": "sourceData", "hash": "9fd0ffa83f023226088b85156d265b16"}, {"key": "pluginID", "hash": "a01aacb6c33f2446dfbd1c5da3e9ef64"}, {"key": "href", "hash": "2fe2f1f34e7b34d7c91d132fe1280245"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}, {"key": "reporter", "hash": "e34e2f978e4314ac3276e0e621a2704e"}, {"key": "description", "hash": "f4c281dbd55020debaa3482bb011e741"}, {"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvss", "hash": "84813b1457b92d6ba1174abffbb83a2f"}, {"key": "naslFamily", "hash": "43a3ec56ec636b53af6d97a47899295c"}, {"key": "modified", "hash": "a5b7f0cc720ea6aaf55c2ae037a501cd"}, {"key": "published", "hash": "87fb03030704c663d43a137161fbf15b"}], "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2011_041_03.nasl 5977 2017-04-19 09:02:22Z teissa $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,\nand -current to fix security issues.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2011-041-03.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2011-041-03\";\n \nif(description)\n{\n script_id(68922);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-19 11:02:22 +0200 (Wed, 19 Apr 2017) $\");\n script_cve_id(\"CVE-2009-3560\", \"CVE-2009-3720\", \"CVE-2010-1623\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_version(\"$Revision: 5977 $\");\n script_name(\"Slackware Advisory SSA:2011-041-03 httpd \");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"login/SSH/success\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"httpd\", ver:\"2.2.17-i486-1_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"httpd\", ver:\"2.2.17-i486-1_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"httpd\", ver:\"2.2.17-i486-1_slack12.2\", rls:\"SLK12.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"httpd\", ver:\"2.2.17-i486-1_slack13.0\", rls:\"SLK13.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"httpd\", ver:\"2.2.17-i486-1_slack13.1\", rls:\"SLK13.1\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "pluginID": "68922", "hash": "75ca0b421f071406aa3ee123cac1f02327dd15c4cb5f78392da5e2c10fec677d", "modified": "2017-04-19T00:00:00", "edition": 1, "cvelist": ["CVE-2010-1623", "CVE-2009-3720", "CVE-2009-3560"], "lastseen": "2017-07-02T21:10:29", "viewCount": 0, "enchantments": {}, "reporter": "Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com", "objectVersion": "1.3", "references": []}}], "naslFamily": "Slackware Local Security Checks", "id": "OPENVAS:68922", "reporter": "Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com", "published": "2012-09-11T00:00:00", "description": "The remote host is missing an update as announced\nvia advisory SSA:2011-041-03.", "title": "Slackware Advisory SSA:2011-041-03 httpd ", "bulletinFamily": "scanner", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2011_041_03.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,\nand -current to fix security issues.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2011-041-03.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2011-041-03\";\n \nif(description)\n{\n script_id(68922);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2009-3560\", \"CVE-2009-3720\", \"CVE-2010-1623\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_version(\"$Revision: 6598 $\");\n script_name(\"Slackware Advisory SSA:2011-041-03 httpd \");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"httpd\", ver:\"2.2.17-i486-1_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"httpd\", ver:\"2.2.17-i486-1_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"httpd\", ver:\"2.2.17-i486-1_slack12.2\", rls:\"SLK12.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"httpd\", ver:\"2.2.17-i486-1_slack13.0\", rls:\"SLK13.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"httpd\", ver:\"2.2.17-i486-1_slack13.1\", rls:\"SLK13.1\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "pluginID": "68922", "hash": "37de4794f3e08e22fe0faa6caf0551fce393e091c1d012de4f109c2d614b0884", "references": [], "edition": 2, "cvelist": ["CVE-2010-1623", "CVE-2009-3720", "CVE-2009-3560"], "lastseen": "2017-07-24T12:50:26", "viewCount": 1, "enchantments": {"score": {"value": 6.2, "vector": "NONE", "modified": "2017-07-24T12:50:26"}, "dependencies": {"references": [{"type": "f5", "idList": ["SOL15905", "F5:K15905", "SOL15902"]}, {"type": "cve", "idList": ["CVE-2009-3720", "CVE-2010-1623", "CVE-2009-3560"]}, {"type": "slackware", "idList": ["SSA-2011-041-03", "SSA-2011-041-02"]}, {"type": "nessus", "idList": ["SLACKWARE_SSA_2011-041-03.NASL", "APACHE_2_2_17.NASL", "FREEBSD_PKG_DD943FBBD0FE11DF95A800219B0FC4D8.NASL", "REDHAT-RHSA-2009-1625.NASL", "CENTOS_RHSA-2009-1625.NASL", "FEDORA_2009-12737.NASL", "SUSE_11_2_PYXML-091210.NASL", "SUSE_11_0_PYXML-091210.NASL", "SL_20091207_EXPAT_ON_SL3_X.NASL", "SUSE_11_PYXML-091211.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231068922", "OPENVAS:136141256231068152", "OPENVAS:68152", "OPENVAS:66447", "OPENVAS:880786", "OPENVAS:66468", "OPENVAS:136141256231066446", "OPENVAS:136141256231066448", "OPENVAS:136141256231066357", "OPENVAS:66357"]}, {"type": "freebsd", "idList": ["DD943FBB-D0FE-11DF-95A8-00219B0FC4D8", "18449F92-AB39-11E6-8011-005056925DB4"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-1625"]}, {"type": "centos", "idList": ["CESA-2009:1625"]}, {"type": "redhat", "idList": ["RHSA-2009:1625"]}, {"type": "ubuntu", "idList": ["USN-890-3", "USN-890-4", "USN-890-5", "USN-890-2", "USN-890-1", "USN-890-6"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1977-1:4A5F0"]}, {"type": "gentoo", "idList": ["GLSA-201209-06"]}], "modified": "2017-07-24T12:50:26"}, "vulnersScore": 6.2}, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "4da1a6c3b420153901ea3b6e32da0fb7"}, {"key": "cvss", "hash": "84813b1457b92d6ba1174abffbb83a2f"}, {"key": "description", "hash": "f4c281dbd55020debaa3482bb011e741"}, {"key": "href", "hash": "2fe2f1f34e7b34d7c91d132fe1280245"}, {"key": "modified", "hash": "d89cc672a6266551218ef8145d1f22e2"}, {"key": "naslFamily", "hash": "43a3ec56ec636b53af6d97a47899295c"}, {"key": "pluginID", "hash": "a01aacb6c33f2446dfbd1c5da3e9ef64"}, {"key": "published", "hash": "87fb03030704c663d43a137161fbf15b"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "e34e2f978e4314ac3276e0e621a2704e"}, {"key": "sourceData", "hash": "a033c8482bbc43053a8eed991bedd41d"}, {"key": "title", "hash": "ac091b42b2178f049db369bc0f5c9253"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "objectVersion": "1.3", "modified": "2017-07-07T00:00:00"}

{"f5": [{"lastseen": "2016-11-09T00:09:44", "bulletinFamily": "software", "description": "Vulnerability Recommended Actions\n\nIf the previous table lists a version in the **Versions known to be not vulnerable **column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 is responding to this vulnerability as determined by the parameters defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2016-07-01T00:00:00", "published": "2014-12-11T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/900/sol15905.html", "id": "SOL15905", "title": "SOL15905 - Expat vulnerabilities CVE-2009-3560 and CVE-2009-3720", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-06-08T02:18:15", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 242353 (BIG-IP) and ID 491424 (F5 WebSafe) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth>) may list Heuristic H495544 on the **Diagnostics** > **Identified** > **High **screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM| 10.1.0| 11.0.0 - 11.6.0 \n10.2.0 - 10.2.4| XML Parsing \nBIG-IP AAM| None| 11.4.0 - 11.6.0| None \nBIG-IP AFM| None| 11.3.0 - 11.6.0| None \nBIG-IP Analytics| None| 11.0.0 - 11.6.0| None \nBIG-IP APM| 10.1.0| 11.0.0 - 11.6.0 \n10.2.0 - 10.2.4| XML Parsing \nBIG-IP ASM| 10.1.0| 11.0.0 - 11.6.0 \n10.2.0 - 10.2.4| XML Parsing \nBIG-IP Edge Gateway| 10.1.0| 11.0.0 - 11.3.0 \n10.2.0 - 10.2.4| XML Parsing \nBIG-IP GTM| 10.1.0| 11.0.0 - 11.6.0 \n10.2.0 - 10.2.4| XML Parsing \nBIG-IP Link Controller| 10.1.0| 11.0.0 - 11.6.0 \n10.2.0 - 10.2.4| XML Parsing \nBIG-IP PEM| None| 11.3.0 - 11.6.0| None \nBIG-IP PSM| 10.1.0| 11.0.0 - 11.4.1 \n10.2.0 - 10.2.4| XML Parsing \nBIG-IP WebAccelerator| 10.1.0| 11.0.0 - 11.3.0 \n10.2.0 - 10.2.4| XML Parsing \nBIG-IP WOM| 10.1.0| 11.0.0 - 11.3.0 \n10.2.0 - 10.2.4| XML Parsing \nARX| None| 6.2.0 - 6.4.0| None \nEnterprise Manager| None| 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| None \nBIG-IQ Cloud| None| 4.0.0 - 4.4.0| None \nBIG-IQ Device| None| 4.2.0 - 4.4.0| None \nBIG-IQ Security| None| 4.0.0 - 4.4.0| None \nLineRate| None| 2.4.0 - 2.5.0 \n1.6.0 - 1.6.4| None \nF5 WebSafe| None| 1.0.0| None\n\nIf the previous table lists a version in the **Versions known to be not vulnerable **column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 is responding to this vulnerability as determined by the parameters defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2017-03-17T20:01:00", "published": "2014-12-12T01:48:00", "id": "F5:K15905", "href": "https://support.f5.com/csp/article/K15905", "title": "Expat vulnerabilities CVE-2009-3560 and CVE-2009-3720", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:23:00", "bulletinFamily": "software", "description": "Recommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 is responding to this vulnerability as determined by the parameters defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability, F5 recommends that you expose the management access only on trusted networks.\n\nTo mitigate this vulnerability for ARX, do not enable the API functionality.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n * SOL9502: BIG-IP hotfix matrix\n", "modified": "2015-09-15T00:00:00", "published": "2014-12-11T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/900/sol15902.html", "id": "SOL15902", "title": "SOL15902 - Apache vulnerability CVE-2010-1623", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "cve": [{"lastseen": "2019-08-27T04:56:45", "bulletinFamily": "NVD", "description": "Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.", "modified": "2017-09-19T01:30:00", "id": "CVE-2010-1623", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1623", "published": "2010-10-04T21:00:00", "title": "CVE-2010-1623", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-08-24T09:25:15", "bulletinFamily": "NVD", "description": "The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.", "modified": "2017-09-19T01:29:00", "id": "CVE-2009-3720", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3720", "published": "2009-11-03T16:30:00", "title": "CVE-2009-3720", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-08-24T09:25:14", "bulletinFamily": "NVD", "description": "The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.", "modified": "2017-09-19T01:29:00", "id": "CVE-2009-3560", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3560", "published": "2009-12-04T21:30:00", "title": "CVE-2009-3560", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:38:48", "bulletinFamily": "scanner", "description": "The remote host is missing an update as announced\nvia advisory SSA:2011-041-03.", "modified": "2019-03-15T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:136141256231068922", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231068922", "title": "Slackware Advisory SSA:2011-041-03 httpd", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2011_041_03.