Mandriva Update for mmc-wizard MDVA-2010:096-1 (mmc-wizard)
2010-03-12T00:00:00
ID OPENVAS:830947 Type openvas Reporter Copyright (c) 2010 Greenbone Networks GmbH Modified 2017-12-21T00:00:00
Description
Check for the Version of mmc-wizard
###############################################################################
# OpenVAS Vulnerability Test
#
# Mandriva Update for mmc-wizard MDVA-2010:096-1 (mmc-wizard)
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "Revert third party integration for now as some issues were discovered.
Update:
The mmc-wizard-1.0-13.10mdvmes5 update packages brought new
unresolved dependencies which prevented it from installing using
MandrivaUpdate. This advisory resolves this problem by providing the
missing packages.";
tag_affected = "mmc-wizard on Mandriva Enterprise Server 5,
Mandriva Enterprise Server 5/X86_64";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_xref(name : "URL" , value : "http://lists.mandriva.com/security-announce/2010-03/msg00019.php");
script_id(830947);
script_version("$Revision: 8205 $");
script_cve_id("CVE-2009-0146", "CVE-2009-0147", "CVE-2009-0166", "CVE-2009-0195",
"CVE-2009-1284", "CVE-2009-3608", "CVE-2010-0827", "CVE-2010-0829",
"CVE-2010-0739", "CVE-2010-1440");
script_tag(name:"last_modification", value:"$Date: 2017-12-21 07:30:37 +0100 (Thu, 21 Dec 2017) $");
script_tag(name:"creation_date", value:"2010-03-12 17:02:32 +0100 (Fri, 12 Mar 2010)");
script_tag(name:"cvss_base", value:"9.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_xref(name: "MDVA", value: "2010:096-1");
script_name("Mandriva Update for mmc-wizard MDVA-2010:096-1 (mmc-wizard)");
script_tag(name: "summary" , value: "Check for the Version of mmc-wizard");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
script_family("Mandrake Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mandriva_mandrake_linux", "ssh/login/release");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "MNDK_mes5")
{
if ((res = isrpmvuln(pkg:"libcap2", rpm:"libcap2~2.10~1.1mdvmes5", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libcap-devel", rpm:"libcap-devel~2.10~1.1mdvmes5", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libcap-utils", rpm:"libcap-utils~2.10~1.1mdvmes5", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"pam_cap", rpm:"pam_cap~2.10~1.1mdvmes5", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php-pear-Console_ProgressBar", rpm:"php-pear-Console_ProgressBar~0.2~10.1mdvmes5", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php-pear-HTTP_Request", rpm:"php-pear-HTTP_Request~1.4.3~1.1mdvmes5", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php-pear-Net_URL", rpm:"php-pear-Net_URL~1.0.15~1.1mdvmes5", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libcap", rpm:"libcap~2.10~1.1mdvmes2009.0", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64cap2", rpm:"lib64cap2~2.10~1.1mdvmes5", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64cap-devel", rpm:"lib64cap-devel~2.10~1.1mdvmes5", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
{"id": "OPENVAS:830947", "type": "openvas", "bulletinFamily": "scanner", "title": "Mandriva Update for mmc-wizard MDVA-2010:096-1 (mmc-wizard)", "description": "Check for the Version of mmc-wizard", "published": "2010-03-12T00:00:00", "modified": "2017-12-21T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=830947", "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "references": ["2010:096-1", "http://lists.mandriva.com/security-announce/2010-03/msg00019.php"], "cvelist": ["CVE-2009-3608", "CVE-2009-0195", "CVE-2010-0829", "CVE-2010-1440", "CVE-2010-0827", "CVE-2009-0166", "CVE-2009-0147", "CVE-2010-0739", "CVE-2009-0146", "CVE-2009-1284"], "lastseen": "2017-12-21T11:32:39", "viewCount": 0, "enchantments": {"score": {"value": 6.2, "vector": "NONE", "modified": "2017-12-21T11:32:39", "rev": 2}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:861970", "OPENVAS:831037", "OPENVAS:830925", "OPENVAS:830923", "OPENVAS:1361412562310830947", "OPENVAS:1361412562310861970", "OPENVAS:1361412562310830923", "OPENVAS:1361412562310830925", "OPENVAS:1361412562310831037", "OPENVAS:1361412562310840430"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2010-0400.NASL", "SUSE_11_2_TEXLIVE-100504.NASL", "SUSE_11_TEXLIVE-100504.NASL", "GENTOO_GLSA-201206-28.NASL", "UBUNTU_USN-937-1.NASL", "SUSE_TE_AMS-7020.NASL", "SUSE_11_0_TEXLIVE-100503.NASL", "SUSE_11_1_TEXLIVE-100503.NASL", "MANDRIVA_MDVSA-2010-094.NASL", "SL_20100506_TETEX_ON_SL5_X.NASL"]}, {"type": "fedora", "idList": ["FEDORA:280C5110805", "FEDORA:A440F1114E9", "FEDORA:DB73D110819"]}, {"type": "cve", "idList": ["CVE-2009-0146", "CVE-2010-1440", "CVE-2010-0739", "CVE-2009-0147", "CVE-2010-0829", "CVE-2009-0195", "CVE-2009-3608", "CVE-2009-1284", "CVE-2009-0166", "CVE-2010-0827"]}, {"type": "ubuntu", "idList": ["USN-973-1", "USN-937-1"]}, {"type": "gentoo", "idList": ["GLSA-201206-28", "GLSA-200904-20"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9855", "SECURITYVULNS:DOC:23813", "SECURITYVULNS:VULN:10824", "SECURITYVULNS:DOC:21696"]}, {"type": "centos", "idList": ["CESA-2010:0401", "CESA-2010:0400", "CESA-2010:0399"]}, {"type": "redhat", "idList": ["RHSA-2010:0399", "RHSA-2010:0400", "RHSA-2010:0401"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0400", "ELSA-2010-0399"]}, {"type": "slackware", "idList": ["SSA-2009-116-01"]}, {"type": "freebsd", "idList": ["736E55BC-39BB-11DE-A493-001B77D09812"]}], "modified": "2017-12-21T11:32:39", "rev": 2}, "vulnersScore": 6.2}, "pluginID": "830947", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for mmc-wizard MDVA-2010:096-1 (mmc-wizard)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Revert third party integration for now as some issues were discovered.\n\n Update:\n \n The mmc-wizard-1.0-13.10mdvmes5 update packages brought new\n unresolved dependencies which prevented it from installing using\n MandrivaUpdate. This advisory resolves this problem by providing the\n missing packages.\";\n\ntag_affected = \"mmc-wizard on Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-03/msg00019.php\");\n script_id(830947);\n script_version(\"$Revision: 8205 $\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0195\",\n \"CVE-2009-1284\", \"CVE-2009-3608\", \"CVE-2010-0827\", \"CVE-2010-0829\",\n \"CVE-2010-0739\", \"CVE-2010-1440\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 07:30:37 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-12 17:02:32 +0100 (Fri, 12 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVA\", value: \"2010:096-1\");\n script_name(\"Mandriva Update for mmc-wizard MDVA-2010:096-1 (mmc-wizard)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mmc-wizard\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libcap2\", rpm:\"libcap2~2.10~1.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcap-devel\", rpm:\"libcap-devel~2.10~1.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcap-utils\", rpm:\"libcap-utils~2.10~1.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pam_cap\", rpm:\"pam_cap~2.10~1.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Console_ProgressBar\", rpm:\"php-pear-Console_ProgressBar~0.2~10.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-HTTP_Request\", rpm:\"php-pear-HTTP_Request~1.4.3~1.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Net_URL\", rpm:\"php-pear-Net_URL~1.0.15~1.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcap\", rpm:\"libcap~2.10~1.1mdvmes2009.0\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cap2\", rpm:\"lib64cap2~2.10~1.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cap-devel\", rpm:\"lib64cap-devel~2.10~1.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "Mandrake Local Security Checks"}
{"openvas": [{"lastseen": "2018-01-19T15:04:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3608", "CVE-2009-0195", "CVE-2010-0829", "CVE-2010-1440", "CVE-2010-0827", "CVE-2009-0166", "CVE-2009-0147", "CVE-2010-0739", "CVE-2009-0146", "CVE-2009-1284"], "description": "Check for the Version of mmc-wizard", "modified": "2018-01-19T00:00:00", "published": "2010-03-12T00:00:00", "id": "OPENVAS:1361412562310830947", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830947", "type": "openvas", "title": "Mandriva Update for mmc-wizard MDVA-2010:096-1 (mmc-wizard)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for mmc-wizard MDVA-2010:096-1 (mmc-wizard)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Revert third party integration for now as some issues were discovered.\n\n Update:\n \n The mmc-wizard-1.0-13.10mdvmes5 update packages brought new\n unresolved dependencies which prevented it from installing using\n MandrivaUpdate. This advisory resolves this problem by providing the\n missing packages.\";\n\ntag_affected = \"mmc-wizard on Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-03/msg00019.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830947\");\n script_version(\"$Revision: 8469 $\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0195\",\n \"CVE-2009-1284\", \"CVE-2009-3608\", \"CVE-2010-0827\", \"CVE-2010-0829\",\n \"CVE-2010-0739\", \"CVE-2010-1440\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-19 08:58:21 +0100 (Fri, 19 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-12 17:02:32 +0100 (Fri, 12 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVA\", value: \"2010:096-1\");\n script_name(\"Mandriva Update for mmc-wizard MDVA-2010:096-1 (mmc-wizard)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mmc-wizard\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libcap2\", rpm:\"libcap2~2.10~1.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcap-devel\", rpm:\"libcap-devel~2.10~1.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcap-utils\", rpm:\"libcap-utils~2.10~1.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pam_cap\", rpm:\"pam_cap~2.10~1.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Console_ProgressBar\", rpm:\"php-pear-Console_ProgressBar~0.2~10.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-HTTP_Request\", rpm:\"php-pear-HTTP_Request~1.4.3~1.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear-Net_URL\", rpm:\"php-pear-Net_URL~1.0.15~1.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcap\", rpm:\"libcap~2.10~1.1mdvmes2009.0\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cap2\", rpm:\"lib64cap2~2.10~1.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cap-devel\", rpm:\"lib64cap-devel~2.10~1.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-18T10:57:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3608", "CVE-2009-0195", "CVE-2010-0829", "CVE-2010-1440", "CVE-2010-0827", "CVE-2009-0166", "CVE-2009-0147", "CVE-2010-0739", "CVE-2009-0146", "CVE-2009-1284"], "description": "Check for the Version of mmc-wizard", "modified": "2017-12-18T00:00:00", "published": "2010-03-12T00:00:00", "id": "OPENVAS:830925", "href": "http://plugins.openvas.org/nasl.php?oid=830925", "type": "openvas", "title": "Mandriva Update for mmc-wizard MDVA-2010:096 (mmc-wizard)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for mmc-wizard MDVA-2010:096 (mmc-wizard)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mmc-wizard on Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\ntag_insight = \"Revert third party integration for now as some issues were discovered.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-03/msg00014.php\");\n script_id(830925);\n script_version(\"$Revision: 8153 $\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0195\",\n \"CVE-2009-1284\", \"CVE-2009-3608\", \"CVE-2010-0827\", \"CVE-2010-0829\",\n \"CVE-2010-0739\", \"CVE-2010-1440\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-18 07:30:39 +0100 (Mon, 18 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-12 17:02:32 +0100 (Fri, 12 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVA\", value: \"2010:096\");\n script_name(\"Mandriva Update for mmc-wizard MDVA-2010:096 (mmc-wizard)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mmc-wizard\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"mmc-wizard\", rpm:\"mmc-wizard~1.0~13.10mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-08T12:53:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3608", "CVE-2009-0195", "CVE-2010-0829", "CVE-2010-1440", "CVE-2010-0827", "CVE-2009-0166", "CVE-2009-0147", "CVE-2010-0739", "CVE-2009-0146", "CVE-2009-1284"], "description": "Check for the Version of mmc-wizard", "modified": "2018-01-08T00:00:00", "published": "2010-03-12T00:00:00", "id": "OPENVAS:1361412562310830925", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830925", "type": "openvas", "title": "Mandriva Update for mmc-wizard MDVA-2010:096 (mmc-wizard)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for mmc-wizard MDVA-2010:096 (mmc-wizard)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mmc-wizard on Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\ntag_insight = \"Revert third party integration for now as some issues were discovered.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-03/msg00014.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830925\");\n script_version(\"$Revision: 8314 $\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0195\",\n \"CVE-2009-1284\", \"CVE-2009-3608\", \"CVE-2010-0827\", \"CVE-2010-0829\",\n \"CVE-2010-0739\", \"CVE-2010-1440\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 09:01:01 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-12 17:02:32 +0100 (Fri, 12 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVA\", value: \"2010:096\");\n script_name(\"Mandriva Update for mmc-wizard MDVA-2010:096 (mmc-wizard)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mmc-wizard\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"mmc-wizard\", rpm:\"mmc-wizard~1.0~13.10mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3608", "CVE-2010-0829", "CVE-2010-1440", "CVE-2010-0827", "CVE-2010-0739", "CVE-2009-1284"], "description": "Check for the Version of tetex", "modified": "2017-12-25T00:00:00", "published": "2010-05-17T00:00:00", "id": "OPENVAS:831037", "href": "http://plugins.openvas.org/nasl.php?oid=831037", "type": "openvas", "title": "Mandriva Update for tetex MDVSA-2010:094 (tetex)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for tetex MDVSA-2010:094 (tetex)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been discovered and fixed in tetex:\n\n Buffer overflow in BibTeX 0.99 allows context-dependent attackers to\n cause a denial of service (memory corruption and crash) via a long\n .bib bibliography file (CVE-2009-1284).\n \n Integer overflow in the ObjectStream::ObjectStream function in XRef.cc\n in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in\n GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote\n attackers to execute arbitrary code via a crafted PDF document that\n triggers a heap-based buffer overflow (CVE-2009-3608).\n \n Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX,\n allows remote attackers to cause a denial of service (application\n crash) or possibly execute arbitrary code via a crafted virtual font\n (VF) file associated with a DVI file (CVE-2010-0827).\n \n Multiple array index errors in set.c in dvipng 1.11 and 1.12, and\n teTeX, allow remote attackers to cause a denial of service (application\n crash) or possibly execute arbitrary code via a malformed DVI file\n (CVE-2010-0829).\n \n Integer overflow in the predospecial function in dospecial.c in\n dvips in (1) TeX Live and (2) teTeX might allow user-assisted remote\n attackers to execute arbitrary code via a crafted DVI file that\n triggers a heap-based buffer overflow. NOTE: some of these details\n are obtained from third party information (CVE-2010-0739).\n \n Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live\n 2009 and earlier, and teTeX, allow remote attackers to cause a denial\n of service (application crash) or possibly execute arbitrary code via\n a special command in a DVI file, related to the (1) predospecial and\n (2) bbdospecial functions, a different vulnerability than CVE-2010-0739\n (CVE-2010-1440).\n \n Packages for 2008.0 and 2009.0 are provided due to the Extended\n Maintenance Program for those products.\n \n The corrected packages solves these problems.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tetex on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-05/msg00013.php\");\n script_id(831037);\n script_version(\"$Revision: 8243 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-25 07:30:04 +0100 (Mon, 25 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-17 16:00:10 +0200 (Mon, 17 May 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2010:094\");\n script_cve_id(\"CVE-2009-1284\", \"CVE-2009-3608\", \"CVE-2010-0827\", \"CVE-2010-0829\", \"CVE-2010-0739\", \"CVE-2010-1440\");\n script_name(\"Mandriva Update for tetex MDVSA-2010:094 (tetex)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tetex\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"jadetex\", rpm:\"jadetex~3.12~136.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex\", rpm:\"tetex~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-afm\", rpm:\"tetex-afm~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-context\", rpm:\"tetex-context~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-devel\", rpm:\"tetex-devel~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-doc\", rpm:\"tetex-doc~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvilj\", rpm:\"tetex-dvilj~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvipdfm\", rpm:\"tetex-dvipdfm~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvips\", rpm:\"tetex-dvips~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-latex\", rpm:\"tetex-latex~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-mfwin\", rpm:\"tetex-mfwin~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-texi2html\", rpm:\"tetex-texi2html~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-usrlocal\", rpm:\"tetex-usrlocal~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-xdvi\", rpm:\"tetex-xdvi~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xmltex\", rpm:\"xmltex~1.9~84.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"jadetex\", rpm:\"jadetex~3.12~145.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex\", rpm:\"tetex~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-afm\", rpm:\"tetex-afm~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-context\", rpm:\"tetex-context~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-devel\", rpm:\"tetex-devel~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-doc\", rpm:\"tetex-doc~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvilj\", rpm:\"tetex-dvilj~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvipdfm\", rpm:\"tetex-dvipdfm~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvips\", rpm:\"tetex-dvips~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-latex\", rpm:\"tetex-latex~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-mfwin\", rpm:\"tetex-mfwin~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-texi2html\", rpm:\"tetex-texi2html~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-usrlocal\", rpm:\"tetex-usrlocal~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-xdvi\", rpm:\"tetex-xdvi~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xmltex\", rpm:\"xmltex~1.9~93.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"jadetex\", rpm:\"jadetex~3.12~147.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex\", rpm:\"tetex~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-afm\", rpm:\"tetex-afm~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-context\", rpm:\"tetex-context~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-devel\", rpm:\"tetex-devel~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-doc\", rpm:\"tetex-doc~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvilj\", rpm:\"tetex-dvilj~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvipdfm\", rpm:\"tetex-dvipdfm~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvips\", rpm:\"tetex-dvips~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-latex\", rpm:\"tetex-latex~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-mfwin\", rpm:\"tetex-mfwin~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-texi2html\", rpm:\"tetex-texi2html~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-usrlocal\", rpm:\"tetex-usrlocal~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-xdvi\", rpm:\"tetex-xdvi~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xmltex\", rpm:\"xmltex~1.9~95.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"jadetex\", rpm:\"jadetex~3.12~146.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex\", rpm:\"tetex~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-afm\", rpm:\"tetex-afm~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-context\", rpm:\"tetex-context~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-devel\", rpm:\"tetex-devel~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-doc\", rpm:\"tetex-doc~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvilj\", rpm:\"tetex-dvilj~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvipdfm\", rpm:\"tetex-dvipdfm~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvips\", rpm:\"tetex-dvips~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-latex\", rpm:\"tetex-latex~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-mfwin\", rpm:\"tetex-mfwin~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-texi2html\", rpm:\"tetex-texi2html~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-usrlocal\", rpm:\"tetex-usrlocal~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-xdvi\", rpm:\"tetex-xdvi~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xmltex\", rpm:\"xmltex~1.9~94.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"jadetex\", rpm:\"jadetex~3.12~145.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex\", rpm:\"tetex~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-afm\", rpm:\"tetex-afm~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-context\", rpm:\"tetex-context~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-devel\", rpm:\"tetex-devel~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-doc\", rpm:\"tetex-doc~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvilj\", rpm:\"tetex-dvilj~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvipdfm\", rpm:\"tetex-dvipdfm~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvips\", rpm:\"tetex-dvips~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-latex\", rpm:\"tetex-latex~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-mfwin\", rpm:\"tetex-mfwin~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-texi2html\", rpm:\"tetex-texi2html~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-usrlocal\", rpm:\"tetex-usrlocal~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-xdvi\", rpm:\"tetex-xdvi~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xmltex\", rpm:\"xmltex~1.9~93.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-21T11:33:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3608", "CVE-2010-0829", "CVE-2010-1440", "CVE-2010-0827", "CVE-2010-0739", "CVE-2009-1284"], "description": "Check for the Version of nufw", "modified": "2017-12-20T00:00:00", "published": "2010-03-12T00:00:00", "id": "OPENVAS:830923", "href": "http://plugins.openvas.org/nasl.php?oid=830923", "type": "openvas", "title": "Mandriva Update for nufw MDVA-2010:094 (nufw)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for nufw MDVA-2010:094 (nufw)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"nufw on Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\ntag_insight = \"This update provides the latest version of nufw software suite,\n with many bugfixes and usage improvements.