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.68922\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2009-3560\", \"CVE-2009-3720\", \"CVE-2010-1623\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2011-041-03 httpd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(12\\.0|12\\.1|12\\.2|13\\.0|13\\.1)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2011-041-03\");\n\n script_tag(name:\"insight\", value:\"New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,\nand -current to fix security issues.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2011-041-03.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"httpd\", ver:\"2.2.17-i486-1_slack12.0\", rls:\"SLK12.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"httpd\", ver:\"2.2.17-i486-1_slack12.1\", rls:\"SLK12.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"httpd\", ver:\"2.2.17-i486-1_slack12.2\", rls:\"SLK12.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"httpd\", ver:\"2.2.17-i486-1_slack13.0\", rls:\"SLK13.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"httpd\", ver:\"2.2.17-i486-1_slack13.1\", rls:\"SLK13.1\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-01-03T10:54:24", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2018-01-02T00:00:00", "published": "2010-10-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231068152", "id": "OPENVAS:136141256231068152", "type": "openvas", "title": "FreeBSD Ports: apr", "sourceData": "#\n#VID dd943fbb-d0fe-11df-95a8-00219b0fc4d8\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID dd943fbb-d0fe-11df-95a8-00219b0fc4d8\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: apr\n\nCVE-2009-3560\nThe big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1,\nas used in the XML-Twig module for Perl, allows context-dependent\nattackers to cause a denial of service (application crash) via an XML\ndocument with malformed UTF-8 sequences that trigger a buffer\nover-read, related to the doProlog function in lib/xmlparse.c, a\ndifferent vulnerability than CVE-2009-2625 and CVE-2009-3720.\n\nCVE-2009-3720\nThe updatePosition function in lib/xmltok_impl.c in libexpat in Expat\n2.0.1, as used in Python, PyXML, w3c-libwww, and other software,\nallows context-dependent attackers to cause a denial of service\n(application crash) via an XML document with crafted UTF-8 sequences\nthat trigger a buffer over-read, a different vulnerability than\nCVE-2009-2625.\n\nCVE-2010-1623\nThe apr_brigade_split_line function in buckets/apr_brigade.c in the\nApache Portable Runtime Utility library (aka APR-util) before 1.3.10,\nas used in the mod_reqtimeout module in the Apache HTTP Server and\nother software, allows remote attackers to cause a denial of service\n(memory consumption) via unspecified vectors.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3\nhttp://secunia.com/advisories/41701\nhttp://www.vuxml.org/freebsd/dd943fbb-d0fe-11df-95a8-00219b0fc4d8.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.68152\");\n script_version(\"$Revision: 8269 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 08:28:22 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-10 19:35:00 +0200 (Sun, 10 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2009-3560\", \"CVE-2009-3720\", \"CVE-2010-1623\");\n script_bugtraq_id(43673);\n script_name(\"FreeBSD Ports: apr\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"apr\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.4.2.1.3.10\")<0) {\n txt += 'Package apr version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:09:53", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2017-02-09T00:00:00", "published": "2010-10-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=68152", "id": "OPENVAS:68152", "title": "FreeBSD Ports: apr", "type": "openvas", "sourceData": "#\n#VID dd943fbb-d0fe-11df-95a8-00219b0fc4d8\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID dd943fbb-d0fe-11df-95a8-00219b0fc4d8\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: apr\n\nCVE-2009-3560\nThe big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1,\nas used in the XML-Twig module for Perl, allows context-dependent\nattackers to cause a denial of service (application crash) via an XML\ndocument with malformed UTF-8 sequences that trigger a buffer\nover-read, related to the doProlog function in lib/xmlparse.c, a\ndifferent vulnerability than CVE-2009-2625 and CVE-2009-3720.\n\nCVE-2009-3720\nThe updatePosition function in lib/xmltok_impl.c in libexpat in Expat\n2.0.1, as used in Python, PyXML, w3c-libwww, and other software,\nallows context-dependent attackers to cause a denial of service\n(application crash) via an XML document with crafted UTF-8 sequences\nthat trigger a buffer over-read, a different vulnerability than\nCVE-2009-2625.\n\nCVE-2010-1623\nThe apr_brigade_split_line function in buckets/apr_brigade.c in the\nApache Portable Runtime Utility library (aka APR-util) before 1.3.10,\nas used in the mod_reqtimeout module in the Apache HTTP Server and\nother software, allows remote attackers to cause a denial of service\n(memory consumption) via unspecified vectors.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3\nhttp://secunia.com/advisories/41701\nhttp://www.vuxml.org/freebsd/dd943fbb-d0fe-11df-95a8-00219b0fc4d8.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\n\nif(description)\n{\n script_id(68152);\n script_version(\"$Revision: 5245 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-09 09:57:08 +0100 (Thu, 09 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-10 19:35:00 +0200 (Sun, 10 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2009-3560\", \"CVE-2009-3720\", \"CVE-2010-1623\");\n script_bugtraq_id(43673);\n script_name(\"FreeBSD Ports: apr\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"apr\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.4.2.1.3.10\")<0) {\n txt += 'Package apr version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:58", "bulletinFamily": "scanner", "description": "The remote host is missing an update to expat\nannounced via advisory FEDORA-2009-12690.", "modified": "2018-04-06T00:00:00", "published": "2009-12-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066446", "id": "OPENVAS:136141256231066446", "title": "Fedora Core 10 FEDORA-2009-12690 (expat)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_12690.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-12690 (expat)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nA buffer over-read flaw was found in the way Expat handles malformed UTF-8\nsequences when processing XML files. A specially-crafted XML file could cause\napplications using Expat to crash while parsing the file. (CVE-2009-3560)\n\nChangeLog:\n\n* Tue Dec 1 2009 Joe Orton - 2.0.1-8\n- add security fix for CVE-2009-3560 (#533174)\n- run the test suite\n* Fri Oct 30 2009 Joe Orton - 2.0.1-5.1\n- add security fix for CVE-2009-3720\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update expat' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12690\";\ntag_summary = \"The remote host is missing an update to expat\nannounced via advisory FEDORA-2009-12690.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66446\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2009-3560\", \"CVE-2009-3720\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Core 10 FEDORA-2009-12690 (expat)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=533174\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"expat\", rpm:\"expat~2.0.1~8.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"expat-devel\", rpm:\"expat-devel~2.0.1~8.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"expat-debuginfo\", rpm:\"expat-debuginfo~2.0.1~8.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:16", "bulletinFamily": "scanner", "description": "The remote host is missing an update to expat\nannounced via advisory FEDORA-2009-12716.", "modified": "2017-07-10T00:00:00", "published": "2009-12-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=66447", "id": "OPENVAS:66447", "title": "Fedora Core 11 FEDORA-2009-12716 (expat)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_12716.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-12716 (expat)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nA buffer over-read flaw was found in the way Expat handles malformed UTF-8\nsequences when processing XML files. A specially-crafted XML file could cause\napplications using Expat to crash while parsing the file. (CVE-2009-3560)\n\nChangeLog:\n\n* Tue Dec 1 2009 Joe Orton - 2.0.1-8\n- add security fix for CVE-2009-3560 (#533174)\n- run the test suite\n* Fri Oct 30 2009 Joe Orton - 2.0.1-6.1\n- add security fix for CVE-2009-3720\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update expat' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12716\";\ntag_summary = \"The remote host is missing an update to expat\nannounced via advisory FEDORA-2009-12716.\";\n\n\n\nif(description)\n{\n script_id(66447);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2009-3560\", \"CVE-2009-3720\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Core 11 FEDORA-2009-12716 (expat)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=533174\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"expat\", rpm:\"expat~2.0.1~8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"expat-devel\", rpm:\"expat-devel~2.0.1~8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"expat-debuginfo\", rpm:\"expat-debuginfo~2.0.1~8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:37:16", "bulletinFamily": "scanner", "description": "The remote host is missing an update to expat\nannounced via advisory FEDORA-2009-12737.", "modified": "2018-04-06T00:00:00", "published": "2009-12-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066448", "id": "OPENVAS:136141256231066448", "type": "openvas", "title": "Fedora Core 12 FEDORA-2009-12737 (expat)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_12737.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-12737 (expat)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nTwo buffer over-read flaws were found in the way Expat handled malformed UTF-8\nsequences when processing XML files. A specially-crafted XML file could cause\napplications using Expat to crash while parsing the file. (CVE-2009-3560,\nCVE-2009-3720)\n\nChangeLog:\n\n* Tue Dec 1 2009 Joe Orton - 2.0.1-8\n- add security fix for CVE-2009-3560 (#533174)\n- add security fix for CVE-2009-3720 (#531697)\n- run the test suite\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update expat' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12737\";\ntag_summary = \"The remote host is missing an update to expat\nannounced via advisory FEDORA-2009-12737.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66448\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2009-3560\", \"CVE-2009-3720\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Core 12 FEDORA-2009-12737 (expat)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=533174\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=531697\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"expat\", rpm:\"expat~2.0.1~8.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"expat-devel\", rpm:\"expat-devel~2.0.1~8.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"expat-debuginfo\", rpm:\"expat-debuginfo~2.0.1~8.