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-03/msg00012.php\");\n script_id(830923);\n script_version(\"$Revision: 8186 $\");\n script_cve_id(\"CVE-2009-1284\", \"CVE-2009-3608\", \"CVE-2010-0827\", \"CVE-2010-0829\",\n \"CVE-2010-0739\", \"CVE-2010-1440\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 07:30:34 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-12 17:02:32 +0100 (Fri, 12 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVA\", value: \"2010:094\");\n script_name(\"Mandriva Update for nufw MDVA-2010:094 (nufw)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of nufw\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnuclient1\", rpm:\"libnuclient1~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnufw-devel\", rpm:\"libnufw-devel~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nuface\", rpm:\"nuface~2.0.16~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nufw\", rpm:\"nufw~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nufw-nuauth\", rpm:\"nufw-nuauth~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nufw-nuauth-auth-ldap\", rpm:\"nufw-nuauth-auth-ldap~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nufw-nuauth-auth-mysql\", rpm:\"nufw-nuauth-auth-mysql~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nufw-nuauth-log-mysql\", rpm:\"nufw-nuauth-log-mysql~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nufw-nuauth-log-pgsql\", rpm:\"nufw-nuauth-log-pgsql~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nufw-nuauth-log-prelude\", rpm:\"nufw-nuauth-log-prelude~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nufw-nutcpc\", rpm:\"nufw-nutcpc~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nufw-utils\", rpm:\"nufw-utils~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nulog\", rpm:\"nulog~2.1.5~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pam_nufw\", rpm:\"pam_nufw~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-nufw\", rpm:\"python-nufw~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nufw\", rpm:\"nufw~2.4.0~0.1mdvmes2009.0\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nuclient1\", rpm:\"lib64nuclient1~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nufw-devel\", rpm:\"lib64nufw-devel~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-18T11:05:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3608", "CVE-2010-0829", "CVE-2010-1440", "CVE-2010-0827", "CVE-2010-0739", "CVE-2009-1284"], "description": "Check for the Version of nufw", "modified": "2018-01-17T00:00:00", "published": "2010-03-12T00:00:00", "id": "OPENVAS:1361412562310830923", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830923", "type": "openvas", "title": "Mandriva Update for nufw MDVA-2010:094 (nufw)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for nufw MDVA-2010:094 (nufw)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"nufw on Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\ntag_insight = \"This update provides the latest version of nufw software suite,\n with many bugfixes and usage improvements.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-03/msg00012.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830923\");\n script_version(\"$Revision: 8447 $\");\n script_cve_id(\"CVE-2009-1284\", \"CVE-2009-3608\", \"CVE-2010-0827\", \"CVE-2010-0829\",\n \"CVE-2010-0739\", \"CVE-2010-1440\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:12:19 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-12 17:02:32 +0100 (Fri, 12 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVA\", value: \"2010:094\");\n script_name(\"Mandriva Update for nufw MDVA-2010:094 (nufw)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of nufw\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnuclient1\", rpm:\"libnuclient1~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnufw-devel\", rpm:\"libnufw-devel~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nuface\", rpm:\"nuface~2.0.16~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nufw\", rpm:\"nufw~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nufw-nuauth\", rpm:\"nufw-nuauth~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nufw-nuauth-auth-ldap\", rpm:\"nufw-nuauth-auth-ldap~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nufw-nuauth-auth-mysql\", rpm:\"nufw-nuauth-auth-mysql~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nufw-nuauth-log-mysql\", rpm:\"nufw-nuauth-log-mysql~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nufw-nuauth-log-pgsql\", rpm:\"nufw-nuauth-log-pgsql~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nufw-nuauth-log-prelude\", rpm:\"nufw-nuauth-log-prelude~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nufw-nutcpc\", rpm:\"nufw-nutcpc~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nufw-utils\", rpm:\"nufw-utils~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nulog\", rpm:\"nulog~2.1.5~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pam_nufw\", rpm:\"pam_nufw~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-nufw\", rpm:\"python-nufw~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nufw\", rpm:\"nufw~2.4.0~0.1mdvmes2009.0\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nuclient1\", rpm:\"lib64nuclient1~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nufw-devel\", rpm:\"lib64nufw-devel~2.4.0~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-25T10:54:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3608", "CVE-2010-0829", "CVE-2010-1440", "CVE-2010-0827", "CVE-2010-0739", "CVE-2009-1284"], "description": "Check for the Version of tetex", "modified": "2018-01-24T00:00:00", "published": "2010-05-17T00:00:00", "id": "OPENVAS:1361412562310831037", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831037", "type": "openvas", "title": "Mandriva Update for tetex MDVSA-2010:094 (tetex)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for tetex MDVSA-2010:094 (tetex)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been discovered and fixed in tetex:\n\n Buffer overflow in BibTeX 0.99 allows context-dependent attackers to\n cause a denial of service (memory corruption and crash) via a long\n .bib bibliography file (CVE-2009-1284).\n \n Integer overflow in the ObjectStream::ObjectStream function in XRef.cc\n in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in\n GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote\n attackers to execute arbitrary code via a crafted PDF document that\n triggers a heap-based buffer overflow (CVE-2009-3608).\n \n Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX,\n allows remote attackers to cause a denial of service (application\n crash) or possibly execute arbitrary code via a crafted virtual font\n (VF) file associated with a DVI file (CVE-2010-0827).\n \n Multiple array index errors in set.c in dvipng 1.11 and 1.12, and\n teTeX, allow remote attackers to cause a denial of service (application\n crash) or possibly execute arbitrary code via a malformed DVI file\n (CVE-2010-0829).\n \n Integer overflow in the predospecial function in dospecial.c in\n dvips in (1) TeX Live and (2) teTeX might allow user-assisted remote\n attackers to execute arbitrary code via a crafted DVI file that\n triggers a heap-based buffer overflow. NOTE: some of these details\n are obtained from third party information (CVE-2010-0739).\n \n Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live\n 2009 and earlier, and teTeX, allow remote attackers to cause a denial\n of service (application crash) or possibly execute arbitrary code via\n a special command in a DVI file, related to the (1) predospecial and\n (2) bbdospecial functions, a different vulnerability than CVE-2010-0739\n (CVE-2010-1440).\n \n Packages for 2008.0 and 2009.0 are provided due to the Extended\n Maintenance Program for those products.\n \n The corrected packages solves these problems.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tetex on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-05/msg00013.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831037\");\n script_version(\"$Revision: 8510 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 08:57:42 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-17 16:00:10 +0200 (Mon, 17 May 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2010:094\");\n script_cve_id(\"CVE-2009-1284\", \"CVE-2009-3608\", \"CVE-2010-0827\", \"CVE-2010-0829\", \"CVE-2010-0739\", \"CVE-2010-1440\");\n script_name(\"Mandriva Update for tetex MDVSA-2010:094 (tetex)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tetex\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"jadetex\", rpm:\"jadetex~3.12~136.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex\", rpm:\"tetex~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-afm\", rpm:\"tetex-afm~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-context\", rpm:\"tetex-context~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-devel\", rpm:\"tetex-devel~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-doc\", rpm:\"tetex-doc~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvilj\", rpm:\"tetex-dvilj~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvipdfm\", rpm:\"tetex-dvipdfm~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvips\", rpm:\"tetex-dvips~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-latex\", rpm:\"tetex-latex~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-mfwin\", rpm:\"tetex-mfwin~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-texi2html\", rpm:\"tetex-texi2html~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-usrlocal\", rpm:\"tetex-usrlocal~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-xdvi\", rpm:\"tetex-xdvi~3.0~38.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xmltex\", rpm:\"xmltex~1.9~84.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"jadetex\", rpm:\"jadetex~3.12~145.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex\", rpm:\"tetex~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-afm\", rpm:\"tetex-afm~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-context\", rpm:\"tetex-context~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-devel\", rpm:\"tetex-devel~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-doc\", rpm:\"tetex-doc~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvilj\", rpm:\"tetex-dvilj~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvipdfm\", rpm:\"tetex-dvipdfm~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvips\", rpm:\"tetex-dvips~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-latex\", rpm:\"tetex-latex~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-mfwin\", rpm:\"tetex-mfwin~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-texi2html\", rpm:\"tetex-texi2html~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-usrlocal\", rpm:\"tetex-usrlocal~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-xdvi\", rpm:\"tetex-xdvi~3.0~47.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xmltex\", rpm:\"xmltex~1.9~93.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"jadetex\", rpm:\"jadetex~3.12~147.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex\", rpm:\"tetex~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-afm\", rpm:\"tetex-afm~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-context\", rpm:\"tetex-context~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-devel\", rpm:\"tetex-devel~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-doc\", rpm:\"tetex-doc~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvilj\", rpm:\"tetex-dvilj~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvipdfm\", rpm:\"tetex-dvipdfm~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvips\", rpm:\"tetex-dvips~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-latex\", rpm:\"tetex-latex~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-mfwin\", rpm:\"tetex-mfwin~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-texi2html\", rpm:\"tetex-texi2html~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-usrlocal\", rpm:\"tetex-usrlocal~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-xdvi\", rpm:\"tetex-xdvi~3.0~49.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xmltex\", rpm:\"xmltex~1.9~95.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"jadetex\", rpm:\"jadetex~3.12~146.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex\", rpm:\"tetex~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-afm\", rpm:\"tetex-afm~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-context\", rpm:\"tetex-context~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-devel\", rpm:\"tetex-devel~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-doc\", rpm:\"tetex-doc~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvilj\", rpm:\"tetex-dvilj~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvipdfm\", rpm:\"tetex-dvipdfm~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvips\", rpm:\"tetex-dvips~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-latex\", rpm:\"tetex-latex~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-mfwin\", rpm:\"tetex-mfwin~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-texi2html\", rpm:\"tetex-texi2html~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-usrlocal\", rpm:\"tetex-usrlocal~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-xdvi\", rpm:\"tetex-xdvi~3.0~48.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xmltex\", rpm:\"xmltex~1.9~94.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"jadetex\", rpm:\"jadetex~3.12~145.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex\", rpm:\"tetex~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-afm\", rpm:\"tetex-afm~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-context\", rpm:\"tetex-context~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-devel\", rpm:\"tetex-devel~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-doc\", rpm:\"tetex-doc~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvilj\", rpm:\"tetex-dvilj~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvipdfm\", rpm:\"tetex-dvipdfm~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvips\", rpm:\"tetex-dvips~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-latex\", rpm:\"tetex-latex~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-mfwin\", rpm:\"tetex-mfwin~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-texi2html\", rpm:\"tetex-texi2html~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-usrlocal\", rpm:\"tetex-usrlocal~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-xdvi\", rpm:\"tetex-xdvi~3.0~47.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xmltex\", rpm:\"xmltex~1.9~93.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-20T13:17:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0829", "CVE-2010-1440", "CVE-2010-0739", "CVE-2009-1284"], "description": "Check for the Version of texlive", "modified": "2017-12-19T00:00:00", "published": "2010-05-28T00:00:00", "id": "OPENVAS:861970", "href": "http://plugins.openvas.org/nasl.php?oid=861970", "type": "openvas", "title": "Fedora Update for texlive FEDORA-2010-8273", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for texlive FEDORA-2010-8273\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"TeXLive is an implementation of TeX for Linux or UNIX systems. TeX takes\n a text file and a set of formatting commands as input and creates a\n printable file as output. Usually, TeX is used in conjunction with\n a higher level formatting package like LaTeX or PlainTeX, since TeX by\n itself is not very user-friendly.\n\n Install texlive if you want to use the TeX text formatting system. Consider\n to install texlive-latex (a higher level formatting package which provides\n an easier-to-use interface for TeX).\n \n The TeX documentation is located in the texlive-doc package.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"texlive on Fedora 11\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041573.html\");\n script_id(861970);\n script_version(\"$Revision: 8164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-28 10:00:59 +0200 (Fri, 28 May 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-8273\");\n script_cve_id(\"CVE-2010-0739\", \"CVE-2010-1440\", \"CVE-2010-0829\", \"CVE-2009-1284\");\n script_name(\"Fedora Update for texlive FEDORA-2010-8273\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of texlive\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"texlive\", rpm:\"texlive~2007~47.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-17T11:05:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0829", "CVE-2010-1440", "CVE-2010-0739", "CVE-2009-1284"], "description": "Check for the Version of texlive", "modified": "2018-01-16T00:00:00", "published": "2010-05-28T00:00:00", "id": "OPENVAS:1361412562310861970", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861970", "type": "openvas", "title": "Fedora Update for texlive FEDORA-2010-8273", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for texlive FEDORA-2010-8273\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"TeXLive is an implementation of TeX for Linux or UNIX systems. TeX takes\n a text file and a set of formatting commands as input and creates a\n printable file as output. Usually, TeX is used in conjunction with\n a higher level formatting package like LaTeX or PlainTeX, since TeX by\n itself is not very user-friendly.\n\n Install texlive if you want to use the TeX text formatting system. Consider\n to install texlive-latex (a higher level formatting package which provides\n an easier-to-use interface for TeX).\n \n The TeX documentation is located in the texlive-doc package.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"texlive on Fedora 11\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041573.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861970\");\n script_version(\"$Revision: 8438 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-16 18:38:23 +0100 (Tue, 16 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-28 10:00:59 +0200 (Fri, 28 May 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-8273\");\n script_cve_id(\"CVE-2010-0739\", \"CVE-2010-1440\", \"CVE-2010-0829\", \"CVE-2009-1284\");\n script_name(\"Fedora Update for texlive FEDORA-2010-8273\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of texlive\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"texlive\", rpm:\"texlive~2007~47.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-21T11:33:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1440", "CVE-2010-0827", "CVE-2010-0739", "CVE-2009-1284"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-937-1", "modified": "2017-12-20T00:00:00", "published": "2010-05-07T00:00:00", "id": "OPENVAS:1361412562310840430", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840430", "type": "openvas", "title": "Ubuntu Update for texlive-bin vulnerabilities USN-937-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_937_1.nasl 8187 2017-12-20 07:30:09Z teissa $\n#\n# Ubuntu Update for texlive-bin vulnerabilities USN-937-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that TeX Live incorrectly handled certain long .bib\n bibliography files. If a user or automated system were tricked into\n processing a specially crafted bib file, an attacker could cause a denial\n of service via application crash. This issue only affected Ubuntu 8.04 LTS,\n 9.04 and 9.10. (CVE-2009-1284)\n\n Marc Schoenefeld, Karel Šrot and Ludwig Nussel discovered that TeX Live\n incorrectly handled certain malformed dvi files. If a user or automated\n system were tricked into processing a specially crafted dvi file, an\n attacker could cause a denial of service via application crash, or possibly\n execute arbitrary code with the privileges of the user invoking the\n program. (CVE-2010-0739, CVE-2010-1440)\n \n Dan Rosenberg discovered that TeX Live incorrectly handled certain\n malformed dvi files. If a user or automated system were tricked into\n processing a specially crafted dvi file, an attacker could cause a denial\n of service via application crash, or possibly execute arbitrary code with\n the privileges of the user invoking the program. (CVE-2010-0827)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-937-1\";\ntag_affected = \"texlive-bin vulnerabilities on Ubuntu 8.04 LTS ,\n Ubuntu 9.04 ,\n Ubuntu 9.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-937-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840430\");\n script_version(\"$Revision: 8187 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 08:30:09 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-07 15:42:01 +0200 (Fri, 07 May 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"937-1\");\n script_cve_id(\"CVE-2009-1284\", \"CVE-2010-0739\", \"CVE-2010-0827\", \"CVE-2010-1440\");\n script_name(\"Ubuntu Update for texlive-bin vulnerabilities USN-937-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libkpathsea-dev\", ver:\"2007.dfsg.2-7ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkpathsea4\", ver:\"2007.dfsg.2-7ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-base-bin-doc\", ver:\"2007.dfsg.2-7ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-base-bin\", ver:\"2007.dfsg.2-7ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-extra-utils\", ver:\"2007.dfsg.2-7ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-font-utils\", ver:\"2007.dfsg.2-7ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-lang-indic\", ver:\"2007.dfsg.2-7ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-metapost-doc\", ver:\"2007.dfsg.2-7ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-metapost\", ver:\"2007.dfsg.2-7ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-music\", ver:\"2007.dfsg.2-7ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-omega\", ver:\"2007.dfsg.2-7ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-xetex\", ver:\"2007.dfsg.2-7ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libkpathsea-dev\", ver:\"2007.dfsg.2-4ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkpathsea4\", ver:\"2007.dfsg.2-4ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-base-bin-doc\", ver:\"2007.dfsg.2-4ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-base-bin\", ver:\"2007.dfsg.2-4ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-extra-utils\", ver:\"2007.dfsg.2-4ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-font-utils\", ver:\"2007.dfsg.2-4ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-lang-indic\", ver:\"2007.dfsg.2-4ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-metapost-doc\", ver:\"2007.dfsg.2-4ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-xetex\", ver:\"2007.dfsg.2-4ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-metapost\", ver:\"2007.dfsg.2-4ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-music\", ver:\"2007.dfsg.2-4ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-omega\", ver:\"2007.dfsg.2-4ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libkpathsea-dev\", ver:\"2007.dfsg.1-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkpathsea4\", ver:\"2007.dfsg.1-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-base-bin-doc\", ver:\"2007.dfsg.1-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-base-bin\", ver:\"2007.dfsg.1-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-extra-utils\", ver:\"2007.dfsg.1-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-font-utils\", ver:\"2007.dfsg.1-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-lang-indic\", ver:\"2007.dfsg.1-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-metapost-doc\", ver:\"2007.dfsg.1-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-metapost\", ver:\"2007.dfsg.1-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-music\", ver:\"2007.dfsg.1-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-omega\", ver:\"2007.dfsg.1-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"texlive-xetex\", ver:\"2007.dfsg.1-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-07T11:52:40", "description": "Multiple vulnerabilities has been discovered and fixed in tetex :\n\nBuffer overflow in BibTeX 0.99 allows context-dependent attackers to\ncause a denial of service (memory corruption and crash) via a long\n.bib bibliography file (CVE-2009-1284).