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:41", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1625.\n\nExpat is a C library written by James Clark for parsing XML documents.\n\nTwo buffer over-read flaws were found in the way Expat handled malformed\nUTF-8 sequences when processing XML files. A specially-crafted XML file\ncould cause applications using Expat to crash while parsing the file.\n(CVE-2009-3560, CVE-2009-3720)\n\nAll expat users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, applications using the Expat library must be restarted for the\nupdate to take effect.", "modified": "2018-04-06T00:00:00", "published": "2009-12-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066357", "id": "OPENVAS:136141256231066357", "title": "RedHat Security Advisory RHSA-2009:1625", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1625.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1625 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1625.\n\nExpat is a C library written by James Clark for parsing XML documents.\n\nTwo buffer over-read flaws were found in the way Expat handled malformed\nUTF-8 sequences when processing XML files. A specially-crafted XML file\ncould cause applications using Expat to crash while parsing the file.\n(CVE-2009-3560, CVE-2009-3720)\n\nAll expat users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, applications using the Expat library must be restarted for the\nupdate to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66357\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2009-3560\", \"CVE-2009-3720\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"RedHat Security Advisory RHSA-2009:1625\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1625.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#moderate\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"expat\", rpm:\"expat~1.95.5~6.2\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"expat-debuginfo\", rpm:\"expat-debuginfo~1.95.5~6.2\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"expat-devel\", rpm:\"expat-devel~1.95.5~6.2\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"expat\", rpm:\"expat~1.95.7~4.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"expat-debuginfo\", rpm:\"expat-debuginfo~1.95.7~4.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"expat-devel\", rpm:\"expat-devel~1.95.7~4.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"expat\", rpm:\"expat~1.95.8~8.3.el5_4.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"expat-debuginfo\", rpm:\"expat-debuginfo~1.95.8~8.3.el5_4.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"expat-devel\", rpm:\"expat-devel~1.95.8~8.3.el5_4.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:46", "bulletinFamily": "scanner", "description": "Check for the Version of expat", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880786", "id": "OPENVAS:880786", "title": "CentOS Update for expat CESA-2009:1625 centos5 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for expat CESA-2009:1625 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Expat is a C library written by James Clark for parsing XML documents.\n\n Two buffer over-read flaws were found in the way Expat handled malformed\n UTF-8 sequences when processing XML files. A specially-crafted XML file\n could cause applications using Expat to crash while parsing the file.\n (CVE-2009-3560, CVE-2009-3720)\n \n All expat users should upgrade to these updated packages, which contain\n backported patches to correct these issues. After installing the updated\n packages, applications using the Expat library must be restarted for the\n update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"expat on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-December/016378.html\");\n script_id(880786);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2009:1625\");\n script_cve_id(\"CVE-2009-3560\", \"CVE-2009-3720\");\n script_name(\"CentOS Update for expat CESA-2009:1625 centos5 i386\");\n\n script_summary(\"Check for the Version of expat\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"expat\", rpm:\"expat~1.95.8~8.3.el5_4.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"expat-devel\", rpm:\"expat-devel~1.95.8~8.3.el5_4.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:00", "bulletinFamily": "scanner", "description": "The remote host is missing updates to expat announced in\nadvisory CESA-2009:1625.", "modified": "2017-07-10T00:00:00", "published": "2009-12-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=66468", "id": "OPENVAS:66468", "title": "CentOS Security Advisory CESA-2009:1625 (expat)", "type": "openvas", "sourceData": "#CESA-2009:1625 66468 6\n# $Id: ovcesa2009_1625.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1625 (expat)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1625\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1625\nhttps://rhn.redhat.com/errata/RHSA-2009-1625.html\";\ntag_summary = \"The remote host is missing updates to expat announced in\nadvisory CESA-2009:1625.\";\n\n\n\nif(description)\n{\n script_id(66468);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2009-3560\", \"CVE-2009-3720\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"CentOS Security Advisory CESA-2009:1625 (expat)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"expat\", rpm:\"expat~1.95.5~6.2\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"expat-devel\", rpm:\"expat-devel~1.95.5~6.2\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"expat\", rpm:\"expat~1.95.7~4.el4_8.2\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"expat-devel\", rpm:\"expat-devel~1.95.7~4.el4_8.2\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"expat\", rpm:\"expat~1.95.8~8.3.el5_4.2\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"expat-devel\", rpm:\"expat-devel~1.95.8~8.3.el5_4.2\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:45", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2009-1625", "modified": "2018-09-28T00:00:00", "published": "2015-10-08T00:00:00", "id": "OPENVAS:1361412562310122412", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122412", "title": "Oracle Linux Local Check: ELSA-2009-1625", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2009-1625.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122412\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:44:51 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2009-1625\");\n script_tag(name:\"insight\", value:\"ELSA-2009-1625 - expat security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2009-1625\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2009-1625.html\");\n script_cve_id(\"CVE-2009-3560\", \"CVE-2009-3720\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"expat\", rpm:\"expat~1.95.8~8.3.el5_4.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"expat-devel\", rpm:\"expat-devel~1.95.8~8.3.el5_4.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2019-11-01T02:39:55", "bulletinFamily": "scanner", "description": "Secunia reports :\n\nMultiple vulnerabilities have been reported in APR-util, which can be\nexploited by malicious people to cause a DoS (Denial of Service).\n\nTwo XML parsing vulnerabilities exist in the bundled version of expat.\n\nAn error within the ", "modified": "2019-11-02T00:00:00", "id": "FREEBSD_PKG_DD943FBBD0FE11DF95A800219B0FC4D8.NASL", "href": "https://www.tenable.com/plugins/nessus/49770", "published": "2010-10-06T00:00:00", "title": "FreeBSD : apr -- multiple vunerabilities (dd943fbb-d0fe-11df-95a8-00219b0fc4d8)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(49770);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/08/02 13:32:40\");\n\n script_cve_id(\"CVE-2009-3560\", \"CVE-2009-3720\", \"CVE-2010-1623\");\n script_bugtraq_id(43673);\n script_xref(name:\"Secunia\", value:\"41701\");\n\n script_name(english:\"FreeBSD : apr -- multiple vunerabilities (dd943fbb-d0fe-11df-95a8-00219b0fc4d8)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Secunia reports :\n\nMultiple vulnerabilities have been reported in APR-util, which can be\nexploited by malicious people to cause a DoS (Denial of Service).\n\nTwo XML parsing vulnerabilities exist in the bundled version of expat.\n\nAn error within the 'apr_brigade_split_line()' function in\nbuckets/apr_brigade.c can be exploited to cause high memory\nconsumption.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3\"\n );\n # https://vuxml.freebsd.org/freebsd/dd943fbb-d0fe-11df-95a8-00219b0fc4d8.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?acebb1c1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apr1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/10/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"apr1<1.4.2.1.3.10\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apr0<0.9.19.0.9.19\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-01T02:14:36", "bulletinFamily": "scanner", "description": "According to its banner, the version of Apache 2.2.x running on the\nremote host is prior to 2.2.17. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - Errors exist in the bundled expat library that may allow\n an attacker to crash the server when a buffer is over-\n read when parsing an XML document. (CVE-2009-3720 and\n CVE-2009-3560)\n\n - An error exists in the ", "modified": "2019-11-02T00:00:00", "id": "APACHE_2_2_17.NASL", "href": "https://www.tenable.com/plugins/nessus/50070", "published": "2010-10-20T00:00:00", "title": "Apache 2.2.x < 2.2.17 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50070);\n script_cvs_date(\"Date: 2018/06/29 12:01:03\");\n script_version(\"1.16\");\n\n script_cve_id(\"CVE-2009-3560\", \"CVE-2009-3720\", \"CVE-2010-1623\");\n script_bugtraq_id(37203, 36097, 43673);\n script_xref(name:\"Secunia\", value:\"41701\");\n\n script_name(english:\"Apache 2.2.x < 2.2.17 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version in Server response header.\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server may be affected by several issues.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of Apache 2.2.x running on the\nremote host is prior to 2.2.17. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - Errors exist in the bundled expat library that may allow\n an attacker to crash the server when a buffer is over-\n read when parsing an XML document. (CVE-2009-3720 and\n CVE-2009-3560)\n\n - An error exists in the 'apr_brigade_split_line' \n function in the bundled APR-util library. Carefully\n timed bytes in requests result in gradual memory\n increases leading to a denial of service. \n (CVE-2010-1623)\n \nNote that the remote web server may not actually be affected by these\nvulnerabilities. Nessus did not try to determine whether the affected\nmodules are in use or to check for the issues themselves.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://archive.apache.org/dist/httpd/CHANGES_2.2.17\");\n script_set_attribute(attribute:\"see_also\", value:\"http://httpd.apache.org/security/vulnerabilities_22.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache version 2.2.17 or later. Alternatively, ensure that\nthe affected modules are not in use.