\n\nInteger overflow in the ObjectStream::ObjectStream function in XRef.cc\nin Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf,\nkdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote\nattackers to execute arbitrary code via a crafted PDF document that\ntriggers a heap-based buffer overflow (CVE-2009-3608).\n\nInteger overflow in dvips in TeX Live 2009 and earlier, and teTeX,\nallows remote attackers to cause a denial of service (application\ncrash) or possibly execute arbitrary code via a crafted virtual font\n(VF) file associated with a DVI file (CVE-2010-0827).\n\nMultiple array index errors in set.c in dvipng 1.11 and 1.12, and\nteTeX, allow remote attackers to cause a denial of service\n(application crash) or possibly execute arbitrary code via a malformed\nDVI file (CVE-2010-0829).\n\nInteger overflow in the predospecial function in dospecial.c in dvips\nin (1) TeX Live and (2) teTeX might allow user-assisted remote\nattackers to execute arbitrary code via a crafted DVI file that\ntriggers a heap-based buffer overflow. NOTE: some of these details are\nobtained from third-party information (CVE-2010-0739).\n\nMultiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live\n2009 and earlier, and teTeX, allow remote attackers to cause a denial\nof service (application crash) or possibly execute arbitrary code via\na special command in a DVI file, related to the (1) predospecial and\n(2) bbdospecial functions, a different vulnerability than\nCVE-2010-0739 (CVE-2010-1440).\n\nPackages for 2008.0 and 2009.0 are provided due to the Extended\nMaintenance Program for those products.\n\nThe corrected packages solves these problems.", "edition": 26, "published": "2010-05-13T00:00:00", "title": "Mandriva Linux Security Advisory : tetex (MDVSA-2010:094)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3608", "CVE-2010-0829", "CVE-2010-1440", "CVE-2010-0827", "CVE-2010-0739", "CVE-2009-1284"], "modified": "2010-05-13T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:tetex-dvips", "p-cpe:/a:mandriva:linux:jadetex", "p-cpe:/a:mandriva:linux:tetex-afm", "p-cpe:/a:mandriva:linux:xmltex", "p-cpe:/a:mandriva:linux:tetex", "p-cpe:/a:mandriva:linux:tetex-usrlocal", "cpe:/o:mandriva:linux:2009.0", "p-cpe:/a:mandriva:linux:tetex-context", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:tetex-texi2html", "p-cpe:/a:mandriva:linux:tetex-xdvi", "p-cpe:/a:mandriva:linux:tetex-mfwin", "cpe:/o:mandriva:linux:2009.1", "p-cpe:/a:mandriva:linux:tetex-devel", "p-cpe:/a:mandriva:linux:tetex-dvilj", "p-cpe:/a:mandriva:linux:tetex-dvipdfm", "cpe:/o:mandriva:linux:2010.0", "p-cpe:/a:mandriva:linux:tetex-doc", "p-cpe:/a:mandriva:linux:tetex-latex"], "id": "MANDRIVA_MDVSA-2010-094.NASL", "href": "https://www.tenable.com/plugins/nessus/46330", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:094. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46330);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2009-1284\",\n \"CVE-2009-3608\",\n \"CVE-2010-0739\",\n \"CVE-2010-0827\",\n \"CVE-2010-0829\",\n \"CVE-2010-1440\"\n );\n script_bugtraq_id(\n 34332,\n 36703,\n 39500,\n 39966,\n 39969\n );\n script_xref(name:\"MDVSA\", value:\"2010:094\");\n\n script_name(english:\"Mandriva Linux Security Advisory : tetex (MDVSA-2010:094)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been discovered and fixed in tetex :\n\nBuffer overflow in BibTeX 0.99 allows context-dependent attackers to\ncause a denial of service (memory corruption and crash) via a long\n.bib bibliography file (CVE-2009-1284).\n\nInteger overflow in the ObjectStream::ObjectStream function in XRef.cc\nin Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf,\nkdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote\nattackers to execute arbitrary code via a crafted PDF document that\ntriggers a heap-based buffer overflow (CVE-2009-3608).\n\nInteger overflow in dvips in TeX Live 2009 and earlier, and teTeX,\nallows remote attackers to cause a denial of service (application\ncrash) or possibly execute arbitrary code via a crafted virtual font\n(VF) file associated with a DVI file (CVE-2010-0827).\n\nMultiple array index errors in set.c in dvipng 1.11 and 1.12, and\nteTeX, allow remote attackers to cause a denial of service\n(application crash) or possibly execute arbitrary code via a malformed\nDVI file (CVE-2010-0829).\n\nInteger overflow in the predospecial function in dospecial.c in dvips\nin (1) TeX Live and (2) teTeX might allow user-assisted remote\nattackers to execute arbitrary code via a crafted DVI file that\ntriggers a heap-based buffer overflow. NOTE: some of these details are\nobtained from third-party information (CVE-2010-0739).\n\nMultiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live\n2009 and earlier, and teTeX, allow remote attackers to cause a denial\nof service (application crash) or possibly execute arbitrary code via\na special command in a DVI file, related to the (1) predospecial and\n(2) bbdospecial functions, a different vulnerability than\nCVE-2010-0739 (CVE-2010-1440).\n\nPackages for 2008.0 and 2009.0 are provided due to the Extended\nMaintenance Program for those products.\n\nThe corrected packages solves these problems.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:jadetex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tetex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tetex-afm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tetex-context\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tetex-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tetex-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tetex-dvilj\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tetex-dvipdfm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tetex-dvips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tetex-latex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tetex-mfwin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tetex-texi2html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tetex-usrlocal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tetex-xdvi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xmltex\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"jadetex-3.12-136.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tetex-3.0-38.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tetex-afm-3.0-38.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tetex-context-3.0-38.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tetex-devel-3.0-38.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tetex-doc-3.0-38.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tetex-dvilj-3.0-38.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tetex-dvipdfm-3.0-38.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tetex-dvips-3.0-38.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tetex-latex-3.0-38.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tetex-mfwin-3.0-38.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tetex-texi2html-3.0-38.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tetex-usrlocal-3.0-38.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tetex-xdvi-3.0-38.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xmltex-1.9-84.2mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", reference:\"jadetex-3.12-145.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tetex-3.0-47.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tetex-afm-3.0-47.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tetex-context-3.0-47.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tetex-devel-3.0-47.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tetex-doc-3.0-47.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tetex-dvilj-3.0-47.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tetex-dvipdfm-3.0-47.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tetex-dvips-3.0-47.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tetex-latex-3.0-47.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tetex-mfwin-3.0-47.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tetex-texi2html-3.0-47.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tetex-usrlocal-3.0-47.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tetex-xdvi-3.0-47.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"xmltex-1.9-93.1mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.1\", reference:\"jadetex-3.12-146.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tetex-3.0-48.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tetex-afm-3.0-48.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tetex-context-3.0-48.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tetex-devel-3.0-48.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tetex-doc-3.0-48.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tetex-dvilj-3.0-48.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tetex-dvipdfm-3.0-48.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tetex-dvips-3.0-48.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tetex-latex-3.0-48.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tetex-mfwin-3.0-48.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tetex-texi2html-3.0-48.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tetex-usrlocal-3.0-48.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tetex-xdvi-3.0-48.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"xmltex-1.9-94.1mdv2009.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.0\", reference:\"jadetex-3.12-147.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tetex-3.0-49.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tetex-afm-3.0-49.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tetex-context-3.0-49.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tetex-devel-3.0-49.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tetex-doc-3.0-49.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tetex-dvilj-3.0-49.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tetex-dvipdfm-3.0-49.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tetex-dvips-3.0-49.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tetex-latex-3.0-49.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tetex-mfwin-3.0-49.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tetex-texi2html-3.0-49.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tetex-usrlocal-3.0-49.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tetex-xdvi-3.0-49.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"xmltex-1.9-95.1mdv2010.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:54:22", "description": "The remote host is affected by the vulnerability described in GLSA-201206-28\n(TeX Live: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in texlive-core. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n These vulnerabilities might allow user-assisted remote attackers to\n execute arbitrary code via a specially crafted DVI file, or cause a\n Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 21, "published": "2012-06-26T00:00:00", "title": "GLSA-201206-28 : TeX Live: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1440", "CVE-2010-0827", "CVE-2010-0739", "CVE-2009-1284"], "modified": "2012-06-26T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:texlive-core", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201206-28.NASL", "href": "https://www.tenable.com/plugins/nessus/59701", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201206-28.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59701);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-1284\", \"CVE-2010-0739\", \"CVE-2010-0827\", \"CVE-2010-1440\");\n script_bugtraq_id(34332, 39500, 39966, 39971);\n script_xref(name:\"GLSA\", value:\"201206-28\");\n\n script_name(english:\"GLSA-201206-28 : TeX Live: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201206-28\n(TeX Live: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in texlive-core. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n These vulnerabilities might allow user-assisted remote attackers to\n execute arbitrary code via a specially crafted DVI file, or cause a\n Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201206-28\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All texlive-core users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-text/texlive-core-2009-r2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:texlive-core\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-text/texlive-core\", unaffected:make_list(\"ge 2009-r2\"), vulnerable:make_list(\"lt 2009-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"TeX Live\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T06:57:30", "description": "It was discovered that TeX Live incorrectly handled certain long .bib\nbibliography files. If a user or automated system were tricked into\nprocessing a specially crafted bib file, an attacker could cause a\ndenial of service via application crash. This issue only affected\nUbuntu 8.04 LTS, 9.04 and 9.10. (CVE-2009-1284)\n\nMarc Schoenefeld, Karel Srot and Ludwig Nussel discovered that TeX\nLive incorrectly handled certain malformed dvi files. If a user or\nautomated system were tricked into processing a specially crafted dvi\nfile, an attacker could cause a denial of service via application\ncrash, or possibly execute arbitrary code with the privileges of the\nuser invoking the program. (CVE-2010-0739, CVE-2010-1440)\n\nDan Rosenberg discovered that TeX Live incorrectly handled certain\nmalformed dvi files. If a user or automated system were tricked into\nprocessing a specially crafted dvi file, an attacker could cause a\ndenial of service via application crash, or possibly execute arbitrary\ncode with the privileges of the user invoking the program.\n(CVE-2010-0827).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2010-05-07T00:00:00", "title": "Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : texlive-bin vulnerabilities (USN-937-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1440", "CVE-2010-0827", "CVE-2010-0739", "CVE-2009-1284"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:texlive-omega", "p-cpe:/a:canonical:ubuntu_linux:texlive-music", "p-cpe:/a:canonical:ubuntu_linux:texlive-xetex", "p-cpe:/a:canonical:ubuntu_linux:texlive-extra-utils", "p-cpe:/a:canonical:ubuntu_linux:texlive-base-bin", "p-cpe:/a:canonical:ubuntu_linux:libkpathsea-dev", "p-cpe:/a:canonical:ubuntu_linux:texlive-font-utils", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libkpathsea5", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:texlive-binaries", "cpe:/o:canonical:ubuntu_linux:9.10", "p-cpe:/a:canonical:ubuntu_linux:texlive-metapost-doc", "cpe:/o:canonical:ubuntu_linux:9.04", "p-cpe:/a:canonical:ubuntu_linux:texlive-metapost", "p-cpe:/a:canonical:ubuntu_linux:texlive-base-bin-doc", "p-cpe:/a:canonical:ubuntu_linux:texlive-lang-indic", "p-cpe:/a:canonical:ubuntu_linux:libkpathsea4"], "id": "UBUNTU_USN-937-1.NASL", "href": "https://www.tenable.com/plugins/nessus/46254", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-937-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(46254);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2009-1284\", \"CVE-2010-0739\", \"CVE-2010-0827\", \"CVE-2010-1440\");\n script_bugtraq_id(34332, 39500);\n script_xref(name:\"USN\", value:\"937-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : texlive-bin vulnerabilities (USN-937-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that TeX Live incorrectly handled certain long .bib\nbibliography files. If a user or automated system were tricked into\nprocessing a specially crafted bib file, an attacker could cause a\ndenial of service via application crash. This issue only affected\nUbuntu 8.04 LTS, 9.04 and 9.10. (CVE-2009-1284)\n\nMarc Schoenefeld, Karel Srot and Ludwig Nussel discovered that TeX\nLive incorrectly handled certain malformed dvi files. If a user or\nautomated system were tricked into processing a specially crafted dvi\nfile, an attacker could cause a denial of service via application\ncrash, or possibly execute arbitrary code with the privileges of the\nuser invoking the program. (CVE-2010-0739, CVE-2010-1440)\n\nDan Rosenberg discovered that TeX Live incorrectly handled certain\nmalformed dvi files. If a user or automated system were tricked into\nprocessing a specially crafted dvi file, an attacker could cause a\ndenial of service via application crash, or possibly execute arbitrary\ncode with the privileges of the user invoking the program.\n(CVE-2010-0827).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/937-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkpathsea-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkpathsea4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkpathsea5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:texlive-base-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:texlive-base-bin-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:texlive-binaries\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:texlive-extra-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:texlive-font-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:texlive-lang-indic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:texlive-metapost\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:texlive-metapost-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:texlive-music\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:texlive-omega\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:texlive-xetex\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|9\\.04|9\\.10|10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 9.04 / 9.10 / 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libkpathsea-dev\", pkgver:\"2007.dfsg.1-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libkpathsea4\", pkgver:\"2007.dfsg.1-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"texlive-base-bin\", pkgver:\"2007.dfsg.1-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"texlive-base-bin-doc\", pkgver:\"2007.dfsg.1-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"texlive-extra-utils\", pkgver:\"2007.dfsg.1-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"texlive-font-utils\", pkgver:\"2007.dfsg.1-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"texlive-lang-indic\", pkgver:\"2007.dfsg.1-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"texlive-metapost\", pkgver:\"2007.dfsg.1-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"texlive-metapost-doc\", pkgver:\"2007.dfsg.1-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"texlive-music\", pkgver:\"2007.dfsg.1-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"texlive-omega\", pkgver:\"2007.dfsg.1-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"texlive-xetex\", pkgver:\"2007.dfsg.1-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libkpathsea-dev\", pkgver:\"2007.dfsg.2-4ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libkpathsea4\", pkgver:\"2007.dfsg.2-4ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"texlive-base-bin\", pkgver:\"2007.dfsg.2-4ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"texlive-base-bin-doc\", pkgver:\"2007.dfsg.2-4ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"texlive-extra-utils\", pkgver:\"2007.dfsg.2-4ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"texlive-font-utils\", pkgver:\"2007.dfsg.2-4ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"texlive-lang-indic\", pkgver:\"2007.dfsg.2-4ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"texlive-metapost\", pkgver:\"2007.dfsg.2-4ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"texlive-metapost-doc\", pkgver:\"2007.dfsg.2-4ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"texlive-music\", pkgver:\"2007.dfsg.2-4ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"texlive-omega\", pkgver:\"2007.dfsg.2-4ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"texlive-xetex\", pkgver:\"2007.dfsg.2-4ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libkpathsea-dev\", pkgver:\"2007.dfsg.2-7ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libkpathsea4\", pkgver:\"2007.dfsg.2-7ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"texlive-base-bin\", pkgver:\"2007.dfsg.2-7ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"texlive-base-bin-doc\", pkgver:\"2007.dfsg.2-7ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"texlive-extra-utils\", pkgver:\"2007.dfsg.2-7ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"texlive-font-utils\", pkgver:\"2007.dfsg.2-7ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"texlive-lang-indic\", pkgver:\"2007.dfsg.2-7ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"texlive-metapost\", pkgver:\"2007.dfsg.2-7ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"texlive-metapost-doc\", pkgver:\"2007.dfsg.2-7ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"texlive-music\", pkgver:\"2007.dfsg.2-7ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"texlive-omega\", pkgver:\"2007.dfsg.2-7ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"texlive-xetex\", pkgver:\"2007.dfsg.2-7ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libkpathsea-dev\", pkgver:\"2009-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libkpathsea5\", pkgver:\"2009-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"texlive-binaries\", pkgver:\"2009-5ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libkpathsea-dev / libkpathsea4 / libkpathsea5 / texlive-base-bin / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:03:45", "description": "Specially crafted dvi files could cause buffer overflows in dvips and\ndvipng (CVE-2010-0827, CVE-2010-0829, CVE-2010-0739, CVE-2010-1440).", "edition": 24, "published": "2010-05-15T00:00:00", "title": "openSUSE Security Update : texlive (openSUSE-SU-2010:0251-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0829", "CVE-2010-1440", "CVE-2010-0827", "CVE-2010-0739"], "modified": "2010-05-15T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:texlive-dvilj", "p-cpe:/a:novell:opensuse:texlive-tex4ht", "p-cpe:/a:novell:opensuse:texlive-cjk", "p-cpe:/a:novell:opensuse:texlive-metapost", "cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:texlive", "p-cpe:/a:novell:opensuse:texlive-xetex", "p-cpe:/a:novell:opensuse:texlive-omega", "p-cpe:/a:novell:opensuse:texlive-xmltex", "p-cpe:/a:novell:opensuse:texlive-latex", "p-cpe:/a:novell:opensuse:texlive-ppower4", "p-cpe:/a:novell:opensuse:texlive-arab", "p-cpe:/a:novell:opensuse:texlive-nfs", "p-cpe:/a:novell:opensuse:texlive-bin", "p-cpe:/a:novell:opensuse:texlive-tools", "p-cpe:/a:novell:opensuse:texlive-musictex", "p-cpe:/a:novell:opensuse:texlive-devel", "p-cpe:/a:novell:opensuse:texlive-jadetex", "p-cpe:/a:novell:opensuse:texlive-context"], "id": "SUSE_11_0_TEXLIVE-100503.NASL", "href": "https://www.tenable.com/plugins/nessus/46340", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update texlive-2392.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46340);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0739\", \"CVE-2010-0827\", \"CVE-2010-0829\", \"CVE-2010-1440\");\n\n script_name(english:\"openSUSE Security Update : texlive (openSUSE-SU-2010:0251-1)\");\n script_summary(english:\"Check for the texlive-2392 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted dvi files could cause buffer overflows in dvips and\ndvipng (CVE-2010-0827, CVE-2010-0829, CVE-2010-0739, CVE-2010-1440).