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/01/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/20\");\n script_set_attribute(attribute:\"plugin_type\", value: \"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:http_server\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"apache_http_version.nasl\");\n script_require_keys(\"installed_sw/Apache\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"audit.inc\");\ninclude(\"install_func.inc\");\n\nget_install_count(app_name:\"Apache\", exit_if_zero:TRUE);\nport = get_http_port(default:80);\ninstall = get_single_install(app_name:\"Apache\", port:port, exit_if_unknown_ver:TRUE);\n\n# Check if we could get a version first, then check if it was\n# backported\nversion = get_kb_item_or_exit('www/apache/'+port+'/version', exit_code:1);\nbackported = get_kb_item_or_exit('www/apache/'+port+'/backported', exit_code:1);\n\nif (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, \"Apache\");\nsource = get_kb_item_or_exit('www/apache/'+port+'/source', exit_code:1);\n\n# Check if the version looks like either ServerTokens Major/Minor\n# was used\nif (version =~ '^2(\\\\.2)?$') exit(1, \"The banner from the Apache server listening on port \"+port+\" - \"+source+\" - is not granular enough to make a determination.\");\nif (version !~ \"^\\d+(\\.\\d+)*$\") exit(1, \"The version of Apache listening on port \" + port + \" - \" + version + \" - is non-numeric and, therefore, cannot be used to make a determination.\");\nif (version =~ '^2\\\\.2' && ver_compare(ver:version, fix:'2.2.17') == -1)\n{\n if (report_verbosity > 0)\n {\n report = \n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 2.2.17\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"Apache\", port, install[\"version\"]);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-01T02:10:46", "bulletinFamily": "scanner", "description": "New httpd packages are available for Slackware 12.0, 12.1, 12.2,\n13.0, 13.1, and -current to fix security issues.", "modified": "2019-11-02T00:00:00", "id": "SLACKWARE_SSA_2011-041-03.NASL", "href": "https://www.tenable.com/plugins/nessus/51942", "published": "2011-02-11T00:00:00", "title": "Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : httpd (SSA:2011-041-03)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2011-041-03. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(51942);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/10/25 13:36:21\");\n\n script_cve_id(\"CVE-2009-3560\", \"CVE-2009-3720\", \"CVE-2010-1623\");\n script_bugtraq_id(36097, 37203, 43673);\n script_xref(name:\"SSA\", value:\"2011-041-03\");\n\n script_name(english:\"Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : httpd (SSA:2011-041-03)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New httpd packages are available for Slackware 12.0, 12.1, 12.2,\n13.0, 13.1, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.494329\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0cc38f15\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected httpd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/02/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"12.0\", pkgname:\"httpd\", pkgver:\"2.2.17\", pkgarch:\"i486\", pkgnum:\"1_slack12.0\")) flag++;\n\nif (slackware_check(osver:\"12.1\", pkgname:\"httpd\", pkgver:\"2.2.17\", pkgarch:\"i486\", pkgnum:\"1_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"12.2\", pkgname:\"httpd\", pkgver:\"2.2.17\", pkgarch:\"i486\", pkgnum:\"1_slack12.2\")) flag++;\n\nif (slackware_check(osver:\"13.0\", pkgname:\"httpd\", pkgver:\"2.2.17\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.2.17\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"httpd\", pkgver:\"2.2.17\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.2.17\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"httpd\", pkgver:\"2.2.17\", pkgarch:\"i486\", pkgnum:\"2\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.2.17\", pkgarch:\"x86_64\", pkgnum:\"2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-03T12:30:10", "bulletinFamily": "scanner", "description": "Specially crafted XML documents could make pyxml run into an enless\nloop, therefore locking up applications using pyxml. (CVE-2009-3720 /\nCVE-2009-3560)", "modified": "2019-11-02T00:00:00", "id": "SUSE_PYXML-6714.NASL", "href": "https://www.tenable.com/plugins/nessus/43349", "published": "2009-12-18T00:00:00", "title": "SuSE 10 Security Update : pyxml (ZYPP Patch Number 6714)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43349);\n script_version (\"1.10\");\n script_cvs_date(\"Date: 2019/10/25 13:36:37\");\n\n script_cve_id(\"CVE-2009-3560\", \"CVE-2009-3720\");\n\n script_name(english:\"SuSE 10 Security Update : pyxml (ZYPP Patch Number 6714)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted XML documents could make pyxml run into an enless\nloop, therefore locking up applications using pyxml. (CVE-2009-3720 /\nCVE-2009-3560)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3560.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3720.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6714.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"pyxml-0.8.4-17.8.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"pyxml-0.8.4-17.8.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-01T03:14:15", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2009:1625 :\n\nUpdated expat packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nExpat is a C library written by James Clark for parsing XML documents.\n\nTwo buffer over-read flaws were found in the way Expat handled\nmalformed UTF-8 sequences when processing XML files. A specially\ncrafted XML file could cause applications using Expat to crash while\nparsing the file. (CVE-2009-3560, CVE-2009-3720)\n\nAll expat users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, applications using the Expat library must be\nrestarted for the update to take effect.", "modified": "2019-11-02T00:00:00", "id": "ORACLELINUX_ELSA-2009-1625.NASL", "href": "https://www.tenable.com/plugins/nessus/67966", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 3 / 4 / 5 : expat (ELSA-2009-1625)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2009:1625 and \n# Oracle Linux Security Advisory ELSA-2009-1625 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67966);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/10/25 13:36:08\");\n\n script_cve_id(\"CVE-2009-3560\", \"CVE-2009-3720\");\n script_bugtraq_id(36097, 37203);\n script_xref(name:\"RHSA\", value:\"2009:1625\");\n\n script_name(english:\"Oracle Linux 3 / 4 / 5 : expat (ELSA-2009-1625)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2009:1625 :\n\nUpdated expat packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nExpat is a C library written by James Clark for parsing XML documents.\n\nTwo buffer over-read flaws were found in the way Expat handled\nmalformed UTF-8 sequences when processing XML files. A specially\ncrafted XML file could cause applications using Expat to crash while\nparsing the file. (CVE-2009-3560, CVE-2009-3720)\n\nAll expat users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, applications using the Expat library must be\nrestarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-December/001270.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-December/001271.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-December/001272.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected expat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:expat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"expat-1.95.5-6.2\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"expat-1.95.5-6.2\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"expat-devel-1.95.5-6.2\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"expat-devel-1.95.5-6.2\")) flag++;\n\nif (rpm_check(release:\"EL4\", reference:\"expat-1.95.7-4.el4_8.2\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"expat-devel-1.95.7-4.el4_8.2\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"expat-1.95.8-8.3.el5_4.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"expat-devel-1.95.8-8.3.el5_4.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"expat / expat-devel\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-03T12:30:10", "bulletinFamily": "scanner", "description": "Specially crafted XML documents could make pyxml run into an enless\nloop, therefore locking up applications using pyxml. (CVE-2009-3720 /\nCVE-2009-3560)", "modified": "2019-11-02T00:00:00", "id": "SUSE_PYXML-6715.NASL", "href": "https://www.tenable.com/plugins/nessus/49923", "published": "2010-10-11T00:00:00", "title": "SuSE 10 Security Update : pyxml (ZYPP Patch Number 6715)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(49923);\n script_version (\"1.7\");\n script_cvs_date(\"Date: 2019/10/25 13:36:37\");\n\n script_cve_id(\"CVE-2009-3560\", \"CVE-2009-3720\");\n\n script_name(english:\"SuSE 10 Security Update : pyxml (ZYPP Patch Number 6715)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted XML documents could make pyxml run into an enless\nloop, therefore locking up applications using pyxml. (CVE-2009-3720 /\nCVE-2009-3560)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3560.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3720.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6715.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"pyxml-0.8.4-17.9.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"pyxml-0.8.4-17.9.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-03T12:18:05", "bulletinFamily": "scanner", "description": "Specially crafted XML documents could make pyxml run into an enless\nloop, therefore locking up applications using pyxml. (CVE-2009-3720 /\nCVE-2009-3560)", "modified": "2019-11-02T00:00:00", "id": "SUSE_11_PYXML-091211.NASL", "href": "https://www.tenable.com/plugins/nessus/43348", "published": "2009-12-18T00:00:00", "title": "SuSE 11 Security Update : pyxml (SAT Patch Number 1673)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43348);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/10/25 13:36:35\");\n\n script_cve_id(\"CVE-2009-3560\", \"CVE-2009-3720\");\n\n script_name(english:\"SuSE 11 Security Update : pyxml (SAT Patch Number 1673)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted XML documents could make pyxml run into an enless\nloop, therefore locking up applications using pyxml. (CVE-2009-3720 /\nCVE-2009-3560)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=550666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=561561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3560.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3720.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 1673.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:pyxml\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"pyxml-0.8.4-194.19.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"pyxml-0.8.4-194.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"pyxml-0.8.4-194.19.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-01T02:26:40", "bulletinFamily": "scanner", "description": "A buffer over-read flaw was found in the way Expat handles malformed\nUTF-8 sequences when processing XML files. A specially crafted XML\nfile could cause applications using Expat to crash while parsing the\nfile. (CVE-2009-3560)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2009-12690.NASL", "href": "https://www.tenable.com/plugins/nessus/43012", "published": "2009-12-07T00:00:00", "title": "Fedora 10 : expat-2.0.1-8.fc10 (2009-12690)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-12690.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43012);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/08/02 13:32:29\");\n\n script_cve_id(\"CVE-2009-3560\", \"CVE-2009-3720\");\n script_xref(name:\"FEDORA\", value:\"2009-12690\");\n\n script_name(english:\"Fedora 10 : expat-2.0.1-8.fc10 (2009-12690)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer over-read flaw was found in the way Expat handles malformed\nUTF-8 sequences when processing XML files. A specially crafted XML\nfile could cause applications using Expat to crash while parsing the\nfile. (CVE-2009-3560)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=533174\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-December/032179.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f6f96b2a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected expat package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"expat-2.0.1-8.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"expat\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-03T12:17:30", "bulletinFamily": "scanner", "description": "Specially crafted XML documents could make pyxml run into an enless\nloop, therefore locking up applications using pyxml (CVE-2009-3720,\nCVE-2009-3560).", "modified": "2019-11-02T00:00:00", "id": "SUSE_11_1_PYXML-091210.NASL", "href": "https://www.tenable.com/plugins/nessus/43346", "published": "2009-12-18T00:00:00", "title": "openSUSE Security Update : pyxml (pyxml-1670)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update pyxml-1670.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43346);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/10/25 13:36:35\");\n\n script_cve_id(\"CVE-2009-3560\", \"CVE-2009-3720\");\n\n script_name(english:\"openSUSE Security Update : pyxml (pyxml-1670)\");\n script_summary(english:\"Check for the pyxml-1670 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted XML documents could make pyxml run into an enless\nloop, therefore locking up applications using pyxml (CVE-2009-3720,\nCVE-2009-3560).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=550666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=561561\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected pyxml package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pyxml\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"pyxml-0.8.4-194.32.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pyxml\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-01T02:15:11", "bulletinFamily": "scanner", "description": "Updated expat packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nExpat is a C library written by James Clark for parsing XML documents.\n\nTwo buffer over-read flaws were found in the way Expat handled\nmalformed UTF-8 sequences when processing XML files. A specially\ncrafted XML file could cause applications using Expat to crash while\nparsing the file. (CVE-2009-3560, CVE-2009-3720)\n\nAll expat users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, applications using the Expat library must be\nrestarted for the update to take effect.", "modified": "2019-11-02T00:00:00", "id": "CENTOS_RHSA-2009-1625.NASL", "href": "https://www.tenable.com/plugins/nessus/43031", "published": "2009-12-08T00:00:00", "title": "CentOS 3 / 4 / 5 : expat (CESA-2009:1625)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1625 and \n# CentOS Errata and Security Advisory 2009:1625 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43031);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2019/10/25 13:36:05\");\n\n script_cve_id(\"CVE-2009-3560\", \"CVE-2009-3720\");\n script_bugtraq_id(36097, 37203);\n script_xref(name:\"RHSA\", value:\"2009:1625\");\n\n script_name(english:\"CentOS 3 / 4 / 5 : expat (CESA-2009:1625)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated expat packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nExpat is a C library written by James Clark for parsing XML documents.\n\nTwo buffer over-read flaws were found in the way Expat handled\nmalformed UTF-8 sequences when processing XML files. A specially\ncrafted XML file could cause applications using Expat to crash while\nparsing the file. (CVE-2009-3560, CVE-2009-3720)\n\nAll expat users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, applications using the Expat library must be\nrestarted for the update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-December/016348.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8744f312\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-December/016349.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?68ed2b40\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-December/016350.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?24c09d77\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-December/016351.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bb67ae23\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-December/016378.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?701b2631\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-December/016379.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?16f3af29\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected expat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:expat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x / 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"expat-1.95.5-6.2\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"expat-1.95.5-6.2\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"expat-devel-1.95.5-6.2\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"expat-devel-1.95.5-6.2\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"expat-1.95.7-4.el4_8.2\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"expat-1.95.7-4.el4_8.2\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"expat-devel-1.95.7-4.el4_8.2\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"expat-devel-1.95.7-4.el4_8.2\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"expat-1.95.8-8.3.el5_4.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"expat-devel-1.95.8-8.3.el5_4.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"expat / expat-devel\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:04", "bulletinFamily": "unix", "description": "\nSecunia reports:\n\nMultiple vulnerabilities have been reported in APR-util, which can\n\t be exploited by malicious people to cause a DoS (Denial of\n\t Service).\nTwo XML parsing vulnerabilities exist in the bundled version of\n\t expat.\nAn error within the \"apr_brigade_split_line()\" function in\n\t buckets/apr_brigade.c can be exploited to cause high memory\n\t consumption.\n\n", "modified": "2010-10-20T00:00:00", "published": "2010-10-02T00:00:00", "id": "DD943FBB-D0FE-11DF-95A8-00219B0FC4D8", "href": "https://vuxml.freebsd.org/freebsd/dd943fbb-d0fe-11df-95a8-00219b0fc4d8.html", "title": "apr -- multiple vunerabilities", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:32:27", "bulletinFamily": "unix", "description": "\nMitre reports:\n\nThe HTBoundary_put_block function in HTBound.c for W3C libwww\n\t (w3c-libwww) allows remote servers to cause a denial of service\n\t (segmentation fault) via a crafted multipart/byteranges MIME message\n\t that triggers an out-of-bounds read.\n\n\nThe big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1,\n\t as used in the XML-Twig module for Perl, allows context-dependent\n\t attackers to cause a denial of service (application crash) via an XML\n\t document with malformed UTF-8 sequences that trigger a buffer\n\t over-read, related to the doProlog function in lib/xmlparse.c, a\n\t different vulnerability than CVE-2009-2625 and CVE-2009-3720.\n\n\nThe updatePosition function in lib/xmltok_impl.c in libexpat in\n\t Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other\n\t software, allows context-dependent attackers to cause a denial of\n\t service (application crash) via an XML document with crafted UTF-8\n\t sequences that trigger a buffer over-read, a different vulnerability\n\t than CVE-2009-2625.\n\n", "modified": "2005-10-12T00:00:00", "published": "2005-10-12T00:00:00", "id": "18449F92-AB39-11E6-8011-005056925DB4", "href": "https://vuxml.freebsd.org/freebsd/18449f92-ab39-11e6-8011-005056925db4.html", "title": "libwww -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "slackware": [{"lastseen": "2019-05-30T07:36:57", "bulletinFamily": "unix", "description": "New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 13.1 ChangeLog:\n\npatches/packages/httpd-2.2.17-i486-1_slack13.1.txz: Upgraded.\n This fixes some denial of service bugs in the bundled libraries.\n On Slackware we do not use the bundled expat or apr-util, so the\n issues are also fixed in those external libraries.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1623\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/httpd-2.2.17-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/httpd-2.2.17-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/httpd-2.2.17-i486-1_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/httpd-2.2.17-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/httpd-2.2.17-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/httpd-2.2.17-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/httpd-2.2.17-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.2.17-i486-2.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.2.17-x86_64-2.txz\n\n\nMD5 signatures:\n\nSlackware 12.0 package:\nbdc59e942fd61d6606bf7f0262758e51 httpd-2.2.17-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\n85bb985e578788b0975358319b3ea977 httpd-2.2.17-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\n7a19a060e00c65276ecb8e658d489b4e httpd-2.2.17-i486-1_slack12.2.tgz\n\nSlackware 13.0 package:\naadaffcdaefa912aba16467a9833f96c httpd-2.2.17-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\naa7ce8c4eb263827cda69bb3c4ab92b1 httpd-2.2.17-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n8e710650f302b666d7e4431a415a3e6f httpd-2.2.17-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n8d8e71a0b5b55df0439e967a7399ff57 httpd-2.2.17-x86_64-1_slack13.1.txz\n\nSlackware -current package:\n12c3430df876a4990ceed74dc413474a httpd-2.2.17-i486-2.txz\n\nSlackware x86_64 -current package:\n82a484c9a107a965f09b0caf90173f4d httpd-2.2.17-x86_64-2.txz\n\n\nInstallation instructions:\n\nNOTE: This package will require the new expat, apr, and apr-util patches first.\n\nUpgrade the package as root:\n > upgradepkg httpd-2.2.17-i486-1_slack13.1.txz\n\nThen, restart Apache httpd:\n\n > /etc/rc.d/rc.httpd stop\n > /etc/rc.d/rc.httpd start", "modified": "2011-02-10T17:17:26", "published": "2011-02-10T17:17:26", "id": "SSA-2011-041-03", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.494329", "title": "httpd", "type": "slackware", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-30T07:37:30", "bulletinFamily": "unix", "description": "New expat packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,\n13.1, and -current to fix security issues.\n\n\nHere are the details from the Slackware 13.1 ChangeLog:\n\npatches/packages/expat-2.0.1-i486-2_slack13.1.txz: Upgraded.\n Fixed various crash and hang bugs.