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=587794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-05/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected texlive packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-arab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-cjk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-context\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-dvilj\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-jadetex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-latex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-metapost\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-musictex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-nfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-omega\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-ppower4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-tex4ht\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-xetex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-xmltex\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"texlive-2007-177.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"texlive-arab-2007-177.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"texlive-bin-2007-176.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"texlive-cjk-2007-177.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"texlive-context-2007-177.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"texlive-devel-2007-177.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"texlive-dvilj-2007-177.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"texlive-jadetex-2007-177.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"texlive-latex-2007-177.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"texlive-metapost-2007-177.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"texlive-musictex-2007-177.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"texlive-nfs-2007-177.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"texlive-omega-2007-177.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"texlive-ppower4-2007-177.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"texlive-tex4ht-2007-177.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"texlive-tools-2007-177.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"texlive-xetex-2007-177.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"texlive-xmltex-2007-177.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"texlive / texlive-arab / texlive-bin / texlive-cjk / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:05:09", "description": "Specially crafted dvi files could cause buffer overflows in dvips and\ndvipng (CVE-2010-0827, CVE-2010-0829, CVE-2010-0739, CVE-2010-1440).", "edition": 24, "published": "2010-05-15T00:00:00", "title": "openSUSE Security Update : texlive (openSUSE-SU-2010:0251-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0829", "CVE-2010-1440", "CVE-2010-0827", "CVE-2010-0739"], "modified": "2010-05-15T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:texlive-dvilj", "p-cpe:/a:novell:opensuse:texlive-tex4ht", "p-cpe:/a:novell:opensuse:texlive-cjk", "p-cpe:/a:novell:opensuse:texlive-metapost", "p-cpe:/a:novell:opensuse:texlive", "p-cpe:/a:novell:opensuse:texlive-xetex", "p-cpe:/a:novell:opensuse:texlive-omega", "p-cpe:/a:novell:opensuse:texlive-xmltex", "cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:texlive-latex", "p-cpe:/a:novell:opensuse:texlive-ppower4", "p-cpe:/a:novell:opensuse:texlive-arab", "p-cpe:/a:novell:opensuse:texlive-nfs", "p-cpe:/a:novell:opensuse:texlive-bin", "p-cpe:/a:novell:opensuse:texlive-tools", "p-cpe:/a:novell:opensuse:texlive-musictex", "p-cpe:/a:novell:opensuse:texlive-devel", "p-cpe:/a:novell:opensuse:texlive-jadetex", "p-cpe:/a:novell:opensuse:texlive-context"], "id": "SUSE_11_1_TEXLIVE-100503.NASL", "href": "https://www.tenable.com/plugins/nessus/46342", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update texlive-2392.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46342);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0739\", \"CVE-2010-0827\", \"CVE-2010-0829\", \"CVE-2010-1440\");\n\n script_name(english:\"openSUSE Security Update : texlive (openSUSE-SU-2010:0251-1)\");\n script_summary(english:\"Check for the texlive-2392 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted dvi files could cause buffer overflows in dvips and\ndvipng (CVE-2010-0827, CVE-2010-0829, CVE-2010-0739, CVE-2010-1440).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=587794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-05/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected texlive packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-arab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-cjk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-context\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-dvilj\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-jadetex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-latex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-metapost\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-musictex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-nfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-omega\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-ppower4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-tex4ht\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-xetex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-xmltex\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"texlive-2007-219.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"texlive-arab-2007-219.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"texlive-bin-2007-219.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"texlive-cjk-2007-219.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"texlive-context-2007-219.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"texlive-devel-2007-219.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"texlive-dvilj-2007-219.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"texlive-jadetex-2007-219.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"texlive-latex-2007-219.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"texlive-metapost-2007-219.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"texlive-musictex-2007-219.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"texlive-nfs-2007-219.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"texlive-omega-2007-219.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"texlive-ppower4-2007-219.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"texlive-tex4ht-2007-219.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"texlive-tools-2007-219.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"texlive-xetex-2007-219.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"texlive-xmltex-2007-219.7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"texlive / texlive-arab / texlive-bin / texlive-cjk / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:06:41", "description": "Specially crafted dvi files could cause buffer overflows in dvips and\ndvipng (CVE-2010-0827, CVE-2010-0829, CVE-2010-0739, CVE-2010-1440).", "edition": 24, "published": "2010-05-15T00:00:00", "title": "openSUSE Security Update : texlive (openSUSE-SU-2010:0251-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0829", "CVE-2010-1440", "CVE-2010-0827", "CVE-2010-0739"], "modified": "2010-05-15T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:texlive-dvilj", "p-cpe:/a:novell:opensuse:texlive-tex4ht", "p-cpe:/a:novell:opensuse:texlive-cjk", "p-cpe:/a:novell:opensuse:texlive-metapost", "p-cpe:/a:novell:opensuse:texlive", "p-cpe:/a:novell:opensuse:texlive-xetex", "p-cpe:/a:novell:opensuse:texlive-omega", "p-cpe:/a:novell:opensuse:texlive-xmltex", "p-cpe:/a:novell:opensuse:texlive-latex", "p-cpe:/a:novell:opensuse:texlive-ppower4", "cpe:/o:novell:opensuse:11.2", "p-cpe:/a:novell:opensuse:texlive-arab", "p-cpe:/a:novell:opensuse:texlive-nfs", "p-cpe:/a:novell:opensuse:texlive-bin", "p-cpe:/a:novell:opensuse:texlive-tools", "p-cpe:/a:novell:opensuse:texlive-musictex", "p-cpe:/a:novell:opensuse:texlive-devel", "p-cpe:/a:novell:opensuse:texlive-jadetex", "p-cpe:/a:novell:opensuse:texlive-context"], "id": "SUSE_11_2_TEXLIVE-100504.NASL", "href": "https://www.tenable.com/plugins/nessus/46344", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update texlive-2392.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46344);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0739\", \"CVE-2010-0827\", \"CVE-2010-0829\", \"CVE-2010-1440\");\n\n script_name(english:\"openSUSE Security Update : texlive (openSUSE-SU-2010:0251-1)\");\n script_summary(english:\"Check for the texlive-2392 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted dvi files could cause buffer overflows in dvips and\ndvipng (CVE-2010-0827, CVE-2010-0829, CVE-2010-0739, CVE-2010-1440).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=587794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-05/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected texlive packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-arab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-cjk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-context\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-dvilj\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-jadetex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-latex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-metapost\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-musictex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-nfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-omega\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-ppower4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-tex4ht\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-xetex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:texlive-xmltex\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"texlive-2008-13.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"texlive-arab-2008-13.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"texlive-bin-2008-13.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"texlive-cjk-2008-13.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"texlive-context-2008-13.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"texlive-devel-2008-13.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"texlive-dvilj-2008-13.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"texlive-jadetex-2008-13.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"texlive-latex-2008-13.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"texlive-metapost-2008-13.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"texlive-musictex-2008-13.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"texlive-nfs-2008-13.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"texlive-omega-2008-13.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"texlive-ppower4-2008-13.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"texlive-tex4ht-2008-13.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"texlive-tools-2008-13.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"texlive-xetex-2008-13.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"texlive-xmltex-2008-13.18.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"texlive / texlive-arab / texlive-bin / texlive-cjk / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:47:12", "description": "Specially crafted dvi files could cause buffer overflows in dvips and\ndvipng (CVE-2010-0827 / CVE-2010-0829 / CVE-2010-0739 /\nCVE-2010-1440). This has been fixed.", "edition": 23, "published": "2011-01-27T00:00:00", "title": "SuSE 10 Security Update : TeX (ZYPP Patch Number 7020)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0829", "CVE-2010-1440", "CVE-2010-0827", "CVE-2010-0739"], "modified": "2011-01-27T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_TE_AMS-7020.NASL", "href": "https://www.tenable.com/plugins/nessus/51761", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51761);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0739\", \"CVE-2010-0827\", \"CVE-2010-0829\", \"CVE-2010-1440\");\n\n script_name(english:\"SuSE 10 Security Update : TeX (ZYPP Patch Number 7020)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted dvi files could cause buffer overflows in dvips and\ndvipng (CVE-2010-0827 / CVE-2010-0829 / CVE-2010-0739 /\nCVE-2010-1440). This has been fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0739.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0827.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1440.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7020.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"te_ams-3.0-37.13.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"te_cont-3.0-37.13.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"te_dvilj-3.0-37.13.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"te_eplai-3.0-37.13.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"te_kpath-3.0-37.13.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"te_latex-3.0-37.13.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"te_mpost-3.0-37.13.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"te_omega-3.0-37.13.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"te_ptex-3.0-37.13.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"te_web-3.0-37.13.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"tetex-3.0-37.13.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:13:55", "description": "Specially crafted dvi files could cause buffer overflows in dvips and\ndvipng (CVE-2010-0827 / CVE-2010-0829 / CVE-2010-0739 /\nCVE-2010-1440). This has been fixed.", "edition": 23, "published": "2010-12-02T00:00:00", "title": "SuSE 11 Security Update : TeX (SAT Patch Number 2393)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0829", "CVE-2010-1440", "CVE-2010-0827", "CVE-2010-0739"], "modified": "2010-12-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:texlive-latex", "p-cpe:/a:novell:suse_linux:11:texlive-jadetex", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:texlive-tools", "p-cpe:/a:novell:suse_linux:11:texlive", "p-cpe:/a:novell:suse_linux:11:texlive-cjk"], "id": "SUSE_11_TEXLIVE-100504.NASL", "href": "https://www.tenable.com/plugins/nessus/50963", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50963);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0739\", \"CVE-2010-0827\", \"CVE-2010-0829\", \"CVE-2010-1440\");\n\n script_name(english:\"SuSE 11 Security Update : TeX (SAT Patch Number 2393)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted dvi files could cause buffer overflows in dvips and\ndvipng (CVE-2010-0827 / CVE-2010-0829 / CVE-2010-0739 /\nCVE-2010-1440). This has been fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=587794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0739.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0827.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1440.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 2393.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:texlive\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:texlive-cjk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:texlive-jadetex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:texlive-latex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:texlive-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"texlive-2007-219.32.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"texlive-cjk-2007-219.32.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"texlive-jadetex-2007-219.32.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"texlive-latex-2007-219.32.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"texlive-tools-2007-219.32.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"texlive-2007-219.32.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"texlive-cjk-2007-219.32.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"texlive-jadetex-2007-219.32.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"texlive-latex-2007-219.32.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"texlive-tools-2007-219.32.13.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:44:48", "description": "Multiple integer overflow flaws were found in the way teTeX processed\nspecial commands when converting DVI files into PostScript. An\nattacker could create a malicious DVI file that would cause the dvips\nexecutable to crash or, potentially, execute arbitrary code.\n(CVE-2010-0739, CVE-2010-1440)\n\nMultiple array index errors were found in the way teTeX converted DVI\nfiles into the Portable Network Graphics (PNG) format. An attacker\ncould create a malicious DVI file that would cause the dvipng\nexecutable to crash. (CVE-2010-0829)\n\nteTeX embeds a copy of Xpdf, an open source Portable Document Format\n(PDF) file viewer, to allow adding images in PDF format to the\ngenerated PDF documents. The following issues affect Xpdf code :\n\nMultiple integer overflow flaws were found in Xpdf's JBIG2 decoder. If\na local user generated a PDF file from a TeX document, referencing a\nspecially crafted PDF file, it would cause Xpdf to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning pdflatex. (CVE-2009-0147, CVE-2009-1179)\n\nMultiple integer overflow flaws were found in Xpdf. If a local user\ngenerated a PDF file from a TeX document, referencing a specially\ncrafted PDF file, it would cause Xpdf to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\npdflatex. (CVE-2009-0791, CVE-2009-3608, CVE-2009-3609) - Hide quoted\ntext -\n\nA heap-based buffer overflow flaw was found in Xpdf's JBIG2 decoder.\nIf a local user generated a PDF file from a TeX document, referencing\na specially crafted PDF file, it would cause Xpdf to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning pdflatex. (CVE-2009-0195)\n\nMultiple buffer overflow flaws were found in Xpdf's JBIG2 decoder. If\na local user generated a PDF file from a TeX document, referencing a\nspecially crafted PDF file, it would cause Xpdf to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning pdflatex. (CVE-2009-0146, CVE-2009-1182)\n\nMultiple flaws were found in Xpdf's JBIG2 decoder that could lead to\nthe freeing of arbitrary memory. If a local user generated a PDF file\nfrom a TeX document, referencing a specially crafted PDF file, it\nwould cause Xpdf to crash or, potentially, execute arbitrary code with\nthe privileges of the user running pdflatex. (CVE-2009-0166,\nCVE-2009-1180)\n\nMultiple input validation flaws were found in Xpdf's JBIG2 decoder. If\na local user generated a PDF file from a TeX document, referencing a\nspecially crafted PDF file, it would cause Xpdf to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning pdflatex. (CVE-2009-0800)\n\nMultiple denial of service flaws were found in Xpdf's JBIG2 decoder.\nIf a local user generated a PDF file from a TeX document, referencing\na specially crafted PDF file, it would cause Xpdf to crash.\n(CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)", "edition": 26, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : tetex on SL5.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3608", "CVE-2009-1181", "CVE-2009-0791", "CVE-2009-1180", "CVE-2009-0195", "CVE-2010-0829", "CVE-2010-1440", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-3609", "CVE-2009-0147", "CVE-2010-0739", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20100506_TETEX_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60791", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60791);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0195\", \"CVE-2009-0791\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-3608\", \"CVE-2009-3609\", \"CVE-2010-0739\", \"CVE-2010-0829\", \"CVE-2010-1440\");\n\n script_name(english:\"Scientific Linux Security Update : tetex on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple integer overflow flaws were found in the way teTeX processed\nspecial commands when converting DVI files into PostScript. An\nattacker could create a malicious DVI file that would cause the dvips\nexecutable to crash or, potentially, execute arbitrary code.\n(CVE-2010-0739, CVE-2010-1440)\n\nMultiple array index errors were found in the way teTeX converted DVI\nfiles into the Portable Network Graphics (PNG) format. An attacker\ncould create a malicious DVI file that would cause the dvipng\nexecutable to crash. (CVE-2010-0829)\n\nteTeX embeds a copy of Xpdf, an open source Portable Document Format\n(PDF) file viewer, to allow adding images in PDF format to the\ngenerated PDF documents. The following issues affect Xpdf code :\n\nMultiple integer overflow flaws were found in Xpdf's JBIG2 decoder. If\na local user generated a PDF file from a TeX document, referencing a\nspecially crafted PDF file, it would cause Xpdf to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning pdflatex. (CVE-2009-0147, CVE-2009-1179)\n\nMultiple integer overflow flaws were found in Xpdf. If a local user\ngenerated a PDF file from a TeX document, referencing a specially\ncrafted PDF file, it would cause Xpdf to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\npdflatex. (CVE-2009-0791, CVE-2009-3608, CVE-2009-3609) - Hide quoted\ntext -\n\nA heap-based buffer overflow flaw was found in Xpdf's JBIG2 decoder.\nIf a local user generated a PDF file from a TeX document, referencing\na specially crafted PDF file, it would cause Xpdf to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning pdflatex. (CVE-2009-0195)\n\nMultiple buffer overflow flaws were found in Xpdf's JBIG2 decoder. If\na local user generated a PDF file from a TeX document, referencing a\nspecially crafted PDF file, it would cause Xpdf to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning pdflatex. (CVE-2009-0146, CVE-2009-1182)\n\nMultiple flaws were found in Xpdf's JBIG2 decoder that could lead to\nthe freeing of arbitrary memory. If a local user generated a PDF file\nfrom a TeX document, referencing a specially crafted PDF file, it\nwould cause Xpdf to crash or, potentially, execute arbitrary code with\nthe privileges of the user running pdflatex. (CVE-2009-0166,\nCVE-2009-1180)\n\nMultiple input validation flaws were found in Xpdf's JBIG2 decoder. If\na local user generated a PDF file from a TeX document, referencing a\nspecially crafted PDF file, it would cause Xpdf to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning pdflatex. (CVE-2009-0800)\n\nMultiple denial of service flaws were found in Xpdf's JBIG2 decoder.\nIf a local user generated a PDF file from a TeX document, referencing\na specially crafted PDF file, it would cause Xpdf to crash.\n(CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1005&L=scientific-linux-errata&T=0&P=711\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ca430de8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"tetex-3.0-33.8.el5_5.5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tetex-afm-3.0-33.8.el5_5.5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tetex-doc-3.0-33.8.el5_5.5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tetex-dvips-3.0-33.8.el5_5.5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tetex-fonts-3.0-33.8.el5_5.5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tetex-latex-3.0-33.8.el5_5.5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tetex-xdvi-3.0-33.8.el5_5.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:07:45", "description": "Updated tetex packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nteTeX is an implementation of TeX. TeX takes a text file and a set of\nformatting commands as input, and creates a typesetter-independent\nDeVice Independent (DVI) file as output.\n\nMultiple integer overflow flaws were found in the way teTeX processed\nspecial commands when converting DVI files into PostScript. An\nattacker could create a malicious DVI file that would cause the dvips\nexecutable to crash or, potentially, execute arbitrary code.\n(CVE-2010-0739, CVE-2010-1440)\n\nMultiple array index errors were found in the way teTeX converted DVI\nfiles into the Portable Network Graphics (PNG) format. An attacker\ncould create a malicious DVI file that would cause the dvipng\nexecutable to crash. (CVE-2010-0829)\n\nteTeX embeds a copy of Xpdf, an open source Portable Document Format\n(PDF) file viewer, to allow adding images in PDF format to the\ngenerated PDF documents. The following issues affect Xpdf code :\n\nMultiple integer overflow flaws were found in Xpdf's JBIG2 decoder. If\na local user generated a PDF file from a TeX document, referencing a\nspecially crafted PDF file, it would cause Xpdf to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning pdflatex. (CVE-2009-0147, CVE-2009-1179)\n\nMultiple integer overflow flaws were found in Xpdf. If a local user\ngenerated a PDF file from a TeX document, referencing a specially\ncrafted PDF file, it would cause Xpdf to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\npdflatex. (CVE-2009-0791, CVE-2009-3608, CVE-2009-3609)\n\nA heap-based buffer overflow flaw was found in Xpdf's JBIG2 decoder.\nIf a local user generated a PDF file from a TeX document, referencing\na specially crafted PDF file, it would cause Xpdf to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning pdflatex. (CVE-2009-0195)\n\nMultiple buffer overflow flaws were found in Xpdf's JBIG2 decoder. If\na local user generated a PDF file from a TeX document, referencing a\nspecially crafted PDF file, it would cause Xpdf to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning pdflatex. (CVE-2009-0146, CVE-2009-1182)\n\nMultiple flaws were found in Xpdf's JBIG2 decoder that could lead to\nthe freeing of arbitrary memory. If a local user generated a PDF file\nfrom a TeX document, referencing a specially crafted PDF file, it\nwould cause Xpdf to crash or, potentially, execute arbitrary code with\nthe privileges of the user running pdflatex. (CVE-2009-0166,\nCVE-2009-1180)\n\nMultiple input validation flaws were found in Xpdf's JBIG2 decoder. If\na local user generated a PDF file from a TeX document, referencing a\nspecially crafted PDF file, it would cause Xpdf to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning pdflatex. (CVE-2009-0800)\n\nMultiple denial of service flaws were found in Xpdf's JBIG2 decoder.\nIf a local user generated a PDF file from a TeX document, referencing\na specially crafted PDF file, it would cause Xpdf to crash.\n(CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)\n\nRed Hat would like to thank Braden Thomas and Drew Yao of the Apple\nProduct Security team, Will Dormann of the CERT/CC, Alin Rad Pop of\nSecunia Research, and Chris Rohlf, for responsibly reporting the Xpdf\nflaws.\n\nAll users of tetex are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.", "edition": 27, "published": "2010-05-11T00:00:00", "title": "RHEL 5 : tetex (RHSA-2010:0400)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3608", "CVE-2009-1181", "CVE-2009-0791", "CVE-2009-1180", "CVE-2009-0195", "CVE-2010-0829", "CVE-2010-1440", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-3609", "CVE-2009-0147", "CVE-2010-0739", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2010-05-11T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tetex-afm", "p-cpe:/a:redhat:enterprise_linux:tetex-doc", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:tetex-fonts", "p-cpe:/a:redhat:enterprise_linux:tetex", "p-cpe:/a:redhat:enterprise_linux:tetex-xdvi", "p-cpe:/a:redhat:enterprise_linux:tetex-latex", "p-cpe:/a:redhat:enterprise_linux:tetex-dvips"], "id": "REDHAT-RHSA-2010-0400.NASL", "href": "https://www.tenable.com/plugins/nessus/46309", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0400. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46309);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0195\", \"CVE-2009-0791\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-3608\", \"CVE-2009-3609\", \"CVE-2010-0739\", \"CVE-2010-0829\", \"CVE-2010-1440\");\n script_bugtraq_id(34568, 34791, 35195, 36703, 39500, 39966, 39969);\n script_xref(name:\"RHSA\", value:\"2010:0400\");\n\n script_name(english:\"RHEL 5 : tetex (RHSA-2010:0400)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tetex packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nteTeX is an implementation of TeX. TeX takes a text file and a set of\nformatting commands as input, and creates a typesetter-independent\nDeVice Independent (DVI) file as output.\n\nMultiple integer overflow flaws were found in the way teTeX processed\nspecial commands when converting DVI files into PostScript. An\nattacker could create a malicious DVI file that would cause the dvips\nexecutable to crash or, potentially, execute arbitrary code.\n(CVE-2010-0739, CVE-2010-1440)\n\nMultiple array index errors were found in the way teTeX converted DVI\nfiles into the Portable Network Graphics (PNG) format. An attacker\ncould create a malicious DVI file that would cause the dvipng\nexecutable to crash. (CVE-2010-0829)\n\nteTeX embeds a copy of Xpdf, an open source Portable Document Format\n(PDF) file viewer, to allow adding images in PDF format to the\ngenerated PDF documents. The following issues affect Xpdf code :\n\nMultiple integer overflow flaws were found in Xpdf's JBIG2 decoder. If\na local user generated a PDF file from a TeX document, referencing a\nspecially crafted PDF file, it would cause Xpdf to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning pdflatex. (CVE-2009-0147, CVE-2009-1179)\n\nMultiple integer overflow flaws were found in Xpdf. If a local user\ngenerated a PDF file from a TeX document, referencing a specially\ncrafted PDF file, it would cause Xpdf to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\npdflatex. (CVE-2009-0791, CVE-2009-3608, CVE-2009-3609)\n\nA heap-based buffer overflow flaw was found in Xpdf's JBIG2 decoder.\nIf a local user generated a PDF file from a TeX document, referencing\na specially crafted PDF file, it would cause Xpdf to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning pdflatex. (CVE-2009-0195)\n\nMultiple buffer overflow flaws were found in Xpdf's JBIG2 decoder. If\na local user generated a PDF file from a TeX document, referencing a\nspecially crafted PDF file, it would cause Xpdf to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning pdflatex. (CVE-2009-0146, CVE-2009-1182)\n\nMultiple flaws were found in Xpdf's JBIG2 decoder that could lead to\nthe freeing of arbitrary memory. If a local user generated a PDF file\nfrom a TeX document, referencing a specially crafted PDF file, it\nwould cause Xpdf to crash or, potentially, execute arbitrary code with\nthe privileges of the user running pdflatex. (CVE-2009-0166,\nCVE-2009-1180)\n\nMultiple input validation flaws were found in Xpdf's JBIG2 decoder. If\na local user generated a PDF file from a TeX document, referencing a\nspecially crafted PDF file, it would cause Xpdf to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning pdflatex. (CVE-2009-0800)\n\nMultiple denial of service flaws were found in Xpdf's JBIG2 decoder.\nIf a local user generated a PDF file from a TeX document, referencing\na specially crafted PDF file, it would cause Xpdf to crash.\n(CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)\n\nRed Hat would like to thank Braden Thomas and Drew Yao of the Apple\nProduct Security team, Will Dormann of the CERT/CC, Alin Rad Pop of\nSecunia Research, and Chris Rohlf, for responsibly reporting the Xpdf\nflaws.\n\nAll users of tetex are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0146\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0147\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0195\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0791\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1179\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1180\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3608\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3609\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0400\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tetex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tetex-afm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tetex-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tetex-dvips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tetex-fonts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tetex-latex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tetex-xdvi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0400\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tetex-3.0-33.8.el5_5.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tetex-3.0-33.8.el5_5.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tetex-3.0-33.8.el5_5.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tetex-afm-3.0-33.8.el5_5.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tetex-afm-3.0-33.8.el5_5.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tetex-afm-3.0-33.8.el5_5.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tetex-doc-3.0-33.8.el5_5.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tetex-doc-3.0-33.8.el5_5.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tetex-doc-3.0-33.8.el5_5.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tetex-dvips-3.0-33.8.el5_5.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tetex-dvips-3.0-33.8.el5_5.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tetex-dvips-3.0-33.8.el5_5.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tetex-fonts-3.0-33.8.el5_5.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tetex-fonts-3.0-33.8.el5_5.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tetex-fonts-3.0-33.8.el5_5.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tetex-latex-3.0-33.8.el5_5.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tetex-latex-3.0-33.8.el5_5.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tetex-latex-3.0-33.8.el5_5.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tetex-xdvi-3.0-33.8.el5_5.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tetex-xdvi-3.0-33.8.el5_5.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tetex-xdvi-3.0-33.8.el5_5.5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tetex / tetex-afm / tetex-doc / tetex-dvips / tetex-fonts / etc\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1284", "CVE-2010-0739", "CVE-2010-0829", "CVE-2010-1440"], "description": "TeXLive is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a printable file as output. Usually, TeX is used in conjunction with a higher level formatting package like LaTeX or PlainTeX, since TeX by itself is not very user-friendly. Install texlive if you want to use the TeX text formatting system. Consider to install texlive-latex (a higher level formatting package which provides an easier-to-use interface for TeX). The TeX documentation is located in the texlive-doc package. ", "modified": "2010-05-18T21:51:53", "published": "2010-05-18T21:51:53", "id": "FEDORA:DB73D110819", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: texlive-2007-47.fc11", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0739", "CVE-2010-0829", "CVE-2010-1440"], "description": "TeXLive is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a printable file as output. Usually, TeX is used in conjunction with a higher level formatting package like LaTeX or PlainTeX, since TeX by itself is not very user-friendly. Install texlive if you want to use the TeX text formatting system. Consider to install texlive-latex (a higher level formatting package which provides an easier-to-use interface for TeX). The TeX documentation is located in the texlive-doc package. ", "modified": "2010-05-18T21:44:16", "published": "2010-05-18T21:44:16", "id": "FEDORA:A440F1114E9", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: texlive-2007-51.fc13", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0739", "CVE-2010-0829", "CVE-2010-1440"], "description": "TeXLive is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a printable file as output. Usually, TeX is used in conjunction with a higher level formatting package like LaTeX or PlainTeX, since TeX by itself is not very user-friendly. Install texlive if you want to use the TeX text formatting system. Consider to install texlive-latex (a higher level formatting package which provides an easier-to-use interface for TeX). The TeX documentation is located in the texlive-doc package. ", "modified": "2010-05-18T21:49:45", "published": "2010-05-18T21:49:45", "id": "FEDORA:280C5110805", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: texlive-2007-48.fc12", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-09T00:30:11", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1440", "CVE-2010-0827", "CVE-2010-0739", "CVE-2009-1284"], "description": "It was discovered that TeX Live incorrectly handled certain long .bib \nbibliography files. If a user or automated system were tricked into \nprocessing a specially crafted bib file, an attacker could cause a denial \nof service via application crash. This issue only affected Ubuntu 8.04 LTS, \n9.04 and 9.10. (CVE-2009-1284)\n\nMarc Schoenefeld, Karel \u0160rot and Ludwig Nussel discovered that TeX Live \nincorrectly handled certain malformed dvi files. If a user or automated \nsystem were tricked into processing a specially crafted dvi file, an \nattacker could cause a denial of service via application crash, or possibly \nexecute arbitrary code with the privileges of the user invoking the \nprogram. (CVE-2010-0739, CVE-2010-1440)\n\nDan Rosenberg discovered that TeX Live incorrectly handled certain \nmalformed dvi files. If a user or automated system were tricked into \nprocessing a specially crafted dvi file, an attacker could cause a denial \nof service via application crash, or possibly execute arbitrary code with \nthe privileges of the user invoking the program. (CVE-2010-0827)", "edition": 68, "modified": "2010-05-06T00:00:00", "published": "2010-05-06T00:00:00", "id": "USN-937-1", "href": "https://ubuntu.com/security/notices/USN-937-1", "title": "TeX Live vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-09T00:28:24", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3608", "CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0195", "CVE-2009-3606", "CVE-2009-0799", "CVE-2009-0165", "CVE-2009-0166", "CVE-2009-3609", "CVE-2009-0147", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "description": "Will Dormann, Alin Rad Pop, Braden Thomas, and Drew Yao discovered that the \nXpdf used in KOffice contained multiple security issues in its JBIG2 \ndecoder. If a user or automated system were tricked into opening a crafted \nPDF file, an attacker could cause a denial of service or execute arbitrary \ncode with privileges of the user invoking the program. (CVE-2009-0146, \nCVE-2009-0147, CVE-2009-0166, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, \nCVE-2009-1180, CVE-2009-1181)\n\nIt was discovered that the Xpdf used in KOffice contained multiple security \nissues when parsing malformed PDF documents. If a user or automated system \nwere tricked into opening a crafted PDF file, an attacker could cause a \ndenial of service or execute arbitrary code with privileges of the user \ninvoking the program. (CVE-2009-3606, CVE-2009-3608, CVE-2009-3609)\n\nKOffice in Ubuntu 9.04 uses a very old version of Xpdf to import PDFs into \nKWord. Upstream KDE no longer supports PDF import in KOffice and as a \nresult it was dropped in Ubuntu 9.10. While an attempt was made to fix the \nabove issues, the maintenance burden for supporting this very old version \nof Xpdf outweighed its utility, and PDF import is now also disabled in \nUbuntu 9.04.", "edition": 5, "modified": "2010-08-17T00:00:00", "published": "2010-08-17T00:00:00", "id": "USN-973-1", "href": "https://ubuntu.com/security/notices/USN-973-1", "title": "KOffice vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:42", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1440", "CVE-2010-0827", "CVE-2010-0739", "CVE-2009-1284"], "edition": 1, "description": "### Background\n\nTeX Live is a complete TeX distribution.\n\n### Description\n\nMultiple vulnerabilities have been discovered in texlive-core. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nThese vulnerabilities might allow user-assisted remote attackers to execute arbitrary code via a specially-crafted DVI file, or cause a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll texlive-core users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/texlive-core-2009-r2\"", "modified": "2012-06-25T00:00:00", "published": "2012-06-25T00:00:00", "id": "GLSA-201206-28", "href": "https://security.gentoo.org/glsa/201206-28", "type": "gentoo", "title": "TeX Live: Multiple vulnerabilities", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-06T19:46:29", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0164", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-0146", "CVE-2009-0163"], "edition": 1, "description": "### Background\n\nCUPS, the Common Unix Printing System, is a full-featured print server. \n\n### Description\n\nThe following issues were reported in CUPS: \n\n * iDefense reported an integer overflow in the _cupsImageReadTIFF() function in the \"imagetops\" filter, leading to a heap-based buffer overflow (CVE-2009-0163).\n * Aaron Siegel of Apple Product Security reported that the CUPS web interface does not verify the content of the \"Host\" HTTP header properly (CVE-2009-0164).\n * Braden Thomas and Drew Yao of Apple Product Security reported that CUPS is vulnerable to CVE-2009-0146, CVE-2009-0147 and CVE-2009-0166, found earlier in xpdf and poppler.\n\n### Impact\n\nA remote attacker might send or entice a user to send a specially crafted print job to CUPS, possibly resulting in the execution of arbitrary code with the privileges of the configured CUPS user -- by default this is \"lp\", or a Denial of Service. Furthermore, the web interface could be used to conduct DNS rebinding attacks. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll CUPS users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-print/cups-1.3.10\"", "modified": "2009-04-23T00:00:00", "published": "2009-04-23T00:00:00", "id": "GLSA-200904-20", "href": "https://security.gentoo.org/glsa/200904-20", "type": "gentoo", "title": "CUPS: Multiple vulnerabilities", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:34", "bulletinFamily": "software", "cvelist": ["CVE-2010-1440", "CVE-2010-0827", "CVE-2010-0739", "CVE-2009-1284"], "description": "===========================================================\r\nUbuntu Security Notice USN-937-1 May 06, 2010\r\ntexlive-bin vulnerabilities\r\nCVE-2009-1284, CVE-2010-0739, CVE-2010-0827, CVE-2010-1440\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 8.04 LTS\r\nUbuntu 9.04\r\nUbuntu 9.10\r\nUbuntu 10.04 LTS\r\n\r\nThis advisory also applies to the corresponding versions of\r\nKubuntu, Edubuntu, and Xubuntu.\r\n\r\nThe problem can be corrected by upgrading your system to the\r\nfollowing package versions:\r\n\r\nUbuntu 8.04 LTS:\r\n texlive-base-bin 2007.dfsg.1-2ubuntu0.1\r\n\r\nUbuntu 9.04:\r\n texlive-base-bin 2007.dfsg.2-4ubuntu2.1\r\n\r\nUbuntu 9.10:\r\n texlive-base-bin 2007.dfsg.2-7ubuntu1.1\r\n\r\nUbuntu 10.04 LTS:\r\n texlive-binaries 2009-5ubuntu0.1\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nDetails follow:\r\n\r\nIt was discovered that TeX Live incorrectly handled certain long .bib\r\nbibliography files. If a user or automated system were tricked into\r\nprocessing a specially crafted bib file, an attacker could cause a denial\r\nof service via application crash. This issue only affected Ubuntu 8.04 LTS,\r\n9.04 and 9.10. (CVE-2009-1284)\r\n\r\nMarc Schoenefeld, Karel Srot and Ludwig Nussel discovered that TeX Live\r\nincorrectly handled certain malformed dvi files. If a user or automated\r\nsystem were tricked into processing a specially crafted dvi file, an\r\nattacker could cause a denial of service via application crash, or possibly\r\nexecute arbitrary code with the privileges of the user invoking the\r\nprogram. (CVE-2010-0739, CVE-2010-1440)\r\n\r\nDan Rosenberg discovered that TeX Live incorrectly handled certain\r\nmalformed dvi files. If a user or automated system were tricked into\r\nprocessing a specially crafted dvi file, an attacker could cause a denial\r\nof service via application crash, or possibly execute arbitrary code with\r\nthe privileges of the user invoking the program. (CVE-2010-0827)\r\n\r\n\r\nUpdated packages for Ubuntu 8.04 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-bin_2007.dfsg.1-2ubuntu0.1.diff.gz\r\n Size/MD5: 232440 57916604c614689a01685a191e88258e\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-bin_2007.dfsg.1-2ubuntu0.1.dsc\r\n Size/MD5: 1324 c99680c940f5ce0a8a637f923958b5e0\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-bin_2007.dfsg.1.orig.tar.gz\r\n Size/MD5: 70262321 8c96d9dee6574a23f35982a60f75a8e9\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.1-2ubuntu0.1_amd64.deb\r\n Size/MD5: 157496 3a443c0f131af32761ef10a328aa33b5\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.1-2ubuntu0.1_amd64.deb\r\n Size/MD5: 114660 d512aa89320da7e075ff88696521d8d5\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.1-2ubuntu0.1_amd64.deb\r\n Size/MD5: 8602760 e04ed21100816cb8ce4dc3848cfbb38b\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.1-2ubuntu0.1_amd64.deb\r\n Size/MD5: 2647322 b39c2559fa087fd60a44b44a08230d4e\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.1-2ubuntu0.1_amd64.deb\r\n Size/MD5: 649320 3eaf463fcfd40368859f012bdae17008\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.1-2ubuntu0.1_amd64.deb\r\n Size/MD5: 996998 c51066459d553d1eaf1e9007e9d2ccda\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.1-2ubuntu0.1_amd64.deb\r\n Size/MD5: 6703196 92632c178473fa99243dece1a5d74666\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.1-2ubuntu0.1_amd64.deb\r\n Size/MD5: 6792992 911838b2a3c6f0b218902f1ff39a50c1\r\n http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-metapost_2007.dfsg.1-2ubuntu0.1_amd64.deb\r\n Size/MD5: 598294 4cff95b67706ac3a232886d501dd2eec\r\n http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-music_2007.dfsg.1-2ubuntu0.1_amd64.deb\r\n Size/MD5: 1715496 fac485d66754efb7e748d7f53a790995\r\n http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-omega_2007.dfsg.1-2ubuntu0.1_amd64.deb\r\n Size/MD5: 2789356 455b37232463313ad5bbf714b074d086\r\n http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-xetex_2007.dfsg.1-2ubuntu0.1_amd64.deb\r\n Size/MD5: 6454074 559ef95a4a1a9ed3f3a9ffcd9a99c94c\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.1-2ubuntu0.1_i386.deb\r\n Size/MD5: 150322 3e37c5adef9280b413ad7b989a61e516\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.1-2ubuntu0.1_i386.deb\r\n Size/MD5: 112434 ae90b53a790619fa4fc577fb1ed1ce87\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.1-2ubuntu0.1_i386.deb\r\n Size/MD5: 8602774 23891dd633d999e49e44b08f8039d7d0\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.1-2ubuntu0.1_i386.deb\r\n Size/MD5: 2383998 eb537ea2278c63a775319374f8087f15\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.1-2ubuntu0.1_i386.deb\r\n Size/MD5: 573342 767840105483b1f79ee7bb48557bd3f5\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.1-2ubuntu0.1_i386.deb\r\n Size/MD5: 961696 47331bf706c24204db28d401a508c568\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.1-2ubuntu0.1_i386.deb\r\n Size/MD5: 6701628 3655d2cae86230bdee8e9aacb6f4d1f5\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.1-2ubuntu0.1_i386.deb\r\n Size/MD5: 6793020 98f36babea9b2acdd5844678964ee425\r\n http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-metapost_2007.dfsg.1-2ubuntu0.1_i386.deb\r\n Size/MD5: 561102 6a114628b024d0c91ac9ed4a87c06e69\r\n http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-music_2007.dfsg.1-2ubuntu0.1_i386.deb\r\n Size/MD5: 1715506 4c128393a8a1727cd643147001ca3940\r\n http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-omega_2007.dfsg.1-2ubuntu0.1_i386.deb\r\n Size/MD5: 2669080 c005c81fecfaf5593ae934b2fbf01b7c\r\n http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-xetex_2007.dfsg.1-2ubuntu0.1_i386.deb\r\n Size/MD5: 6366524 65e43069198910abba054179cc631f30\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.1-2ubuntu0.1_lpia.deb\r\n Size/MD5: 150368 