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/expat-1.95.8-i486-2_slack11.0.tgz\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/expat-2.0.1-i486-2_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/expat-2.0.1-i486-2_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/expat-2.0.1-i486-2_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/expat-2.0.1-i486-2_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/expat-2.0.1-x86_64-2_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/expat-2.0.1-i486-2_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/expat-2.0.1-x86_64-2_slack13.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/expat-2.0.1-i486-2.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/expat-2.0.1-x86_64-2.txz\n\n\nMD5 signatures:\n\nSlackware 11.0 package:\n6806cc5db1b5b480a30faec09bdedc42 expat-1.95.8-i486-2_slack11.0.tgz\n\nSlackware 12.0 package:\n8daa986c903da220e981798ca84d97fd expat-2.0.1-i486-2_slack12.0.tgz\n\nSlackware 12.1 package:\n3f9877fc4fd482ea558a2cfb3425d6f2 expat-2.0.1-i486-2_slack12.1.tgz\n\nSlackware 12.2 package:\nad77dc2515953857edb8d5baa30ac520 expat-2.0.1-i486-2_slack12.2.tgz\n\nSlackware 13.0 package:\n1c4f75ac842f28c5e0f0e0f648b11a5c expat-2.0.1-i486-2_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n90e7fbcd52d43fa3bbf71f6381ff4760 expat-2.0.1-x86_64-2_slack13.0.txz\n\nSlackware 13.1 package:\nca8d385927fe360037b2be0648700523 expat-2.0.1-i486-2_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n8cf581464ee9363103787c576fb32118 expat-2.0.1-x86_64-2_slack13.1.txz\n\nSlackware -current package:\na0f7f4bcdcb3841d6e0801317e64416b l/expat-2.0.1-i486-2.txz\n\nSlackware x86_64 -current package:\nef9bb2c49022676726b83cc90561c579 l/expat-2.0.1-x86_64-2.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg expat-2.0.1-i486-2_slack13.1.txz", "modified": "2011-02-10T17:17:08", "published": "2011-02-10T17:17:08", "id": "SSA-2011-041-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026", "title": "expat", "type": "slackware", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:53", "bulletinFamily": "unix", "description": "[1.95.8-8.3.2]\n- add security fix for CVE-2009-3560 (#531710)\n[1.95.8-8.3.1]\n- add security fix for CVE-2009-3720 (#531710)", "modified": "2009-12-07T00:00:00", "published": "2009-12-07T00:00:00", "id": "ELSA-2009-1625", "href": "http://linux.oracle.com/errata/ELSA-2009-1625.html", "title": "expat security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:44:34", "bulletinFamily": "unix", "description": "Expat is a C library written by James Clark for parsing XML documents.\n\nTwo buffer over-read flaws were found in the way Expat handled malformed\nUTF-8 sequences when processing XML files. A specially-crafted XML file\ncould cause applications using Expat to crash while parsing the file.\n(CVE-2009-3560, CVE-2009-3720)\n\nAll expat users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, applications using the Expat library must be restarted for the\nupdate to take effect.", "modified": "2018-05-26T04:26:18", "published": "2009-12-07T05:00:00", "id": "RHSA-2009:1625", "href": "https://access.redhat.com/errata/RHSA-2009:1625", "type": "redhat", "title": "(RHSA-2009:1625) Moderate: expat security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "centos": [{"lastseen": "2019-05-29T18:33:19", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2009:1625\n\n\nExpat is a C library written by James Clark for parsing XML documents.\n\nTwo buffer over-read flaws were found in the way Expat handled malformed\nUTF-8 sequences when processing XML files. A specially-crafted XML file\ncould cause applications using Expat to crash while parsing the file.\n(CVE-2009-3560, CVE-2009-3720)\n\nAll expat users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, applications using the Expat library must be restarted for the\nupdate to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-December/016348.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-December/016349.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-December/016350.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-December/016351.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-December/016378.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-December/016379.html\n\n**Affected packages:**\nexpat\nexpat-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1625.html", "modified": "2009-12-18T01:32:48", "published": "2009-12-07T23:34:29", "href": "http://lists.centos.org/pipermail/centos-announce/2009-December/016348.html", "id": "CESA-2009:1625", "title": "expat security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2019-05-29T17:23:07", "bulletinFamily": "unix", "description": "Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. (CVE-2009-2625, CVE-2009-3720)\n\nIt was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. (CVE-2009-3560)", "modified": "2010-01-20T00:00:00", "published": "2010-01-20T00:00:00", "id": "USN-890-1", "href": "https://usn.ubuntu.com/890-1/", "title": "Expat vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T17:23:18", "bulletinFamily": "unix", "description": "USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for the PyExpat module in Python 2.5.\n\nOriginal advisory details:\n\nJukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. (CVE-2009-2625, CVE-2009-3720)\n\nIt was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. (CVE-2009-3560)", "modified": "2010-01-21T00:00:00", "published": "2010-01-21T00:00:00", "id": "USN-890-2", "href": "https://usn.ubuntu.com/890-2/", "title": "Python 2.5 vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T17:22:27", "bulletinFamily": "unix", "description": "USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for CMake.\n\nOriginal advisory details:\n\nJukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. (CVE-2009-2625, CVE-2009-3720)\n\nIt was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. (CVE-2009-3560)", "modified": "2010-04-15T00:00:00", "published": "2010-04-15T00:00:00", "id": "USN-890-6", "href": "https://usn.ubuntu.com/890-6/", "title": "CMake vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T17:22:05", "bulletinFamily": "unix", "description": "USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for the PyExpat module in Python 2.4.\n\nOriginal advisory details:\n\nJukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. (CVE-2009-2625, CVE-2009-3720)\n\nIt was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. (CVE-2009-3560)", "modified": "2010-01-22T00:00:00", "published": "2010-01-22T00:00:00", "id": "USN-890-3", "href": "https://usn.ubuntu.com/890-3/", "title": "Python 2.4 vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T17:22:20", "bulletinFamily": "unix", "description": "USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for PyXML.\n\nOriginal advisory details:\n\nJukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. (CVE-2009-2625, CVE-2009-3720)\n\nIt was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. (CVE-2009-3560)", "modified": "2010-01-26T00:00:00", "published": "2010-01-26T00:00:00", "id": "USN-890-4", "href": "https://usn.ubuntu.com/890-4/", "title": "PyXML vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T17:22:53", "bulletinFamily": "unix", "description": "USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for XML-RPC for C and C++.\n\nOriginal advisory details:\n\nJukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. (CVE-2009-2625, CVE-2009-3720)\n\nIt was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. (CVE-2009-3560)", "modified": "2010-02-18T00:00:00", "published": "2010-02-18T00:00:00", "id": "USN-890-5", "href": "https://usn.ubuntu.com/890-5/", "title": "XML-RPC for C and C++ vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:22:59", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1977-1 security@debian.org\nhttp://www.debian.org/security/ Giuseppe Iuculano\nJanuary 25, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackages : python2.4 python2.5\nVulnerability : several vulnerabilities\nProblem type : local (remote)\nDebian-specific: no\nCVE Id : CVE-2008-2316 CVE-2009-3560 CVE-2009-3720\nDebian Bug : 493797 560912 560913\n\n\nJukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that the embedded Expat copy\nin the interpreter for the Python language, does not properly process malformed or\ncrafted XML files. (CVE-2009-3560 CVE-2009-3720)\nThis vulnerability could allow an attacker to cause a denial of service while parsing\na malformed XML file.\n\nIn addition, this update fixes an integer overflow in the hashlib module in python2.5.\nThis vulnerability could allow an attacker to defeat cryptographic digests. (CVE-2008-2316)\nIt only affects the oldstable distribution (etch).\n\n\nFor the oldstable distribution (etch), these problems have been fixed in\nversion 2.4.4-3+etch3 for python2.4 and version 2.5-5+etch2 for python2.5.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.4.6-1+lenny1 for python2.4 and version 2.5.2-15+lenny1 for python2.5.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.5.4-3.1 for python2.5, and will migrate to the testing distribution (squeeze)\nshortly.\npython2.4 has been removed from the testing distribution (squeeze), and it will\nbe removed from the unstable distribution soon.\n\n\nWe recommend that you upgrade your python packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian (oldstable)\n- ------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch2.dsc\n Size/MD5 checksum: 1313 61c8f540d768731518e649f759ad1500\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch3.dsc\n Size/MD5 checksum: 1210 647efe66b35aa00c2f0416e41920fdf8\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4.orig.tar.gz\n Size/MD5 checksum: 9508940 f74ef9de91918f8927e75e8c3024263a\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch3.diff.gz\n Size/MD5 checksum: 207460 c9b1b80a1aae12db910e353dab5cd0fb\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch2.diff.gz\n Size/MD5 checksum: 271887 2d1944512d0eaa925a4a158b2c3a5845\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.orig.tar.gz\n Size/MD5 checksum: 11010528 2ce301134620012ad6dafb27bbcab7eb\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/p/python2.5/idle-python2.5_2.5-5+etch2_all.deb\n Size/MD5 checksum: 62226 9de6fad0cf4c106d77c4189ecf3f0fab\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-examples_2.4.4-3+etch3_all.deb\n Size/MD5 checksum: 589766 e33c071f8e1864e1c5a63d2e39f21d2f\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-examples_2.5-5+etch2_all.deb\n Size/MD5 checksum: 645704 8732b224b59cd6488596117d074831f9\n http://security.debian.org/pool/updates/main/p/python2.4/idle-python2.4_2.4.4-3+etch3_all.deb\n Size/MD5 checksum: 60154 8ac06e4c9ad4c1830ee90ece429690fe\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch3_alpha.deb\n Size/MD5 checksum: 2943634 e5ab4789b18f9ac953b6b101ec897616\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch2_alpha.deb\n Size/MD5 checksum: 6082828 772c99f5e8dc4e7c9306ba4a61837565\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch3_alpha.deb\n Size/MD5 checksum: 1850092 a19fd86a326d42a31ed75d1f1272d94c\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch2_alpha.deb\n Size/MD5 checksum: 849306 6c7cfd716177bc3677729ef27cd533ff\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch3_alpha.deb\n Size/MD5 checksum: 5248986 20d666649174384d0533b25edfbc6f03\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch2_alpha.deb\n