56df65d9c356de18d998943644e7cfca\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.1-2ubuntu0.1_lpia.deb\r\n Size/MD5: 112256 28ba175b7bd8845f80b419dcad183bc2\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.1-2ubuntu0.1_lpia.deb\r\n Size/MD5: 8602762 e1a47383a9a26768c3506e375bd0b7b6\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.1-2ubuntu0.1_lpia.deb\r\n Size/MD5: 2414550 54a4860933c6260481a5e1d0f55a1a2f\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.1-2ubuntu0.1_lpia.deb\r\n Size/MD5: 578348 c5ba4294373053e647a454887baec414\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.1-2ubuntu0.1_lpia.deb\r\n Size/MD5: 964394 9b9d8a643ab69f883617555f11eb0efe\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.1-2ubuntu0.1_lpia.deb\r\n Size/MD5: 6701594 e08701287186bae099e0e8c217b091cb\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.1-2ubuntu0.1_lpia.deb\r\n Size/MD5: 6792974 5e61f08e1b6aee8705f12a06e5effa2d\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-metapost_2007.dfsg.1-2ubuntu0.1_lpia.deb\r\n Size/MD5: 565580 1484ed100b6c35cff8440c023f88be79\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-music_2007.dfsg.1-2ubuntu0.1_lpia.deb\r\n Size/MD5: 1715520 1a92d33826216d4ed7dbeeddeff783e2\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-omega_2007.dfsg.1-2ubuntu0.1_lpia.deb\r\n Size/MD5: 2682388 3f3a0b899f73c2e62203a17ae6c96d34\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-xetex_2007.dfsg.1-2ubuntu0.1_lpia.deb\r\n Size/MD5: 6387538 e55ab6b582618a560dc734d16d0ab578\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.1-2ubuntu0.1_powerpc.deb\r\n Size/MD5: 159804 0b558b82f36793540fca99839c8feb0f\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.1-2ubuntu0.1_powerpc.deb\r\n Size/MD5: 119658 ef3446c9ece96c8aa44ab93297637a0e\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.1-2ubuntu0.1_powerpc.deb\r\n Size/MD5: 8602764 a1db480b79a602217ea89be5a93bd370\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.1-2ubuntu0.1_powerpc.deb\r\n Size/MD5: 2660712 e8dfdc6959ff7bacb4f845a4a24f6f48\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.1-2ubuntu0.1_powerpc.deb\r\n Size/MD5: 698106 36c371a5ff37a5de7cd427ea877a77c8\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.1-2ubuntu0.1_powerpc.deb\r\n Size/MD5: 1017276 fdb2a9654a990795c8d3c57368fafe77\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.1-2ubuntu0.1_powerpc.deb\r\n Size/MD5: 6704498 4709a0f302f5346a3d6ab5c3fbcc2082\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.1-2ubuntu0.1_powerpc.deb\r\n Size/MD5: 6793068 28ae564353f52010ad92a7338d30ab06\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-metapost_2007.dfsg.1-2ubuntu0.1_powerpc.deb\r\n Size/MD5: 604766 5600c51f97b0771d855e77cc700c8ba8\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-music_2007.dfsg.1-2ubuntu0.1_powerpc.deb\r\n Size/MD5: 1715544 42d9701b7ae5b4b1ae321319d007da87\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-omega_2007.dfsg.1-2ubuntu0.1_powerpc.deb\r\n Size/MD5: 2777364 ce1b6c68fa568cc2f91087fe9f4ed5f5\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-xetex_2007.dfsg.1-2ubuntu0.1_powerpc.deb\r\n Size/MD5: 6574064 b62fe7def1df5581d2f4c4c89dc2990b\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.1-2ubuntu0.1_sparc.deb\r\n Size/MD5: 155430 5f7a48c2c5c736030c3df948f1d0c362\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.1-2ubuntu0.1_sparc.deb\r\n Size/MD5: 114680 709b660a1e0cbf3ba90a33c6fd4ae9a6\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.1-2ubuntu0.1_sparc.deb\r\n Size/MD5: 8602826 678335c487ebdcc9f5d7b4ae6eaa6989\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.1-2ubuntu0.1_sparc.deb\r\n Size/MD5: 2516432 fe8d7e4b51df322ec8b52e8dff6f352a\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.1-2ubuntu0.1_sparc.deb\r\n Size/MD5: 619554 3a81871a23af2c8853f224a07413bb47\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.1-2ubuntu0.1_sparc.deb\r\n Size/MD5: 985088 1e6bcd5a9a680c39717f5e9350769d62\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.1-2ubuntu0.1_sparc.deb\r\n Size/MD5: 6703370 cc8073eb404d5e90f0189479d601faed\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.1-2ubuntu0.1_sparc.deb\r\n Size/MD5: 6793070 4dd9b3a4103cd52b8b429467f90176d9\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-metapost_2007.dfsg.1-2ubuntu0.1_sparc.deb\r\n Size/MD5: 580058 94e31f98e5fbede1ee2880d28eea0c6f\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-music_2007.dfsg.1-2ubuntu0.1_sparc.deb\r\n Size/MD5: 1715528 7d97f730d78769c8b217e530020ab723\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-omega_2007.dfsg.1-2ubuntu0.1_sparc.deb\r\n Size/MD5: 2739914 3c3bc39c03cb142937920cf9b0a1abff\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-xetex_2007.dfsg.1-2ubuntu0.1_sparc.deb\r\n Size/MD5: 6466140 e97ad23b5187f27548a90c9b0e579593\r\n\r\nUpdated packages for Ubuntu 9.04:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-bin_2007.dfsg.2-4ubuntu2.1.diff.gz\r\n Size/MD5: 359647 ce7d11c058bd0b30d450f4281623f580\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-bin_2007.dfsg.2-4ubuntu2.1.dsc\r\n Size/MD5: 1815 3e997ed5b8f14b354bf9846219f0d0a2\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-bin_2007.dfsg.2.orig.tar.gz\r\n Size/MD5: 70727055 9b62b03b38f157b1ca9bfbd05d6c8bc7\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.2-4ubuntu2.1_amd64.deb\r\n Size/MD5: 165462 c817fb7834cf85cb859931aca146e3cd\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.2-4ubuntu2.1_amd64.deb\r\n Size/MD5: 122884 223add751ec5b893ab499cc1464a4888\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.2-4ubuntu2.1_amd64.deb\r\n Size/MD5: 8610450 a05c656c36efb82967f1f9e351de3329\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.2-4ubuntu2.1_amd64.deb\r\n Size/MD5: 2628888 fea20d04f52deae0eea6fbb08dd9706c\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.2-4ubuntu2.1_amd64.deb\r\n Size/MD5: 683604 32214e7ecfb3668a82c583a3345dbf3a\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.2-4ubuntu2.1_amd64.deb\r\n Size/MD5: 1292308 37c669c3635066d40161fdcc74981619\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.2-4ubuntu2.1_amd64.deb\r\n Size/MD5: 6715016 f07f790ed5c6199252590d00c33001d7\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.2-4ubuntu2.1_amd64.deb\r\n Size/MD5: 6801110 e76f67e032106485253f72fbfdb27e2d\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-xetex_2007.dfsg.2-4ubuntu2.1_amd64.deb\r\n Size/MD5: 6420210 ef6acde6a45526a5b06c0d3a1d91f552\r\n http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-metapost_2007.dfsg.2-4ubuntu2.1_amd64.deb\r\n Size/MD5: 639724 34625c6efff225b6846035c315c00173\r\n http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-music_2007.dfsg.2-4ubuntu2.1_amd64.deb\r\n Size/MD5: 1723142 8ceff3c7256459df5146e9856bbe4d32\r\n http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-omega_2007.dfsg.2-4ubuntu2.1_amd64.deb\r\n Size/MD5: 2804494 8c3cc43e5a886821314ee15f320bdc92\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.2-4ubuntu2.1_i386.deb\r\n Size/MD5: 158696 6cbaee28329477e85d325b4214545422\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.2-4ubuntu2.1_i386.deb\r\n Size/MD5: 120528 8ad1ef6ea506d14da2418c5908dace84\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.2-4ubuntu2.1_i386.deb\r\n Size/MD5: 8610434 c67cbb7fe9950d2502d9c4869e7e2bec\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.2-4ubuntu2.1_i386.deb\r\n Size/MD5: 2358188 48b81b354a9b153aa44994e61c8eeef8\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.2-4ubuntu2.1_i386.deb\r\n Size/MD5: 602656 ab0e3e7585904e847905926de77e916e\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.2-4ubuntu2.1_i386.deb\r\n Size/MD5: 1257916 bf8b83d35185c652fd408849d00e80dd\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.2-4ubuntu2.1_i386.deb\r\n Size/MD5: 6713590 f910e4b330e046046fe617eba15753e0\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.2-4ubuntu2.1_i386.deb\r\n Size/MD5: 6801202 bc4bb99b7f092bf225d9c1d580af11ee\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-xetex_2007.dfsg.2-4ubuntu2.1_i386.deb\r\n Size/MD5: 6331334 a394cc5265c45034c159c13fd4cfa903\r\n http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-metapost_2007.dfsg.2-4ubuntu2.1_i386.deb\r\n Size/MD5: 601138 ad3b552fdc809748f6f77fbd0eadf721\r\n http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-music_2007.dfsg.2-4ubuntu2.1_i386.deb\r\n Size/MD5: 1723202 4c99b2415fc6aa4ff813ffd6b065321a\r\n http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-omega_2007.dfsg.2-4ubuntu2.1_i386.deb\r\n Size/MD5: 2681266 e3643f3fae0aea8735159920b61409b4\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.2-4ubuntu2.1_lpia.deb\r\n Size/MD5: 158538 3394295db6e6b2e624b1b8094285fc81\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.2-4ubuntu2.1_lpia.deb\r\n Size/MD5: 120194 98f7d9213ab74efec2d0b0aca2f89217\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.2-4ubuntu2.1_lpia.deb\r\n Size/MD5: 8610432 2f85c50fe52afd0b08092e3453cf8ad1\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.2-4ubuntu2.1_lpia.deb\r\n Size/MD5: 2383522 0bf8158dd496feb21060e61a4219c01c\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.2-4ubuntu2.1_lpia.deb\r\n Size/MD5: 607334 0615e2d622882c0b75177b2d48ae8468\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.2-4ubuntu2.1_lpia.deb\r\n Size/MD5: 1258184 e8e43208babe597dc2a30f42a0837efa\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.2-4ubuntu2.1_lpia.deb\r\n Size/MD5: 6713338 624151e54f2d71aebf361512c4e08bb0\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.2-4ubuntu2.1_lpia.deb\r\n Size/MD5: 6801166 541c05d3830c65911ec941cbe4528fcb\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-xetex_2007.dfsg.2-4ubuntu2.1_lpia.deb\r\n Size/MD5: 6345048 ee44eca565f27dd958cbcf416471a541\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-metapost_2007.dfsg.2-4ubuntu2.1_lpia.deb\r\n Size/MD5: 604260 922572ebe9bd103e55f3cf5366a16b9f\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-music_2007.dfsg.2-4ubuntu2.1_lpia.deb\r\n Size/MD5: 1723164 90c80aabe55eebee6a63cad6e18bb5cf\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-omega_2007.dfsg.2-4ubuntu2.1_lpia.deb\r\n Size/MD5: 2691874 135d72612887efab28fe228cf353d759\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.2-4ubuntu2.1_powerpc.deb\r\n Size/MD5: 167846 c2169ce87edd90661f12b1ec7b15b2ae\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.2-4ubuntu2.1_powerpc.deb\r\n Size/MD5: 127588 af7826c61138a00cb549fd59a22a0b36\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.2-4ubuntu2.1_powerpc.deb\r\n Size/MD5: 8610442 ec732d26794f3cc951c652f9135e8622\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.2-4ubuntu2.1_powerpc.deb\r\n Size/MD5: 2638622 6d217ff5c2a102dc7c67f1ede2fd9ea1\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.2-4ubuntu2.1_powerpc.deb\r\n Size/MD5: 731882 2e9e52f438dca627348af8eb56c24bed\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.2-4ubuntu2.1_powerpc.deb\r\n Size/MD5: 1311134 d565efc064aa1434e4e8504073261f9e\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.2-4ubuntu2.1_powerpc.deb\r\n Size/MD5: 6716338 634cd359de98ff217de9d041c2750360\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.2-4ubuntu2.1_powerpc.deb\r\n Size/MD5: 6801182 cc26651bd2934deec7c414993d9953fe\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-xetex_2007.dfsg.2-4ubuntu2.1_powerpc.deb\r\n Size/MD5: 6516376 6223a1c13952a27f16156e69619985c9\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-metapost_2007.dfsg.2-4ubuntu2.1_powerpc.deb\r\n Size/MD5: 646888 138369532005cdf4fb8dc77092f2675d\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-music_2007.dfsg.2-4ubuntu2.1_powerpc.deb\r\n Size/MD5: 1723222 15692ba2f697b346b575318988a3a3eb\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-omega_2007.dfsg.2-4ubuntu2.1_powerpc.deb\r\n Size/MD5: 2801028 db37ae73b09217bac67aa646e0eddcfc\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.2-4ubuntu2.1_sparc.deb\r\n Size/MD5: 162516 46d6aeeeb7f60c4fa62301ce6014794e\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.2-4ubuntu2.1_sparc.deb\r\n Size/MD5: 122296 0c31ba4660bf3370a4b22430e2cd02c1\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.2-4ubuntu2.1_sparc.deb\r\n Size/MD5: 8610424 4581c1e196deaba2ce3eb393962c15d4\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.2-4ubuntu2.1_sparc.deb\r\n Size/MD5: 2510782 13ce8627e986faae459e46fddeab4d73\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.2-4ubuntu2.1_sparc.deb\r\n Size/MD5: 655056 598254effdef393fbadc496403c80c74\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.2-4ubuntu2.1_sparc.deb\r\n Size/MD5: 1282340 d2d6536cab4823046ed2897dd7d87e1c\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.2-4ubuntu2.1_sparc.deb\r\n Size/MD5: 6715418 25246b96532482e88a2721e7c1d3d092\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.2-4ubuntu2.1_sparc.deb\r\n Size/MD5: 6801150 9a45197f73432a6d138dbe9d99baac25\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-xetex_2007.dfsg.2-4ubuntu2.1_sparc.deb\r\n Size/MD5: 6423334 74025318f610fc7bdd2a7846bd8dea4b\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-metapost_2007.dfsg.2-4ubuntu2.1_sparc.deb\r\n Size/MD5: 623424 a38c5e791237fb744e395f4e2f25c88e\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-music_2007.dfsg.2-4ubuntu2.1_sparc.deb\r\n Size/MD5: 1723168 fee6884712e6a17f49eb9cc420188129\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-omega_2007.dfsg.2-4ubuntu2.1_sparc.deb\r\n Size/MD5: 2761884 af3d208b33668f96d3729a1ceb691407\r\n\r\nUpdated packages for Ubuntu 9.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-bin_2007.dfsg.2-7ubuntu1.1.diff.gz\r\n Size/MD5: 370730 9e066108c7e5cf93566bd2ed967d39e2\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-bin_2007.dfsg.2-7ubuntu1.1.dsc\r\n Size/MD5: 1833 d03412d12872c44154681014b4d11149\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-bin_2007.dfsg.2.orig.tar.gz\r\n Size/MD5: 70727055 9b62b03b38f157b1ca9bfbd05d6c8bc7\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.2-7ubuntu1.1_amd64.deb\r\n Size/MD5: 166956 7beb18240a1289e778e2ec6143bb9646\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.2-7ubuntu1.1_amd64.deb\r\n Size/MD5: 123954 4f23d93c385f2c7dabb1a17819274c0f\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.2-7ubuntu1.1_amd64.deb\r\n Size/MD5: 8611244 9ca303b561835bff9b44545e153a4254\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.2-7ubuntu1.1_amd64.deb\r\n Size/MD5: 2642970 5d920272d4441a8ddc7c94f1fb4ed9cd\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.2-7ubuntu1.1_amd64.deb\r\n Size/MD5: 688900 22677e66b377c4b7f8bfbccf6c1fd3f4\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.2-7ubuntu1.1_amd64.deb\r\n Size/MD5: 1294376 c29b1149f7a1bb9bd98e080bd892b3f1\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.2-7ubuntu1.1_amd64.deb\r\n Size/MD5: 6716782 b3467d6c0ad4b4d7ff3a9f89eabfbea4\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.2-7ubuntu1.1_amd64.deb\r\n Size/MD5: 6802130 66e264a87fa4938d921ff7b4fae86340\r\n http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-metapost_2007.dfsg.2-7ubuntu1.1_amd64.deb\r\n Size/MD5: 642528 b0acbc78377c0eea74f3be5777d0b8db\r\n http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-music_2007.dfsg.2-7ubuntu1.1_amd64.deb\r\n Size/MD5: 1724582 862ca8fdb69668bc1e7ea928935aa8ee\r\n http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-omega_2007.dfsg.2-7ubuntu1.1_amd64.deb\r\n Size/MD5: 2820784 b9f834a83e123795380922e921b10a2d\r\n http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-xetex_2007.dfsg.2-7ubuntu1.1_amd64.deb\r\n Size/MD5: 6427404 5a202cd0a74c169d28d7b1aa3148c98e\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.2-7ubuntu1.1_i386.deb\r\n Size/MD5: 159870 18c3b66218a960c3c6b47efab46ac449\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.2-7ubuntu1.1_i386.deb\r\n Size/MD5: 121558 5611c6ec2670890a4c687fff5d0650ea\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.2-7ubuntu1.1_i386.deb\r\n Size/MD5: 8611212 99d0d42ac5afd0b274889b9044870f30\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.2-7ubuntu1.1_i386.deb\r\n Size/MD5: 2367810 9d5c16f1bc7208af4465168dee23fa9f\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.2-7ubuntu1.1_i386.deb\r\n Size/MD5: 605434 004837c3975cf7c3ca7243f865d95b28\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.2-7ubuntu1.1_i386.deb\r\n Size/MD5: 1259760 29cdfcd16d5edf0615037b9ee542daaa\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.2-7ubuntu1.1_i386.deb\r\n Size/MD5: 6715130 15b3dcf4c64b9df8b807094b96db5f99\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.2-7ubuntu1.1_i386.deb\r\n Size/MD5: 6802102 16cd6032d7f45e89071bddb4e68f1469\r\n http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-metapost_2007.dfsg.2-7ubuntu1.1_i386.deb\r\n Size/MD5: 604348 a76b3019dc8b62a6aa4bac64af76b798\r\n http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-music_2007.dfsg.2-7ubuntu1.1_i386.deb\r\n Size/MD5: 1724588 082d700e3dfabfd766b069d940a36c1a\r\n http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-omega_2007.dfsg.2-7ubuntu1.1_i386.deb\r\n Size/MD5: 2689608 36a0589de9187ecedb5005da147f27f1\r\n http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-xetex_2007.dfsg.2-7ubuntu1.1_i386.deb\r\n Size/MD5: 6344260 7a0e09629e9b321efb53d26811130c4a\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.2-7ubuntu1.1_lpia.deb\r\n Size/MD5: 160122 5282f8875c9282ad555082a1601dfe69\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.2-7ubuntu1.1_lpia.deb\r\n Size/MD5: 121490 7d134d12cd865f3d7fca3d9c3a1f177a\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.2-7ubuntu1.1_lpia.deb\r\n Size/MD5: 8611222 e091d389a556cca704344bb20968421c\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.2-7ubuntu1.1_lpia.deb\r\n Size/MD5: 2396624 6a5fd16ae2cbf32be0d486747fb98840\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.2-7ubuntu1.1_lpia.deb\r\n Size/MD5: 613542 76562d6d7e532d389230be20631220fd\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.2-7ubuntu1.1_lpia.deb\r\n Size/MD5: 1261552 ff48bf063ceac134c105bbd8ce71ca57\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.2-7ubuntu1.1_lpia.deb\r\n Size/MD5: 6715096 a671997d9a583eea45932eec174a5626\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.2-7ubuntu1.1_lpia.deb\r\n Size/MD5: 6802070 3b6e991e99c7adff752c51ec38018818\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-metapost_2007.dfsg.2-7ubuntu1.1_lpia.deb\r\n Size/MD5: 607050 d374ff9bc32b7031044b219fa1a30f37\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-music_2007.dfsg.2-7ubuntu1.1_lpia.deb\r\n Size/MD5: 1724564 9cbc738ee795248deda534aa214465df\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-omega_2007.dfsg.2-7ubuntu1.1_lpia.deb\r\n Size/MD5: 2700382 8443f051013aae76e719578593e71269\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-xetex_2007.dfsg.2-7ubuntu1.1_lpia.deb\r\n Size/MD5: 6364862 d0cd9ce5f585567d24730091ef6d565c\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.2-7ubuntu1.1_powerpc.deb\r\n Size/MD5: 168978 85932e4da91439d9dacfa15b1ff5682e\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.2-7ubuntu1.1_powerpc.deb\r\n Size/MD5: 126782 03f317aa0dbdd25b9b0bb451056d40b6\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.2-7ubuntu1.1_powerpc.deb\r\n Size/MD5: 8611240 f5ad329721ccc8e562a7765a3fd09801\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.2-7ubuntu1.1_powerpc.deb\r\n Size/MD5: 2629582 1b2fa0a47fe6d9b3c0a6aff57bac390a\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.2-7ubuntu1.1_powerpc.deb\r\n Size/MD5: 690706 a8d7dc6cd84f1e0f658f5bc5767ff310\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.2-7ubuntu1.1_powerpc.deb\r\n Size/MD5: 1298892 8be54cb778f442972df790197e154a9a\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.2-7ubuntu1.1_powerpc.deb\r\n Size/MD5: 6717706 2dff2dd873dddfec3cf1061b52e46462\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.2-7ubuntu1.1_powerpc.deb\r\n Size/MD5: 6802168 ebea7d5953bea8b58d0923f298e111aa\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-metapost_2007.dfsg.2-7ubuntu1.1_powerpc.deb\r\n Size/MD5: 642434 2aadc64b89f37a05565c5b223219e4ea\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-music_2007.dfsg.2-7ubuntu1.1_powerpc.deb\r\n Size/MD5: 1724614 7d35dd8508af5fe54a3513b959a4274e\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-omega_2007.dfsg.2-7ubuntu1.1_powerpc.deb\r\n Size/MD5: 2811298 6cfb8b827a1652833aab098b25947599\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-xetex_2007.dfsg.2-7ubuntu1.1_powerpc.deb\r\n Size/MD5: 6539956 d0ed00a6db36c6489fcd2937b0a3f452\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.2-7ubuntu1.1_sparc.deb\r\n Size/MD5: 164164 67aee948a311c661ee74089a3427199c\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.2-7ubuntu1.1_sparc.deb\r\n Size/MD5: 123424 0130484dd9f760ea8c2395824c472c59\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.2-7ubuntu1.1_sparc.deb\r\n Size/MD5: 8611262 0c0658b8cc2817837323a9feb0e36955\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.2-7ubuntu1.1_sparc.deb\r\n Size/MD5: 2538114 ffb48cf196cfd29d53e855cf27432d3c\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.2-7ubuntu1.1_sparc.deb\r\n Size/MD5: 661460 98dc295912e1cf3638a21ad909f7d5e1\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.2-7ubuntu1.1_sparc.deb\r\n Size/MD5: 1286810 42e759df9d13a617bebd35087525aeef\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.2-7ubuntu1.1_sparc.deb\r\n Size/MD5: 6717180 42303b589783218058fa4c0f59692ca0\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.2-7ubuntu1.1_sparc.deb\r\n Size/MD5: 6802166 2dabc0967441fa71986f600327080d6e\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-metapost_2007.dfsg.2-7ubuntu1.1_sparc.deb\r\n Size/MD5: 626820 92491a7eb12538f07c6afb27226b5c2e\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-music_2007.dfsg.2-7ubuntu1.1_sparc.deb\r\n Size/MD5: 1724548 b570f989ae99b4b9d380c1078628b5fe\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-omega_2007.dfsg.2-7ubuntu1.1_sparc.deb\r\n Size/MD5: 2796746 d723644351e8bc28efb8cd6aad4ab4ff\r\n http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-xetex_2007.dfsg.2-7ubuntu1.1_sparc.deb\r\n Size/MD5: 6450038 2268c573218e176cb6fc7e7ca85f01a2\r\n\r\nUpdated packages for Ubuntu 10.04:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-bin_2009-5ubuntu0.1.diff.gz\r\n Size/MD5: 57878 49fe58e3077e23c178b5582cbbef48b4\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-bin_2009-5ubuntu0.1.dsc\r\n Size/MD5: 1504 15db436e0f5230b811304c9271766a72\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-bin_2009.orig.tar.gz\r\n Size/MD5: 51837345 71e96632cff062dd8d9e4aa4973c2d8e\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea-dev_2009-5ubuntu0.1_amd64.deb\r\n Size/MD5: 176952 398d7696f52e07f9cf30f434e90d1542\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea5_2009-5ubuntu0.1_amd64.deb\r\n Size/MD5: 133308 d6a7b2bf463f52efc6534a11f9d76613\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-binaries_2009-5ubuntu0.1_amd64.deb\r\n Size/MD5: 8072588 91f8a29153b18eded17d91011557901a\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea-dev_2009-5ubuntu0.1_i386.deb\r\n Size/MD5: 169134 e830e2a965117ca001588630bcc58a2d\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea5_2009-5ubuntu0.1_i386.deb\r\n Size/MD5: 129520 4c61c76d596df4cb659aa80cbc2520fb\r\n http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-binaries_2009-5ubuntu0.1_i386.deb\r\n Size/MD5: 7438860 9f7e5f31da6d7fec3d60ebe363c797e0\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea-dev_2009-5ubuntu0.1_powerpc.deb\r\n Size/MD5: 178184 d6f96d0aeff12315b26a795ce5a7b780\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea5_2009-5ubuntu0.1_powerpc.deb\r\n Size/MD5: 134874 b272fee16f29d5313a8e72826b67db0c\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-binaries_2009-5ubuntu0.1_powerpc.deb\r\n Size/MD5: 8317828 6e8d0e13b31c3527ba7c3f592fe9074d\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea-dev_2009-5ubuntu0.1_sparc.deb\r\n Size/MD5: 173162 1b9f36e89af28691f4cded591d98185d\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea5_2009-5ubuntu0.1_sparc.deb\r\n Size/MD5: 131604 52775233b790ce1648770202f6ca6a8a\r\n http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-binaries_2009-5ubuntu0.1_sparc.deb\r\n Size/MD5: 8162802 c1c70e46ce659cbcd4150b299eee618f\r\n\r\n\r\n", "edition": 1, "modified": "2010-05-11T00:00:00", "published": "2010-05-11T00:00:00", "id": "SECURITYVULNS:DOC:23813", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23813", "title": "[USN-937-1] TeX Live vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:36", "bulletinFamily": "software", "cvelist": ["CVE-2010-0829", "CVE-2010-1440", "CVE-2010-0827", "CVE-2010-0739"], "description": "Memory corruption on DVI files processing.", "edition": 1, "modified": "2010-05-11T00:00:00", "published": "2010-05-11T00:00:00", "id": "SECURITYVULNS:VULN:10824", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10824", "title": "dvipng / TeX Live memory corruption", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:30", "bulletinFamily": "software", "cvelist": ["CVE-2009-0164", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-0146", "CVE-2009-0163"], "description": "rPath Security Advisory: 2009-0061-1\r\nPublished: 2009-04-17\r\nProducts:\r\n rPath Linux 1\r\n rPath Linux 2\r\n\r\nRating: Severe\r\nExposure Level Classification:\r\n Remote System User Deterministic Privilege Escalation\r\nUpdated Versions:\r\n cups=conary.rpath.com@rpl:1/1.1.23-14.10-1\r\n cups=conary.rpath.com@rpl:2/1.3.9-1.1-1\r\n\r\nrPath Issue Tracking System:\r\n https://issues.rpath.com/browse/RPL-3015\r\n\r\nReferences:\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0163\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0164\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147\r\n\r\nDescription:\r\n Previous versions of CUPS contain multiple vulnerabilities, the\r\n most serious of which could allow an attacker to cause a denial\r\n of service or possibly execute arbitrary code.\r\n\r\nhttp://wiki.rpath.com/Advisories:rPSA-2009-0061\r\n\r\nCopyright 2009 rPath, Inc.\r\nThis file is distributed under the terms of the MIT License.\r\nA copy is available at http://www.rpath.com/permanent/mit-license.html", "edition": 1, "modified": "2009-04-18T00:00:00", "published": "2009-04-18T00:00:00", "id": "SECURITYVULNS:DOC:21696", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21696", "title": "rPSA-2009-0061-1 cups", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:32", "bulletinFamily": "software", "cvelist": ["CVE-2009-0164", "CVE-2009-0165", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-0146", "CVE-2009-0163"], "description": "Vulnerabilities on different formats data parsing.", "edition": 1, "modified": "2009-04-18T00:00:00", "published": "2009-04-18T00:00:00", "id": "SECURITYVULNS:VULN:9855", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9855", "title": "CUPS multipls security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2020-10-03T11:57:22", "description": "Multiple array index errors in set.c in dvipng 1.11 and 1.12, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed DVI file.", "edition": 3, "cvss3": {}, "published": "2010-05-07T18:24:00", "title": "CVE-2010-0829", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0829"], "modified": "2017-09-19T01:30:00", "cpe": ["cpe:/a:jan-ake_larsson:dvipng:1.12", "cpe:/a:jan-ake_larsson:dvipng:1.11", "cpe:/a:tug:tetex:*"], "id": "CVE-2010-0829", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0829", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:jan-ake_larsson:dvipng:1.11:*:*:*:*:*:*:*", "cpe:2.3:a:jan-ake_larsson:dvipng:1.12:*:*:*:*:*:*:*", "cpe:2.3:a:tug:tetex:*:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:31:22", "description": "Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.", "edition": 5, "cvss3": {}, "published": "2009-10-21T17:30:00", "title": "CVE-2009-3608", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3608"], "modified": "2019-03-06T16:30:00", "cpe": ["cpe:/a:glyphandcog:xpdfreader:3.02", "cpe:/a:poppler:poppler:0.9.3", "cpe:/a:poppler:poppler:0.5.1", "cpe:/a:poppler:poppler:0.12.0", "cpe:/a:poppler:poppler:0.4.3", "cpe:/a:poppler:poppler:0.9.1", "cpe:/a:poppler:poppler:0.5.0", "cpe:/a:poppler:poppler:0.7.3", "cpe:/a:poppler:poppler:0.10.5", "cpe:/a:poppler:poppler:0.3.1", "cpe:/a:poppler:poppler:0.5.3", "cpe:/a:poppler:poppler:0.8.0", "cpe:/a:poppler:poppler:0.5.9", "cpe:/a:poppler:poppler:0.1.2", "cpe:/a:poppler:poppler:0.10.2", "cpe:/a:poppler:poppler:0.3.3", "cpe:/a:poppler:poppler:0.11.3", "cpe:/a:poppler:poppler:0.4.4", "cpe:/a:poppler:poppler:0.10.6", "cpe:/a:poppler:poppler:0.7.1", "cpe:/a:foolabs:xpdf:3.02pl3", "cpe:/a:foolabs:xpdf:3.02pl1", "cpe:/a:poppler:poppler:0.5.2", "cpe:/a:poppler:poppler:0.10.1", "cpe:/a:glyphandcog:xpdfreader:3.01", "cpe:/a:poppler:poppler:0.4.0", "cpe:/a:poppler:poppler:0.8.6", "cpe:/a:poppler:poppler:0.6.2", "cpe:/a:poppler:poppler:0.11.2", "cpe:/a:poppler:poppler:0.8.4", "cpe:/a:poppler:poppler:0.4.2", "cpe:/a:poppler:poppler:0.5.4", "cpe:/a:poppler:poppler:0.8.1", "cpe:/a:poppler:poppler:0.6.0", "cpe:/a:poppler:poppler:0.7.2", "cpe:/a:poppler:poppler:0.1", "cpe:/a:poppler:poppler:0.3.2", "cpe:/a:poppler:poppler:0.11.0", "cpe:/a:poppler:poppler:0.3.0", "cpe:/a:poppler:poppler:0.10.0", "cpe:/a:poppler:poppler:0.10.3", "cpe:/a:poppler:poppler:0.8.3", "cpe:/a:poppler:poppler:0.9.0", "cpe:/a:poppler:poppler:0.4.1", "cpe:/a:poppler:poppler:0.2.0", "cpe:/a:poppler:poppler:0.11.1", "cpe:/a:poppler:poppler:0.10.4", "cpe:/a:poppler:poppler:0.10.7", "cpe:/a:poppler:poppler:0.8.7", "cpe:/a:poppler:poppler:0.6.1", "cpe:/a:glyphandcog:xpdfreader:3.00", "cpe:/a:foolabs:xpdf:3.02pl2", "cpe:/a:poppler:poppler:0.6.4", "cpe:/a:poppler:poppler:0.1.1", "cpe:/a:poppler:poppler:0.9.2", "cpe:/a:poppler:poppler:0.6.3", "cpe:/a:poppler:poppler:0.7.0", "cpe:/a:poppler:poppler:0.8.2"], "id": "CVE-2009-3608", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3608", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:poppler:poppler:0.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:3.02pl3:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:3.02pl2:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.10.7:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.11.2:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.10.5:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.1:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.11.3:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:3.02pl1:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.10.6:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.8.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:54:12", "description": "Buffer overflow in BibTeX 0.99 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a long .bib bibliography file.", "edition": 3, "cvss3": {}, "published": "2009-04-09T16:27:00", "title": "CVE-2009-1284", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1284"], "modified": "2013-04-19T02:49:00", "cpe": ["cpe:/a:bibtex:bibtex:0.99"], "id": "CVE-2009-1284", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1284", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:bibtex:bibtex:0.99:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:37", "description": "Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file.", "edition": 5, "cvss3": {}, "published": "2010-05-07T18:24:00", "title": "CVE-2010-0827", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0827"], "modified": "2017-09-19T01:30:00", "cpe": ["cpe:/a:tug:tex_live:2009", "cpe:/a:tug:tex_live:2003", "cpe:/a:tug:tetex:*", "cpe:/a:tug:tex_live:2007", "cpe:/a:tug:tex_live:2008", "cpe:/a:tug:tex_live:1999", "cpe:/a:tug:tex_live:2004", "cpe:/a:tug:tex_live:2001", "cpe:/a:tug:tex_live:2005", "cpe:/a:tug:tex_live:1998", "cpe:/a:tug:tex_live:2000", "cpe:/a:tug:tex_live:1996", "cpe:/a:tug:tex_live:2002"], "id": "CVE-2010-0827", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0827", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:tug:tex_live:2001:*:*:*:*:*:*:*", "cpe:2.3:a:tug:tex_live:2007:*:*:*:*:*:*:*", "cpe:2.3:a:tug:tex_live:1996:*:*:*:*:*:*:*", "cpe:2.3:a:tug:tex_live:2005:*:*:*:*:*:*:*", "cpe:2.3:a:tug:tex_live:2003:*:*:*:*:*:*:*", "cpe:2.3:a:tug:tex_live:2009:*:*:*:*:*:*:*", "cpe:2.3:a:tug:tex_live:2000:*:*:*:*:*:*:*", "cpe:2.3:a:tug:tex_live:1998:*:*:*:*:*:*:*", "cpe:2.3:a:tug:tex_live:2008:*:*:*:*:*:*:*", "cpe:2.3:a:tug:tex_live:2004:*:*:*:*:*:*:*", "cpe:2.3:a:tug:tex_live:1999:*:*:*:*:*:*:*", "cpe:2.3:a:tug:tex_live:2002:*:*:*:*:*:*:*", "cpe:2.3:a:tug:tetex:*:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:57:22", "description": "Integer overflow in the predospecial function in dospecial.c in dvips in (1) TeX Live and (2) teTeX might allow user-assisted remote attackers to execute arbitrary code via a crafted DVI file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.", "edition": 3, "cvss3": {}, "published": "2010-04-16T18:30:00", "title": "CVE-2010-0739", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0739"], "modified": "2017-09-19T01:30:00", "cpe": ["cpe:/a:tug:tex_live:*", "cpe:/a:tug:tetex:*"], "id": "CVE-2010-0739", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0739", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:tug:tex_live:*:*:*:*:*:*:*:*", "cpe:2.3:a:tug:tetex:*:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:38", "description": "Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live 2009 and earlier, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a special command in a DVI file, related to the (1) predospecial and (2) bbdospecial functions, a different vulnerability than CVE-2010-0739.", "edition": 5, "cvss3": {}, "published": "2010-05-07T18:24:00", "title": "CVE-2010-1440", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1440"], "modified": "2017-09-19T01:30:00", "cpe": ["cpe:/a:tug:tex_live:2009", "cpe:/a:tug:tex_live:2003", "cpe:/a:tug:tetex:*", "cpe:/a:tug:tex_live:2007", "cpe:/a:tug:tex_live:2008", "cpe:/a:tug:tex_live:1999", "cpe:/a:tug:tex_live:2004", "cpe:/a:tug:tex_live:2001", "cpe:/a:tug:tex_live:2005", "cpe:/a:tug:tex_live:1998", "cpe:/a:tug:tex_live:2000", "cpe:/a:tug:tex_live:1996", "cpe:/a:tug:tex_live:2002"], "id": "CVE-2010-1440", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1440", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:tug:tex_live:2001:*:*:*:*:*:*:*", "cpe:2.3:a:tug:tex_live:2007:*:*:*:*:*:*:*", "cpe:2.3:a:tug:tex_live:1996:*:*:*:*:*:*:*", "cpe:2.3:a:tug:tex_live:2005:*:*:*:*:*:*:*", "cpe:2.3:a:tug:tex_live:2003:*:*:*:*:*:*:*", "cpe:2.3:a:tug:tex_live:2009:*:*:*:*:*:*:*", "cpe:2.3:a:tug:tex_live:2000:*:*:*:*:*:*:*", "cpe:2.3:a:tug:tex_live:1998:*:*:*:*:*:*:*", "cpe:2.3:a:tug:tex_live:2008:*:*:*:*:*:*:*", "cpe:2.3:a:tug:tex_live:2004:*:*:*:*:*:*:*", "cpe:2.3:a:tug:tex_live:1999:*:*:*:*:*:*:*", "cpe:2.3:a:tug:tex_live:2002:*:*:*:*:*:*:*", "cpe:2.3:a:tug:tetex:*:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:31:16", "description": "Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments.", "edition": 5, "cvss3": {}, "published": "2009-04-23T17:30:00", "title": "CVE-2009-0195", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0195"], "modified": "2019-03-06T16:30:00", "cpe": ["cpe:/a:glyphandcog:xpdfreader:3.02", "cpe:/a:glyphandcog:xpdfreader:0.4", "cpe:/a:foolabs:xpdf:0.91c", "cpe:/a:foolabs:xpdf:0.92a", "cpe:/a:foolabs:xpdf:0.91b", "cpe:/a:foolabs:xpdf:1.00a", "cpe:/a:glyphandcog:xpdfreader:0.3", "cpe:/a:glyphandcog:xpdfreader:0.6", "cpe:/a:glyphandcog:xpdfreader:0.91", "cpe:/a:glyphandcog:xpdfreader:0.5", "cpe:/a:foolabs:xpdf:0.92b", "cpe:/a:foolabs:xpdf:0.93b", "cpe:/a:glyphandcog:xpdfreader:0.93", "cpe:/a:foolabs:xpdf:0.91a", "cpe:/a:glyphandcog:xpdfreader:0.7", "cpe:/a:glyphandcog:xpdfreader:2.01", "cpe:/a:glyphandcog:xpdfreader:1.00", "cpe:/a:glyphandcog:xpdfreader:2.03", "cpe:/a:foolabs:xpdf:0.93c", "cpe:/a:foolabs:xpdf:0.92c", "cpe:/a:glyphandcog:xpdfreader:2.02", "cpe:/a:glyphandcog:xpdfreader:2.00", "cpe:/a:foolabs:xpdf:0.93a", "cpe:/a:foolabs:xpdf:0.92e", "cpe:/a:foolabs:xpdf:0.92d", "cpe:/a:glyphandcog:xpdfreader:0.92", "cpe:/a:foolabs:xpdf:0.7a", "cpe:/a:glyphandcog:xpdfreader:0.80", "cpe:/a:glyphandcog:xpdfreader:1.01", "cpe:/a:glyphandcog:xpdfreader:3.00", "cpe:/a:glyphandcog:xpdfreader:0.90", "cpe:/a:foolabs:xpdf:0.5a", "cpe:/a:foolabs:xpdf:3.0.1", "cpe:/a:apple:cups:1.3.9", "cpe:/a:glyphandcog:xpdfreader:0.2"], "id": "CVE-2009-0195", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0195", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:31:16", "description": "Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.", "edition": 5, "cvss3": {}, "published": "2009-04-23T17:30:00", "title": "CVE-2009-0147", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0147"], "modified": "2019-03-06T16:30:00", "cpe": ["cpe:/a:glyphandcog:xpdfreader:3.02", "cpe:/a:apple:cups:1.2.7", "cpe:/a:apple:cups:1.2.5", "cpe:/a:apple:cups:1.2.8", "cpe:/a:apple:cups:1.3.5", "cpe:/a:glyphandcog:xpdfreader:0.4", "cpe:/a:apple:cups:1.1.6-3", "cpe:/a:foolabs:xpdf:0.91c", "cpe:/a:foolabs:xpdf:0.92a", "cpe:/a:foolabs:xpdf:0.91b", "cpe:/a:apple:cups:1.1.16", "cpe:/a:apple:cups:1.1.12", "cpe:/a:apple:cups:1.1.5-2", "cpe:/a:apple:cups:1.3.8", "cpe:/a:apple:cups:1.1.11", "cpe:/a:apple:cups:1.1.21", "cpe:/a:apple:cups:1.1.6-1", "cpe:/a:foolabs:xpdf:1.00a", "cpe:/a:glyphandcog:xpdfreader:0.3", "cpe:/a:apple:cups:1.3.1", "cpe:/a:apple:cups:1.1.3", "cpe:/a:apple:cups:1.1.2", "cpe:/a:glyphandcog:xpdfreader:0.6", "cpe:/a:apple:cups:1.1.1", "cpe:/a:glyphandcog:xpdfreader:0.91", "cpe:/a:glyphandcog:xpdfreader:0.5", "cpe:/a:apple:cups:1.1.5", "cpe:/a:apple:cups:1.1", "cpe:/a:foolabs:xpdf:0.92b", "cpe:/a:apple:cups:1.2.2", "cpe:/a:glyphandcog:xpdfreader:3.01", "cpe:/a:foolabs:xpdf:0.93b", "cpe:/a:glyphandcog:xpdfreader:0.93", "cpe:/a:foolabs:xpdf:0.91a", "cpe:/a:apple:cups:1.2.1", "cpe:/a:apple:cups:1.2.12", "cpe:/a:apple:cups:1.1.10-1", "cpe:/a:apple:cups:1.2.9", "cpe:/a:apple:cups:1.1.17", "cpe:/a:apple:cups:1.1.9", "cpe:/a:apple:cups:1.2.6", "cpe:/a:apple:cups:1.1.6", "cpe:/a:glyphandcog:xpdfreader:0.7", "cpe:/a:glyphandcog:xpdfreader:2.01", "cpe:/a:apple:cups:1.1.19", "cpe:/a:glyphandcog:xpdfreader:1.00", "cpe:/a:apple:cups:1.1.9-1", "cpe:/a:apple:cups:1.1.20", "cpe:/a:apple:cups:1.3.3", "cpe:/a:apple:cups:1.1.23", "cpe:/a:glyphandcog:xpdfreader:2.03", "cpe:/a:apple:cups:1.2.10", "cpe:/a:apple:cups:1.3.2", "cpe:/a:apple:cups:1.3.4", "cpe:/a:foolabs:xpdf:0.93c", "cpe:/a:foolabs:xpdf:0.92c", "cpe:/a:apple:cups:1.3.10", "cpe:/a:apple:cups:1.1.8", "cpe:/a:glyphandcog:xpdfreader:2.02", "cpe:/a:glyphandcog:xpdfreader:2.00", "cpe:/a:foolabs:xpdf:0.93a", "cpe:/a:apple:cups:1.3.7", "cpe:/a:apple:cups:1.1.18", "cpe:/a:apple:cups:1.3.11", "cpe:/a:apple:cups:1.1.6-2", "cpe:/a:foolabs:xpdf:0.92e", "cpe:/a:foolabs:xpdf:0.92d", "cpe:/a:glyphandcog:xpdfreader:0.92", "cpe:/a:apple:cups:1.2.3", "cpe:/a:foolabs:xpdf:0.7a", "cpe:/a:apple:cups:1.3.0", "cpe:/a:apple:cups:1.1.15", "cpe:/a:apple:cups:1.1.13", "cpe:/a:apple:cups:1.1.5-1", "cpe:/a:apple:cups:1.1.22", "cpe:/a:apple:cups:1.2.4", "cpe:/a:glyphandcog:xpdfreader:0.80", "cpe:/a:apple:cups:1.1.10", "cpe:/a:glyphandcog:xpdfreader:1.01", "cpe:/a:glyphandcog:xpdfreader:3.00", "cpe:/a:apple:cups:1.2.11", "cpe:/a:glyphandcog:xpdfreader:0.90", "cpe:/a:apple:cups:1.2.0", "cpe:/a:foolabs:xpdf:0.5a", "cpe:/a:apple:cups:1.3.9", "cpe:/a:glyphandcog:xpdfreader:0.2", "cpe:/a:apple:cups:1.3.6", "cpe:/a:apple:cups:1.1.7", "cpe:/a:apple:cups:1.1.4", "cpe:/a:apple:cups:1.1.14"], "id": "CVE-2009-0147", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0147", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:apple:cups:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.9-1:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:rc3:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:rc2:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:rc4:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc2:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:rc5:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc6:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.22:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc3:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.6-2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc5:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.5-2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.6-1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.22:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.6-3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.21:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc1:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.22:rc2:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.5-1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.23:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.21:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc4:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.23:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.10-1:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.21:rc2:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:31:16", "description": "Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg.", "edition": 5, "cvss3": {}, "published": "2009-04-23T17:30:00", "title": "CVE-2009-0146", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0146"], "modified": "2019-03-06T16:30:00", "cpe": ["cpe:/a:glyphandcog:xpdfreader:3.02", "cpe:/a:apple:cups:1.2.7", "cpe:/a:apple:cups:1.2.5", "cpe:/a:apple:cups:1.2.8", "cpe:/a:apple:cups:1.3.5", "cpe:/a:glyphandcog:xpdfreader:0.4", "cpe:/a:apple:cups:1.1.6-3", "cpe:/a:foolabs:xpdf:0.91c", "cpe:/a:foolabs:xpdf:0.92a", "cpe:/a:foolabs:xpdf:0.91b", "cpe:/a:apple:cups:1.1.16", "cpe:/a:apple:cups:1.1.12", "cpe:/a:apple:cups:1.1.5-2", "cpe:/a:apple:cups:1.3.8", "cpe:/a:apple:cups:1.1.11", "cpe:/a:apple:cups:1.1.21", "cpe:/a:apple:cups:1.1.6-1", "cpe:/a:foolabs:xpdf:1.00a", "cpe:/a:glyphandcog:xpdfreader:0.3", "cpe:/a:apple:cups:1.3.1", "cpe:/a:apple:cups:1.1.3", "cpe:/a:apple:cups:1.1.2", "cpe:/a:glyphandcog:xpdfreader:0.6", "cpe:/a:apple:cups:1.1.1", "cpe:/a:glyphandcog:xpdfreader:0.91", "cpe:/a:glyphandcog:xpdfreader:0.5", "cpe:/a:apple:cups:1.1.5", "cpe:/a:apple:cups:1.1", "cpe:/a:foolabs:xpdf:0.92b", "cpe:/a:apple:cups:1.2.2", "cpe:/a:glyphandcog:xpdfreader:3.01", "cpe:/a:foolabs:xpdf:0.93b", "cpe:/a:glyphandcog:xpdfreader:0.93", "cpe:/a:foolabs:xpdf:0.91a", "cpe:/a:apple:cups:1.2.1", "cpe:/a:apple:cups:1.2.12", "cpe:/a:apple:cups:1.1.10-1", "cpe:/a:apple:cups:1.2.9", "cpe:/a:apple:cups:1.1.17", "cpe:/a:apple:cups:1.1.9", "cpe:/a:apple:cups:1.2.6", "cpe:/a:apple:cups:1.1.6", "cpe:/a:glyphandcog:xpdfreader:0.7", "cpe:/a:glyphandcog:xpdfreader:2.01", "cpe:/a:apple:cups:1.1.19", "cpe:/a:glyphandcog:xpdfreader:1.00", "cpe:/a:apple:cups:1.1.9-1", "cpe:/a:apple:cups:1.1.20", "cpe:/a:apple:cups:1.3.3", "cpe:/a:apple:cups:1.1.23", "cpe:/a:glyphandcog:xpdfreader:2.03", "cpe:/a:apple:cups:1.2.10", "cpe:/a:apple:cups:1.3.2", "cpe:/a:apple:cups:1.3.4", "cpe:/a:foolabs:xpdf:0.93c", "cpe:/a:foolabs:xpdf:0.92c", "cpe:/a:apple:cups:1.3.10", "cpe:/a:apple:cups:1.1.8", "cpe:/a:glyphandcog:xpdfreader:2.02", "cpe:/a:glyphandcog:xpdfreader:2.00", "cpe:/a:foolabs:xpdf:0.93a", "cpe:/a:apple:cups:1.3.7", "cpe:/a:apple:cups:1.1.18", "cpe:/a:apple:cups:1.3.11", "cpe:/a:apple:cups:1.1.6-2", "cpe:/a:foolabs:xpdf:0.92e", "cpe:/a:foolabs:xpdf:0.92d", "cpe:/a:glyphandcog:xpdfreader:0.92", "cpe:/a:apple:cups:1.2.3", "cpe:/a:foolabs:xpdf:0.7a", "cpe:/a:apple:cups:1.3.0", "cpe:/a:apple:cups:1.1.15", "cpe:/a:apple:cups:1.1.13", "cpe:/a:apple:cups:1.1.5-1", "cpe:/a:apple:cups:1.1.22", "cpe:/a:apple:cups:1.2.4", "cpe:/a:glyphandcog:xpdfreader:0.80", "cpe:/a:apple:cups:1.1.10", "cpe:/a:glyphandcog:xpdfreader:1.01", "cpe:/a:glyphandcog:xpdfreader:3.00", "cpe:/a:apple:cups:1.2.11", "cpe:/a:glyphandcog:xpdfreader:0.90", "cpe:/a:apple:cups:1.2.0", "cpe:/a:foolabs:xpdf:0.5a", "cpe:/a:apple:cups:1.3.9", "cpe:/a:glyphandcog:xpdfreader:0.2", "cpe:/a:apple:cups:1.3.6", "cpe:/a:apple:cups:1.1.7", "cpe:/a:apple:cups:1.1.4", "cpe:/a:apple:cups:1.1.14"], "id": "CVE-2009-0146", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0146", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:apple:cups:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.9-1:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:rc3:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:rc2:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:rc4:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc2:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:rc5:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc6:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.22:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc3:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.6-2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc5:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.5-2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.6-1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.22:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.6-3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.21:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc1:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.22:rc2:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.5-1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.23:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.21:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc4:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.23:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.10-1:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.21:rc2:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:31:16", "description": "The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory.", "edition": 5, "cvss3": {}, "published": "2009-04-23T17:30:00", "title": "CVE-2009-0166", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0166"], "modified": "2019-03-06T16:30:00", "cpe": ["cpe:/a:glyphandcog:xpdfreader:3.02", "cpe:/a:apple:cups:1.2.7", "cpe:/a:apple:cups:1.2.5", "cpe:/a:apple:cups:1.2.8", "cpe:/a:poppler:poppler:0.9.3", "cpe:/a:apple:cups:1.3.5", "cpe:/a:glyphandcog:xpdfreader:0.4", "cpe:/a:poppler:poppler:0.5.1", "cpe:/a:apple:cups:1.1.6-3", "cpe:/a:foolabs:xpdf:0.91c", "cpe:/a:poppler:poppler:0.4.3", "cpe:/a:poppler:poppler:0.9.1", "cpe:/a:foolabs:xpdf:0.92a", "cpe:/a:foolabs:xpdf:0.91b", "cpe:/a:apple:cups:1.1.16", "cpe:/a:apple:cups:1.1.12", "cpe:/a:poppler:poppler:0.5.0", "cpe:/a:poppler:poppler:0.7.3", "cpe:/a:poppler:poppler:0.10.5", "cpe:/a:apple:cups:1.1.5-2", "cpe:/a:poppler:poppler:0.3.1", "cpe:/a:apple:cups:1.3.8", "cpe:/a:apple:cups:1.1.11", "cpe:/a:poppler:poppler:0.5.3", "cpe:/a:poppler:poppler:0.8.0", "cpe:/a:poppler:poppler:0.5.9", "cpe:/a:poppler:poppler:0.1.2", "cpe:/a:apple:cups:1.1.21", "cpe:/a:apple:cups:1.1.6-1", "cpe:/a:poppler:poppler:0.10.2", "cpe:/a:foolabs:xpdf:1.00a", "cpe:/a:poppler:poppler:0.3.3", "cpe:/a:glyphandcog:xpdfreader:0.3", "cpe:/a:apple:cups:1.3.1", "cpe:/a:poppler:poppler:0.4.4", "cpe:/a:apple:cups:1.1.3", "cpe:/a:apple:cups:1.1.2", "cpe:/a:poppler:poppler:0.7.1", "cpe:/a:glyphandcog:xpdfreader:0.6", "cpe:/a:apple:cups:1.1.1", "cpe:/a:glyphandcog:xpdfreader:0.91", "cpe:/a:glyphandcog:xpdfreader:0.5", "cpe:/a:apple:cups:1.1.5", "cpe:/a:apple:cups:1.1", "cpe:/a:foolabs:xpdf:0.92b", "cpe:/a:apple:cups:1.2.2", "cpe:/a:poppler:poppler:0.5.2", "cpe:/a:poppler:poppler:0.10.1", "cpe:/a:glyphandcog:xpdfreader:3.01", "cpe:/a:foolabs:xpdf:0.93b", "cpe:/a:poppler:poppler:0.4.0", "cpe:/a:poppler:poppler:0.8.6", "cpe:/a:glyphandcog:xpdfreader:0.93", "cpe:/a:foolabs:xpdf:0.91a", "cpe:/a:apple:cups:1.2.1", "cpe:/a:poppler:poppler:0.6.2", "cpe:/a:apple:cups:1.2.12", "cpe:/a:apple:cups:1.1.10-1", "cpe:/a:poppler:poppler:0.8.5", "cpe:/a:apple:cups:1.2.9", "cpe:/a:apple:cups:1.1.17", "cpe:/a:poppler:poppler:0.8.4", "cpe:/a:poppler:poppler:0.4.2", "cpe:/a:apple:cups:1.1.9", "cpe:/a:apple:cups:1.2.6", "cpe:/a:apple:cups:1.1.6", "cpe:/a:glyphandcog:xpdfreader:0.7", "cpe:/a:glyphandcog:xpdfreader:2.01", "cpe:/a:apple:cups:1.1.19", "cpe:/a:glyphandcog:xpdfreader:1.00", "cpe:/a:apple:cups:1.1.9-1", "cpe:/a:poppler:poppler:0.5.4", "cpe:/a:apple:cups:1.1.20", "cpe:/a:poppler:poppler:0.8.1", "cpe:/a:apple:cups:1.3.3", "cpe:/a:apple:cups:1.1.23", "cpe:/a:poppler:poppler:0.5.90", "cpe:/a:poppler:poppler:0.6.0", "cpe:/a:poppler:poppler:0.7.2", "cpe:/a:glyphandcog:xpdfreader:2.03", "cpe:/a:apple:cups:1.2.10", "cpe:/a:apple:cups:1.3.2", "cpe:/a:poppler:poppler:0.1", "cpe:/a:apple:cups:1.3.4", "cpe:/a:foolabs:xpdf:0.93c", "cpe:/a:poppler:poppler:0.3.2", "cpe:/a:foolabs:xpdf:0.92c", "cpe:/a:apple:cups:1.3.10", "cpe:/a:apple:cups:1.1.8", "cpe:/a:glyphandcog:xpdfreader:2.02", "cpe:/a:poppler:poppler:0.3.0", "cpe:/a:poppler:poppler:0.10.0", "cpe:/a:glyphandcog:xpdfreader:2.00", "cpe:/a:foolabs:xpdf:0.93a", "cpe:/a:apple:cups:1.3.7", "cpe:/a:poppler:poppler:0.10.3", "cpe:/a:apple:cups:1.1.18", "cpe:/a:apple:cups:1.3.11", "cpe:/a:poppler:poppler:0.8.3", "cpe:/a:apple:cups:1.1.6-2", "cpe:/a:foolabs:xpdf:0.92e", "cpe:/a:poppler:poppler:0.9.0", "cpe:/a:foolabs:xpdf:0.92d", "cpe:/a:glyphandcog:xpdfreader:0.92", "cpe:/a:apple:cups:1.2.3", "cpe:/a:poppler:poppler:0.4.1", "cpe:/a:poppler:poppler:0.2.0", "cpe:/a:foolabs:xpdf:0.7a", "cpe:/a:apple:cups:1.3.0", "cpe:/a:poppler:poppler:0.10.4", "cpe:/a:apple:cups:1.1.15", "cpe:/a:apple:cups:1.1.13", "cpe:/a:apple:cups:1.1.5-1", "cpe:/a:apple:cups:1.1.22", "cpe:/a:apple:cups:1.2.4", "cpe:/a:glyphandcog:xpdfreader:0.80", "cpe:/a:poppler:poppler:0.8.7", "cpe:/a:apple:cups:1.1.10", "cpe:/a:poppler:poppler:0.6.1", "cpe:/a:glyphandcog:xpdfreader:1.01", "cpe:/a:glyphandcog:xpdfreader:3.00", "cpe:/a:poppler:poppler:0.5.91", "cpe:/a:poppler:poppler:0.6.4", "cpe:/a:poppler:poppler:0.1.1", "cpe:/a:apple:cups:1.2.11", "cpe:/a:glyphandcog:xpdfreader:0.90", "cpe:/a:apple:cups:1.2.0", "cpe:/a:poppler:poppler:0.9.2", "cpe:/a:foolabs:xpdf:0.5a", "cpe:/a:poppler:poppler:0.6.3", "cpe:/a:apple:cups:1.3.9", "cpe:/a:glyphandcog:xpdfreader:0.2", "cpe:/a:apple:cups:1.3.6", "cpe:/a:apple:cups:1.1.7", "cpe:/a:apple:cups:1.1.4", "cpe:/a:poppler:poppler:0.7.0", "cpe:/a:poppler:poppler:0.8.2", "cpe:/a:apple:cups:1.1.14"], "id": "CVE-2009-0166", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0166", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:apple:cups:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.9-1:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:rc3:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:rc2:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:rc4:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc2:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:rc5:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc6:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.10.