Size/MD5 checksum: 2065970 6bdae572cabf8df46b207f75d2183466\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch3_alpha.deb\n Size/MD5 checksum: 964360 1af19c98fcf6c45530245c70189b221e\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch2_alpha.deb\n Size/MD5 checksum: 3597172 1a2766b7f3936ec996231a772b01fbcc\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch3_amd64.deb\n Size/MD5 checksum: 965684 d3bd2cd13ef83f7fba2d708fab3086ea\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch2_amd64.deb\n Size/MD5 checksum: 6434970 da2852f1c67cf014d657c4f4084e779b\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch2_amd64.deb\n Size/MD5 checksum: 849554 6e61f418e4a10c29e0f281d33e44d461\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch2_amd64.deb\n Size/MD5 checksum: 3551970 c9ae94fbae38d21fe1a6beba77715845\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch3_amd64.deb\n Size/MD5 checksum: 5591082 e8192ae1a5cbfa164173153cb2bf717b\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch2_amd64.deb\n Size/MD5 checksum: 1805316 331781e25b5ccb09edaf2c960baf6e5e\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch3_amd64.deb\n Size/MD5 checksum: 1637090 70903f2488746ddfa51f292f6700c7ff\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch3_amd64.deb\n Size/MD5 checksum: 2939260 0785da419764687ade6bdb8f7515b2ff\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch2_arm.deb\n Size/MD5 checksum: 1655380 256686aa24be93811859273d08958da7\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch3_arm.deb\n Size/MD5 checksum: 902370 d960fa1178cf95a08dafe3cb89558cc7\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch2_arm.deb\n Size/MD5 checksum: 3442402 609d505bd9e57701e1280f2d0f068c5d\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch3_arm.deb\n Size/MD5 checksum: 2882624 8bf48290e767ab5fa9931601e87b5487\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch2_arm.deb\n Size/MD5 checksum: 6025756 a9c9db5794d963bdc1459139c00cf24b\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch3_arm.deb\n Size/MD5 checksum: 1502438 56b8a358ccba6e9ccd9b8982dc60b17b\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch2_arm.deb\n Size/MD5 checksum: 782066 13d4b6bbe6455ceba144d052a035b149\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch3_arm.deb\n Size/MD5 checksum: 5362998 4e1752318250b85a9d3c21f8208ed203\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch2_i386.deb\n Size/MD5 checksum: 3485076 9101b64a6cb48cf6291fc87942b55d4d\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch2_i386.deb\n Size/MD5 checksum: 6008832 8b1713968b57cc2893ed0d06d8e7a846\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch2_i386.deb\n Size/MD5 checksum: 1678912 31d78c6b03be55424756c653239d008d\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch3_i386.deb\n Size/MD5 checksum: 5197092 623838e1ad458d956ce864b78604c0e7\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch3_i386.deb\n Size/MD5 checksum: 1514902 dc1c60d8a656276df4153811555ac799\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch3_i386.deb\n Size/MD5 checksum: 2885706 fce2c69021a80786d1b1c2d83f2d7ac8\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch2_i386.deb\n Size/MD5 checksum: 785708 561f5fe2c20f9f39f49c8d70957e1f45\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch3_i386.deb\n Size/MD5 checksum: 903530 59a20bf71f5e9c4875695c39c87466da\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch2_ia64.deb\n Size/MD5 checksum: 4038134 76dd84e871b73003d595d839e4bdabc3\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch3_ia64.deb\n Size/MD5 checksum: 3373280 5bba36ca636edd8ba47bc74006d80480\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch2_ia64.deb\n Size/MD5 checksum: 1176148 6a3cc67c4c69b2e1676aeb2ca8043413\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch3_ia64.deb\n Size/MD5 checksum: 6070104 97b5ac1430d4c1aff35315612dea093c\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch3_ia64.deb\n Size/MD5 checksum: 1290486 49cf2c17e9ccf5145714ee1e7cbeb654\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch2_ia64.deb\n Size/MD5 checksum: 2477314 e618b7295a1f8d962f0eaba38b27501c\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch3_ia64.deb\n Size/MD5 checksum: 2271840 e38a6bb3d779759b0b154c991cca4fde\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch2_ia64.deb\n Size/MD5 checksum: 6967362 2f2f314f113a48f887f3d2d775680724\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch3_mips.deb\n Size/MD5 checksum: 1723480 bd7bfe33b5761aa79aa2e243aa62e8a7\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch2_mips.deb\n Size/MD5 checksum: 6337432 f1ce618e5140860dc0d3022f821fa1c6\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch2_mips.deb\n Size/MD5 checksum: 1904704 77f49f4a3fa95a1d3d856e7fd3e11a0a\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch3_mips.deb\n Size/MD5 checksum: 2875352 f9498cbfcda84e21482a7cf623785dae\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch3_mips.deb\n Size/MD5 checksum: 5655674 05f07a559ae9b5bd412d6c5f9fc9f286\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch2_mips.deb\n Size/MD5 checksum: 3450444 122623d3f1399c79aaeff311bb3e34dd\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch2_mips.deb\n Size/MD5 checksum: 818604 742d631edc9ecdce640a7ffd8d0f6ef2\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch3_mips.deb\n Size/MD5 checksum: 954894 5ea47afca74de332e11abcc5aa688b0a\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch2_mipsel.deb\n Size/MD5 checksum: 1896728 4df58fc3a78d290eb2e401e752eeae24\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch2_mipsel.deb\n Size/MD5 checksum: 6342276 3a0167019bd0069d93f867e5561bd6cf\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch3_mipsel.deb\n Size/MD5 checksum: 1718110 2bcd6dd1d353e6035e3afa31cca65881\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch3_mipsel.deb\n Size/MD5 checksum: 2864570 b1a9fb3d9606df3a7f37d3d11a14f10b\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch3_mipsel.deb\n Size/MD5 checksum: 939928 fd5fe4d4b52c6f90e9b3da52c3714faf\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch2_mipsel.deb\n Size/MD5 checksum: 817926 2e0285918fcc7f050efa3f8efd1788e0\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch2_mipsel.deb\n Size/MD5 checksum: 3456696 213be08c9bbd883a0394ba39f28e9544\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch3_mipsel.deb\n Size/MD5 checksum: 5516890 2a7b3cbaaa3fb76cc7e94859984c7785\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch3_powerpc.deb\n Size/MD5 checksum: 5786916 e37ffa455e7bc1eb19327ff25c19376c\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch2_powerpc.deb\n Size/MD5 checksum: 6642592 f78a6568fb128e1d8ae48c654d89499f\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch2_powerpc.deb\n Size/MD5 checksum: 1813020 02f2fb5da0c0e7cba4e2c5665e88f4fb\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch3_powerpc.deb\n Size/MD5 checksum: 2991518 d786aa3b58f5cd785ebd319671dd3acd\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch3_powerpc.deb\n Size/MD5 checksum: 1645882 534d8cd58faa21efb25853ccca534293\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch2_powerpc.deb\n Size/MD5 checksum: 846488 40e0e5bfc7bf7a2dc687e96b0fa9831f\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch3_powerpc.deb\n Size/MD5 checksum: 980796 d72fc72f7346f662b903625fb37aa1cf\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch2_powerpc.deb\n Size/MD5 checksum: 3630856 0b23afe5a9158d5fae7d7967412fb119\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch2_s390.deb\n Size/MD5 checksum: 6537036 3075cff6065832ede38103d6e561cbff\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch3_s390.deb\n Size/MD5 checksum: 2977350 17af373f0ccc82bcbd104c9f7084ab19\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch2_s390.deb\n Size/MD5 checksum: 3615022 a7c7bb200b84e73d869e116153176d25\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch2_s390.deb\n Size/MD5 checksum: 1816954 8799735a759a9ee23632b73e849cb011\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch2_s390.deb\n Size/MD5 checksum: 841270 41f0eef8a48bed39dc9c326ab8f34fa4\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch3_s390.deb\n Size/MD5 checksum: 1648348 38fea8dbdf766d07e95c0bde5b567083\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch3_s390.deb\n Size/MD5 checksum: 5678022 79305cf65518300cd7003bb596c5bf6a\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch3_s390.deb\n Size/MD5 checksum: 975012 af2f7377a18fc4a1ad318c281cccc730\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch3_sparc.deb\n Size/MD5 checksum: 1588872 ccffec900733310a3ea11aacf1e0e17a\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch3_sparc.deb\n Size/MD5 checksum: 5199220 54ffa80a0721b4ed29f3a51585f0ed8d\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch3_sparc.deb\n Size/MD5 checksum: 2900078 b0faca3235b7692ddbd570ea5f268f43\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch2_sparc.deb\n Size/MD5 checksum: 6014384 b215653b90622537700a136c712e0828\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch2_sparc.deb\n Size/MD5 checksum: 1762044 adc4c438a5d8a29a5567e895cf131caa\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch3_sparc.deb\n Size/MD5 checksum: 917636 2ce661d9e384b38f77ab6bb227ed7f2e\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch2_sparc.deb\n Size/MD5 checksum: 780110 fd9f9f81c486d6d51046ea0eae69faab\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch2_sparc.deb\n Size/MD5 checksum: 3531520 145f0d4c585c826fe288712198143dd0\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.2-15+lenny1.diff.gz\n Size/MD5 checksum: 259402 0e938435302fecede43e1bae39fadec0\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.6-1+lenny1.dsc\n Size/MD5 checksum: 1635 d834b90d21b73518ccccb726f18f05c3\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.6-1+lenny1.diff.gz\n Size/MD5 checksum: 227322 f71561ec858f0e70c4c4a3170b70d825\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.6.orig.tar.gz\n Size/MD5 checksum: 9594954 1f81e15ea22838260d5c094d31107443\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.2.orig.tar.gz\n Size/MD5 checksum: 11577883 87619e5bf07b3506fec639b7e4d86215\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.2-15+lenny1.dsc\n Size/MD5 checksum: 1843 aba282dff875feff56c253b049599973\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-examples_2.4.6-1+lenny1_all.deb\n Size/MD5 checksum: 592970 acd6acbc49867555f82a0973d3ea3634\n http://security.debian.org/pool/updates/main/p/python2.4/idle-python2.4_2.4.6-1+lenny1_all.deb\n Size/MD5 checksum: 62960 3ab8888a4f25fc99665468e1b9b6a532\n http://security.debian.org/pool/updates/main/p/python2.5/idle-python2.5_2.5.2-15+lenny1_all.deb\n Size/MD5 checksum: 67614 ab990a7d6b2e5551c2d2f4142adde757\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-examples_2.5.2-15+lenny1_all.deb\n Size/MD5 checksum: 650540 c7f2447d4ec76295ca1ed34b042c4fcd\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.6-1+lenny1_alpha.deb\n Size/MD5 checksum: 1050432 a3555e82a3a091d160243cabb623a3ec\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.6-1+lenny1_alpha.deb\n Size/MD5 checksum: 2910548 51830e53b229b5cb6ebbd4d18d9f2cdd\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5.2-15+lenny1_alpha.deb\n Size/MD5 checksum: 2279724 4e9d740c20e2d3053706d917448d8d84\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.2-15+lenny1_alpha.deb\n Size/MD5 checksum: 3004756 912a328ed9cbc0d086e733150a039264\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5.2-15+lenny1_alpha.deb\n Size/MD5 checksum: 1269576 90dfe865505acea89c3313892deff54d\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.6-1+lenny1_alpha.deb\n Size/MD5 checksum: 1819224 9af404dbfeed376e5426fbd271cd26d2\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.6-1+lenny1_alpha.deb\n Size/MD5 checksum: 6696030 912c974cf9fd308214629caba35390c4\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5.2-15+lenny1_alpha.deb\n Size/MD5 checksum: 7759692 a7e36a5a7a24b4da165935769c757a4c\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.2-15+lenny1_amd64.deb\n Size/MD5 checksum: 3039300 2b9b5642900fa36a55acfac804b82595\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5.2-15+lenny1_amd64.deb\n Size/MD5 checksum: 2055518 a13f31e577bf717941eaa1fe7c822014\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5.2-15+lenny1_amd64.deb\n Size/MD5 checksum: 8068080 21cfeef43821361980ffb8e882dd8b4c\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.6-1+lenny1_amd64.deb\n Size/MD5 checksum: 1636016 fd6df56a5558393fd77d6a25c7e1908c\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5.2-15+lenny1_amd64.deb\n Size/MD5 checksum: 1287394 8a5f537e60f66b0fc6ffb9ba7232a79b\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.6-1+lenny1_amd64.deb\n Size/MD5 checksum: 2922170 c6e0d8454496dd77ef95eb67c8fa1fa6\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.6-1+lenny1_amd64.deb\n Size/MD5 checksum: 1059556 76df9392d4aaec7603360bd825d952ec\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.6-1+lenny1_amd64.deb\n Size/MD5 checksum: 7007634 0f265715d8a8438b1986db8248a0e770\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.6-1+lenny1_arm.deb\n Size/MD5 checksum: 1480810 2ecf375fefba0aadc6c9072ae094f705\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.6-1+lenny1_arm.deb\n Size/MD5 checksum: 986362 99d2766a01407f95b9efa15b468cf2ae\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.6-1+lenny1_arm.deb\n Size/MD5 checksum: 6697802 2e708c97d70e1c078860f2c7ab66c4cf\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.6-1+lenny1_arm.deb\n Size/MD5 checksum: 2822456 b3cf69fbc7ae3088bcf67262c0e0f432\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5.2-15+lenny1_armel.deb\n Size/MD5 checksum: 1205000 2a66a44ebfec6c98b2c335094b0c51df\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5.2-15+lenny1_armel.deb\n Size/MD5 checksum: 1887542 c8b467dd68d1c7456509106ab3298079\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.6-1+lenny1_armel.deb\n Size/MD5 checksum: 1492458 a288cf1fa071c4fe29ab4ac772427658\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5.2-15+lenny1_armel.deb\n Size/MD5 checksum: 7792122 ee1b6456605a7a1711435286d7e6df73\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.2-15+lenny1_armel.deb\n Size/MD5 checksum: 2928626 a85b6da900a3e8251fa82325ea893f4d\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.6-1+lenny1_armel.deb\n Size/MD5 checksum: 2835812 fc9540635bdcc297e0fccb1247310036\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.6-1+lenny1_armel.deb\n Size/MD5 checksum: 995444 071400e211bfbfdad4ecfa6c5a0f60e4\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.6-1+lenny1_armel.deb\n Size/MD5 checksum: 6732668 597c750f1a4a89ea80415af74d931415\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.6-1+lenny1_hppa.deb\n Size/MD5 checksum: 3017194 f66327933f5e2eb35677d3f793ea8801\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.6-1+lenny1_hppa.deb\n Size/MD5 checksum: 1106842 e6a617a0cc026b0c6ec46296fba43217\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.2-15+lenny1_hppa.deb\n Size/MD5 checksum: 3130332 0c85f437af2a39375077950c39233dc1\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5.2-15+lenny1_hppa.deb\n Size/MD5 checksum: 1315812 439ff8b6fa303136f0d700be8e5e3b30\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.6-1+lenny1_hppa.deb\n Size/MD5 checksum: 1761126 519e3250afed9ea0d336460876581abb\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5.2-15+lenny1_hppa.deb\n Size/MD5 checksum: 2182678 471626860250b451545c17dc20e395f0\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5.2-15+lenny1_hppa.deb\n Size/MD5 checksum: 8165218 0543661a55ad63a94e105d8e1d8c6e06\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.6-1+lenny1_hppa.deb\n Size/MD5 checksum: 7121930 00ba160ff835ff1bac27b63e24c06dcd\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5.2-15+lenny1_i386.deb\n Size/MD5 checksum: 7445210 32de30f9d05aacf490d0fca9230ce2d6\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.6-1+lenny1_i386.deb\n Size/MD5 checksum: 6473440 8a63d0afe4d8a9bfb231029653386ac7\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.6-1+lenny1_i386.deb\n Size/MD5 checksum: 2840966 2857bbbf61e0d7105748d5f7d998ecc9\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5.2-15+lenny1_i386.deb\n Size/MD5 checksum: 1901642 ec501a14e3e055521a32be209bfd6065\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.6-1+lenny1_i386.deb\n Size/MD5 checksum: 1500408 577f7604a1bcb169382eb2b04ffc3da4\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.6-1+lenny1_i386.deb\n Size/MD5 checksum: 1001110 dc8aabc3ad985885ba6697ad9005b114\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5.2-15+lenny1_i386.deb\n Size/MD5 checksum: 1204582 2e66c60a24e246e68fefab4130646f76\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.2-15+lenny1_i386.deb\n Size/MD5 checksum: 2920660 82e39326a721a8a6d951d18d9a51f329\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.6-1+lenny1_ia64.deb\n Size/MD5 checksum: 1376448 80fe6b180ac7e11b888b5049fb7c200a\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.6-1+lenny1_ia64.deb\n Size/MD5 checksum: 3347132 f0ff949c6bfbafab1b17538387529e4f\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.6-1+lenny1_ia64.deb\n Size/MD5 checksum: 7726782 260d8142521faefac9886240b2ed0083\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5.2-15+lenny1_ia64.deb\n Size/MD5 checksum: 2725178 fed42f3c7e41715130ead410b865d64a\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5.2-15+lenny1_ia64.deb\n Size/MD5 checksum: 8825378 0342996e5191c4991ce050c9cb75c482\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5.2-15+lenny1_ia64.deb\n Size/MD5 checksum: 1590804 bc9116980b071a5028da79952d5bdaec\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.2-15+lenny1_ia64.deb\n Size/MD5 checksum: 3497066 f1124e07480912f3bd5f1d38e0c5b50b\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.6-1+lenny1_ia64.deb\n Size/MD5 checksum: 2265086 d877a5f62399ad16d615bfe84efc6958\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.6-1+lenny1_mips.deb\n Size/MD5 checksum: 2825196 e7fdd0f860936344b1db20ec910b5a6d\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5.2-15+lenny1_mips.deb\n Size/MD5 checksum: 8118598 cf5f26a093da554ba2006403191dc196\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5.2-15+lenny1_mips.deb\n Size/MD5 checksum: 1213396 6f37980e41c652ff5b5c7dc1481054dc\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.6-1+lenny1_mips.deb\n Size/MD5 checksum: 1017270 4e5efaf44070880e885d03ce3d8f18d1\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5.2-15+lenny1_mips.deb\n Size/MD5 checksum: 2118146 46f731536d1b5ee504300666511d03d3\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.6-1+lenny1_mips.deb\n Size/MD5 checksum: 1691808 b6a26f0c8bdf22a3f94af26973c26674\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.2-15+lenny1_mips.deb\n Size/MD5 checksum: 2912552 06db484cfe9a64b27c79241b96bfc50a\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.6-1+lenny1_mips.deb\n Size/MD5 checksum: 7074470 262210b781915863e28b48d524a896d4\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.6-1+lenny1_mipsel.deb\n Size/MD5 checksum: 2812542 c42d3f59416e7c7f06cbcf0024016f87\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5.2-15+lenny1_mipsel.deb\n Size/MD5 checksum: 7923970 502614937e856fae885f6803e4a8d574\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.2-15+lenny1_mipsel.deb\n Size/MD5 checksum: 2896108 64b764fc113477e721ecc8bab5948056\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.6-1+lenny1_mipsel.deb\n Size/MD5 checksum: 999792 1acf03a8c0c35d51b374cd54a1de2858\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5.2-15+lenny1_mipsel.deb\n Size/MD5 checksum: 2107492 9047d86dfe0f239ab956dfb012516012\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.6-1+lenny1_mipsel.deb\n Size/MD5 checksum: 1684612 102993c227864cb2c7995b94c8e2fefa\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.6-1+lenny1_mipsel.deb\n Size/MD5 checksum: 6908834 6bfbb087f446a55f6d0d9119543297bf\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5.2-15+lenny1_mipsel.deb\n Size/MD5 checksum: 1194642 f18516da63d233aa47fdeb7746bafc95\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.6-1+lenny1_powerpc.deb\n Size/MD5 checksum: 2986222 799ec8f7de6aecca791c647a1b11c1b6\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.6-1+lenny1_powerpc.deb\n Size/MD5 checksum: 1089018 e19ba2f01191433ce98349cbd257f7ed\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.2-15+lenny1_powerpc.deb\n Size/MD5 checksum: 3089072 e5b245422aa5b5a0c0291de83cece484\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5.2-15+lenny1_powerpc.deb\n Size/MD5 checksum: 2033524 1c517d2a0332a2ee9f652fb1e55bb86a\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.6-1+lenny1_powerpc.deb\n Size/MD5 checksum: 7354102 2187dbbc1f7c64f68cf18e5e8f42bc43\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5.2-15+lenny1_powerpc.deb\n Size/MD5 checksum: 1301040 aab8a0928d1cec5e5898476d19ee715e\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.6-1+lenny1_powerpc.deb\n Size/MD5 checksum: 1627266 c9918cec15d37f26afaee334652a9de8\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5.2-15+lenny1_powerpc.deb\n Size/MD5 checksum: 8430770 8a0e02c268114e7cb68f0661516285c3\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5.2-15+lenny1_s390.deb\n Size/MD5 checksum: 8402520 ea0e47c8576e21dd542da73ba1fde81a\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.6-1+lenny1_s390.deb\n Size/MD5 checksum: 1626056 41a00b0cc87c6de55347a8db2a571615\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.6-1+lenny1_s390.deb\n Size/MD5 checksum: 2939446 14373109b13f038f25407964e3b0d703\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.2-15+lenny1_s390.deb\n Size/MD5 checksum: 3038576 d39a4da52be24fe42660b1b637a025b0\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5.2-15+lenny1_s390.deb\n Size/MD5 checksum: 2036472 aa1cb9006184b83e0367838c55350ad9\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.6-1+lenny1_s390.deb\n Size/MD5 checksum: 1058012 dd7e4bbb0f382f72da55bb5936f1ef15\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5.2-15+lenny1_s390.deb\n Size/MD5 checksum: 1262296 3ebbcd77b1b29826a036db531615217a\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.6-1+lenny1_s390.deb\n Size/MD5 checksum: 7325942 3668bd0d8b076fb6e0a37ba3fe0cc8eb\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2010-01-25T22:01:37", "published": "2010-01-25T22:01:37", "id": "DEBIAN:DSA-1977-1:4A5F0", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00013.html", "title": "[SECURITY] [DSA-1977-1] New python packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}