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.22:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc3:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.6-2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc5:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.5-2:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.6-1:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.22:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.6-3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.21:rc1:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc1:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.22:rc2:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.5-1:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.23:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.21:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc4:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.5.91:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.23:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.10-1:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.5.90:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.21:rc2:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.8.1:*:*:*:*:*:*:*"]}], "centos": [{"lastseen": "2019-12-20T18:28:08", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3608", "CVE-2009-1181", "CVE-2009-0791", "CVE-2009-1180", "CVE-2009-0195", "CVE-2010-0829", "CVE-2010-1440", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-3609", "CVE-2009-0147", "CVE-2010-0739", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "description": "**CentOS Errata and Security Advisory** CESA-2010:0400\n\n\nteTeX is an implementation of TeX. TeX takes a text file and a set of\nformatting commands as input, and creates a typesetter-independent DeVice\nIndependent (DVI) file as output.\n\nMultiple integer overflow flaws were found in the way teTeX processed\nspecial commands when converting DVI files into PostScript. An attacker\ncould create a malicious DVI file that would cause the dvips executable to\ncrash or, potentially, execute arbitrary code. (CVE-2010-0739,\nCVE-2010-1440)\n\nMultiple array index errors were found in the way teTeX converted DVI files\ninto the Portable Network Graphics (PNG) format. An attacker could create a\nmalicious DVI file that would cause the dvipng executable to crash.\n(CVE-2010-0829)\n\nteTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF)\nfile viewer, to allow adding images in PDF format to the generated PDF\ndocuments. The following issues affect Xpdf code:\n\nMultiple integer overflow flaws were found in Xpdf's JBIG2 decoder. If a\nlocal user generated a PDF file from a TeX document, referencing a\nspecially-crafted PDF file, it would cause Xpdf to crash or, potentially,\nexecute arbitrary code with the privileges of the user running pdflatex.\n(CVE-2009-0147, CVE-2009-1179)\n\nMultiple integer overflow flaws were found in Xpdf. If a local user\ngenerated a PDF file from a TeX document, referencing a specially-crafted\nPDF file, it would cause Xpdf to crash or, potentially, execute arbitrary\ncode with the privileges of the user running pdflatex. (CVE-2009-0791,\nCVE-2009-3608, CVE-2009-3609)\n\nA heap-based buffer overflow flaw was found in Xpdf's JBIG2 decoder. If a\nlocal user generated a PDF file from a TeX document, referencing a\nspecially-crafted PDF file, it would cause Xpdf to crash or, potentially,\nexecute arbitrary code with the privileges of the user running pdflatex.\n(CVE-2009-0195)\n\nMultiple buffer overflow flaws were found in Xpdf's JBIG2 decoder. If a\nlocal user generated a PDF file from a TeX document, referencing a\nspecially-crafted PDF file, it would cause Xpdf to crash or, potentially,\nexecute arbitrary code with the privileges of the user running pdflatex.\n(CVE-2009-0146, CVE-2009-1182)\n\nMultiple flaws were found in Xpdf's JBIG2 decoder that could lead to the\nfreeing of arbitrary memory. If a local user generated a PDF file from a\nTeX document, referencing a specially-crafted PDF file, it would cause\nXpdf to crash or, potentially, execute arbitrary code with the privileges\nof the user running pdflatex. (CVE-2009-0166, CVE-2009-1180)\n\nMultiple input validation flaws were found in Xpdf's JBIG2 decoder. If a\nlocal user generated a PDF file from a TeX document, referencing a\nspecially-crafted PDF file, it would cause Xpdf to crash or, potentially,\nexecute arbitrary code with the privileges of the user running pdflatex.\n(CVE-2009-0800)\n\nMultiple denial of service flaws were found in Xpdf's JBIG2 decoder. If a\nlocal user generated a PDF file from a TeX document, referencing a\nspecially-crafted PDF file, it would cause Xpdf to crash. (CVE-2009-0799,\nCVE-2009-1181, CVE-2009-1183)\n\nRed Hat would like to thank Braden Thomas and Drew Yao of the Apple Product\nSecurity team, Will Dormann of the CERT/CC, Alin Rad Pop of Secunia\nResearch, and Chris Rohlf, for responsibly reporting the Xpdf flaws.\n\nAll users of tetex are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-May/028699.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-May/028700.html\n\n**Affected packages:**\ntetex\ntetex-afm\ntetex-doc\ntetex-dvips\ntetex-fonts\ntetex-latex\ntetex-xdvi\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0400.html", "edition": 3, "modified": "2010-05-28T10:47:02", "published": "2010-05-28T10:47:02", "href": "http://lists.centos.org/pipermail/centos-announce/2010-May/028699.html", "id": "CESA-2010:0400", "title": "tetex security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:27:41", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1181", "CVE-2009-0791", "CVE-2009-1180", "CVE-2009-0195", "CVE-2010-1440", "CVE-2010-0827", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-3609", "CVE-2009-0147", "CVE-2010-0739", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2007-5935", "CVE-2009-1179"], "description": "**CentOS Errata and Security Advisory** CESA-2010:0399\n\n\nteTeX is an implementation of TeX. TeX takes a text file and a set of\nformatting commands as input, and creates a typesetter-independent DeVice\nIndependent (DVI) file as output.\n\nA buffer overflow flaw was found in the way teTeX processed virtual font\nfiles when converting DVI files into PostScript. An attacker could create a\nmalicious DVI file that would cause the dvips executable to crash or,\npotentially, execute arbitrary code. (CVE-2010-0827)\n\nMultiple integer overflow flaws were found in the way teTeX processed\nspecial commands when converting DVI files into PostScript. An attacker\ncould create a malicious DVI file that would cause the dvips executable to\ncrash or, potentially, execute arbitrary code. (CVE-2010-0739,\nCVE-2010-1440)\n\nA stack-based buffer overflow flaw was found in the way teTeX processed DVI\nfiles containing HyperTeX references with long titles, when converting them\ninto PostScript. An attacker could create a malicious DVI file that would\ncause the dvips executable to crash. (CVE-2007-5935)\n\nteTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF)\nfile viewer, to allow adding images in PDF format to the generated PDF\ndocuments. The following issues affect Xpdf code:\n\nMultiple integer overflow flaws were found in Xpdf's JBIG2 decoder. If a\nlocal user generated a PDF file from a TeX document, referencing a\nspecially-crafted PDF file, it would cause Xpdf to crash or, potentially,\nexecute arbitrary code with the privileges of the user running pdflatex.\n(CVE-2009-0147, CVE-2009-1179)\n\nMultiple integer overflow flaws were found in Xpdf. If a local user\ngenerated a PDF file from a TeX document, referencing a specially-crafted\nPDF file, it would cause Xpdf to crash or, potentially, execute arbitrary\ncode with the privileges of the user running pdflatex. (CVE-2009-0791,\nCVE-2009-3609)\n\nA heap-based buffer overflow flaw was found in Xpdf's JBIG2 decoder. If a\nlocal user generated a PDF file from a TeX document, referencing a\nspecially-crafted PDF file, it would cause Xpdf to crash or, potentially,\nexecute arbitrary code with the privileges of the user running pdflatex.\n(CVE-2009-0195)\n\nMultiple buffer overflow flaws were found in Xpdf's JBIG2 decoder. If a\nlocal user generated a PDF file from a TeX document, referencing a\nspecially-crafted PDF file, it would cause Xpdf to crash or, potentially,\nexecute arbitrary code with the privileges of the user running pdflatex.\n(CVE-2009-0146, CVE-2009-1182)\n\nMultiple flaws were found in Xpdf's JBIG2 decoder that could lead to the\nfreeing of arbitrary memory. If a local user generated a PDF file from a\nTeX document, referencing a specially-crafted PDF file, it would cause\nXpdf to crash or, potentially, execute arbitrary code with the privileges\nof the user running pdflatex. (CVE-2009-0166, CVE-2009-1180)\n\nMultiple input validation flaws were found in Xpdf's JBIG2 decoder. If a\nlocal user generated a PDF file from a TeX document, referencing a\nspecially-crafted PDF file, it would cause Xpdf to crash or, potentially,\nexecute arbitrary code with the privileges of the user running pdflatex.\n(CVE-2009-0800)\n\nMultiple denial of service flaws were found in Xpdf's JBIG2 decoder. If a\nlocal user generated a PDF file from a TeX document, referencing a\nspecially-crafted PDF file, it would cause Xpdf to crash. (CVE-2009-0799,\nCVE-2009-1181, CVE-2009-1183)\n\nRed Hat would like to thank Braden Thomas and Drew Yao of the Apple Product\nSecurity team, Will Dormann of the CERT/CC, and Alin Rad Pop of Secunia\nResearch, for responsibly reporting the Xpdf flaws.\n\nAll users of tetex are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-May/028673.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-May/028674.html\n\n**Affected packages:**\ntetex\ntetex-afm\ntetex-doc\ntetex-dvips\ntetex-fonts\ntetex-latex\ntetex-xdvi\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0399.html", "edition": 4, "modified": "2010-05-07T22:21:54", "published": "2010-05-07T22:21:31", "href": "http://lists.centos.org/pipermail/centos-announce/2010-May/028673.html", "id": "CESA-2010:0399", "title": "tetex security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-20T18:25:43", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0791", "CVE-2010-1440", "CVE-2010-0827", "CVE-2009-3609", "CVE-2010-0739", "CVE-2007-5935"], "description": "**CentOS Errata and Security Advisory** CESA-2010:0401\n\n\nteTeX is an implementation of TeX. TeX takes a text file and a set of\nformatting commands as input, and creates a typesetter-independent DeVice\nIndependent (DVI) file as output.\n\nA buffer overflow flaw was found in the way teTeX processed virtual font\nfiles when converting DVI files into PostScript. An attacker could create a\nmalicious DVI file that would cause the dvips executable to crash or,\npotentially, execute arbitrary code. (CVE-2010-0827)\n\nMultiple integer overflow flaws were found in the way teTeX processed\nspecial commands when converting DVI files into PostScript. An attacker\ncould create a malicious DVI file that would cause the dvips executable to\ncrash or, potentially, execute arbitrary code. (CVE-2010-0739,\nCVE-2010-1440)\n\nA stack-based buffer overflow flaw was found in the way teTeX processed DVI\nfiles containing HyperTeX references with long titles, when converting them\ninto PostScript. An attacker could create a malicious DVI file that would\ncause the dvips executable to crash. (CVE-2007-5935)\n\nteTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF)\nfile viewer, to allow adding images in PDF format to the generated PDF\ndocuments. The following issues affect Xpdf code:\n\nMultiple integer overflow flaws were found in Xpdf. If a local user\ngenerated a PDF file from a TeX document, referencing a specially-crafted\nPDF file, it would cause Xpdf to crash or, potentially, execute arbitrary\ncode with the privileges of the user running pdflatex. (CVE-2009-0791,\nCVE-2009-3609)\n\nAll users of tetex are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-May/028671.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-May/028672.html\n\n**Affected packages:**\ntetex\ntetex-afm\ntetex-doc\ntetex-dvips\ntetex-fonts\ntetex-latex\ntetex-xdvi\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0401.html", "edition": 4, "modified": "2010-05-07T22:13:32", "published": "2010-05-07T22:13:10", "href": "http://lists.centos.org/pipermail/centos-announce/2010-May/028671.html", "id": "CESA-2010:0401", "title": "tetex security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:44:41", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0146", "CVE-2009-0147", "CVE-2009-0166", "CVE-2009-0195", "CVE-2009-0791", "CVE-2009-0799", "CVE-2009-0800", "CVE-2009-1179", "CVE-2009-1180", "CVE-2009-1181", "CVE-2009-1182", "CVE-2009-1183", "CVE-2009-3608", "CVE-2009-3609", "CVE-2010-0739", "CVE-2010-0829", "CVE-2010-1440"], "description": "teTeX is an implementation of TeX. TeX takes a text file and a set of\nformatting commands as input, and creates a typesetter-independent DeVice\nIndependent (DVI) file as output.\n\nMultiple integer overflow flaws were found in the way teTeX processed\nspecial commands when converting DVI files into PostScript. An attacker\ncould create a malicious DVI file that would cause the dvips executable to\ncrash or, potentially, execute arbitrary code. (CVE-2010-0739,\nCVE-2010-1440)\n\nMultiple array index errors were found in the way teTeX converted DVI files\ninto the Portable Network Graphics (PNG) format. An attacker could create a\nmalicious DVI file that would cause the dvipng executable to crash.\n(CVE-2010-0829)\n\nteTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF)\nfile viewer, to allow adding images in PDF format to the generated PDF\ndocuments. The following issues affect Xpdf code:\n\nMultiple integer overflow flaws were found in Xpdf's JBIG2 decoder. If a\nlocal user generated a PDF file from a TeX document, referencing a\nspecially-crafted PDF file, it would cause Xpdf to crash or, potentially,\nexecute arbitrary code with the privileges of the user running pdflatex.\n(CVE-2009-0147, CVE-2009-1179)\n\nMultiple integer overflow flaws were found in Xpdf. If a local user\ngenerated a PDF file from a TeX document, referencing a specially-crafted\nPDF file, it would cause Xpdf to crash or, potentially, execute arbitrary\ncode with the privileges of the user running pdflatex. (CVE-2009-0791,\nCVE-2009-3608, CVE-2009-3609)\n\nA heap-based buffer overflow flaw was found in Xpdf's JBIG2 decoder. If a\nlocal user generated a PDF file from a TeX document, referencing a\nspecially-crafted PDF file, it would cause Xpdf to crash or, potentially,\nexecute arbitrary code with the privileges of the user running pdflatex.\n(CVE-2009-0195)\n\nMultiple buffer overflow flaws were found in Xpdf's JBIG2 decoder. If a\nlocal user generated a PDF file from a TeX document, referencing a\nspecially-crafted PDF file, it would cause Xpdf to crash or, potentially,\nexecute arbitrary code with the privileges of the user running pdflatex.\n(CVE-2009-0146, CVE-2009-1182)\n\nMultiple flaws were found in Xpdf's JBIG2 decoder that could lead to the\nfreeing of arbitrary memory. If a local user generated a PDF file from a\nTeX document, referencing a specially-crafted PDF file, it would cause\nXpdf to crash or, potentially, execute arbitrary code with the privileges\nof the user running pdflatex. (CVE-2009-0166, CVE-2009-1180)\n\nMultiple input validation flaws were found in Xpdf's JBIG2 decoder. If a\nlocal user generated a PDF file from a TeX document, referencing a\nspecially-crafted PDF file, it would cause Xpdf to crash or, potentially,\nexecute arbitrary code with the privileges of the user running pdflatex.\n(CVE-2009-0800)\n\nMultiple denial of service flaws were found in Xpdf's JBIG2 decoder. If a\nlocal user generated a PDF file from a TeX document, referencing a\nspecially-crafted PDF file, it would cause Xpdf to crash. (CVE-2009-0799,\nCVE-2009-1181, CVE-2009-1183)\n\nRed Hat would like to thank Braden Thomas and Drew Yao of the Apple Product\nSecurity team, Will Dormann of the CERT/CC, Alin Rad Pop of Secunia\nResearch, and Chris Rohlf, for responsibly reporting the Xpdf flaws.\n\nAll users of tetex are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n", "modified": "2017-09-08T11:49:27", "published": "2010-05-06T04:00:00", "id": "RHSA-2010:0400", "href": "https://access.redhat.com/errata/RHSA-2010:0400", "type": "redhat", "title": "(RHSA-2010:0400) Moderate: tetex security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:59", "bulletinFamily": "unix", "cvelist": ["CVE-2007-5935", "CVE-2009-0146", "CVE-2009-0147", "CVE-2009-0166", "CVE-2009-0195", "CVE-2009-0791", "CVE-2009-0799", "CVE-2009-0800", "CVE-2009-1179", "CVE-2009-1180", "CVE-2009-1181", "CVE-2009-1182", "CVE-2009-1183", "CVE-2009-3609", "CVE-2010-0739", "CVE-2010-0827", "CVE-2010-1440"], "description": "teTeX is an implementation of TeX. TeX takes a text file and a set of\nformatting commands as input, and creates a typesetter-independent DeVice\nIndependent (DVI) file as output.\n\nA buffer overflow flaw was found in the way teTeX processed virtual font\nfiles when converting DVI files into PostScript. An attacker could create a\nmalicious DVI file that would cause the dvips executable to crash or,\npotentially, execute arbitrary code. (CVE-2010-0827)\n\nMultiple integer overflow flaws were found in the way teTeX processed\nspecial commands when converting DVI files into PostScript. An attacker\ncould create a malicious DVI file that would cause the dvips executable to\ncrash or, potentially, execute arbitrary code. (CVE-2010-0739,\nCVE-2010-1440)\n\nA stack-based buffer overflow flaw was found in the way teTeX processed DVI\nfiles containing HyperTeX references with long titles, when converting them\ninto PostScript. An attacker could create a malicious DVI file that would\ncause the dvips executable to crash. (CVE-2007-5935)\n\nteTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF)\nfile viewer, to allow adding images in PDF format to the generated PDF\ndocuments. The following issues affect Xpdf code:\n\nMultiple integer overflow flaws were found in Xpdf's JBIG2 decoder. If a\nlocal user generated a PDF file from a TeX document, referencing a\nspecially-crafted PDF file, it would cause Xpdf to crash or, potentially,\nexecute arbitrary code with the privileges of the user running pdflatex.\n(CVE-2009-0147, CVE-2009-1179)\n\nMultiple integer overflow flaws were found in Xpdf. If a local user\ngenerated a PDF file from a TeX document, referencing a specially-crafted\nPDF file, it would cause Xpdf to crash or, potentially, execute arbitrary\ncode with the privileges of the user running pdflatex. (CVE-2009-0791,\nCVE-2009-3609)\n\nA heap-based buffer overflow flaw was found in Xpdf's JBIG2 decoder. If a\nlocal user generated a PDF file from a TeX document, referencing a\nspecially-crafted PDF file, it would cause Xpdf to crash or, potentially,\nexecute arbitrary code with the privileges of the user running pdflatex.\n(CVE-2009-0195)\n\nMultiple buffer overflow flaws were found in Xpdf's JBIG2 decoder. If a\nlocal user generated a PDF file from a TeX document, referencing a\nspecially-crafted PDF file, it would cause Xpdf to crash or, potentially,\nexecute arbitrary code with the privileges of the user running pdflatex.\n(CVE-2009-0146, CVE-2009-1182)\n\nMultiple flaws were found in Xpdf's JBIG2 decoder that could lead to the\nfreeing of arbitrary memory. If a local user generated a PDF file from a\nTeX document, referencing a specially-crafted PDF file, it would cause\nXpdf to crash or, potentially, execute arbitrary code with the privileges\nof the user running pdflatex. (CVE-2009-0166, CVE-2009-1180)\n\nMultiple input validation flaws were found in Xpdf's JBIG2 decoder. If a\nlocal user generated a PDF file from a TeX document, referencing a\nspecially-crafted PDF file, it would cause Xpdf to crash or, potentially,\nexecute arbitrary code with the privileges of the user running pdflatex.\n(CVE-2009-0800)\n\nMultiple denial of service flaws were found in Xpdf's JBIG2 decoder. If a\nlocal user generated a PDF file from a TeX document, referencing a\nspecially-crafted PDF file, it would cause Xpdf to crash. (CVE-2009-0799,\nCVE-2009-1181, CVE-2009-1183)\n\nRed Hat would like to thank Braden Thomas and Drew Yao of the Apple Product\nSecurity team, Will Dormann of the CERT/CC, and Alin Rad Pop of Secunia\nResearch, for responsibly reporting the Xpdf flaws.\n\nAll users of tetex are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n", "modified": "2017-09-08T11:58:52", "published": "2010-05-06T04:00:00", "id": "RHSA-2010:0399", "href": "https://access.redhat.com/errata/RHSA-2010:0399", "type": "redhat", "title": "(RHSA-2010:0399) Moderate: tetex security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:19", "bulletinFamily": "unix", "cvelist": ["CVE-2007-5935", "CVE-2009-0791", "CVE-2009-3609", "CVE-2010-0739", "CVE-2010-0827", "CVE-2010-1440"], "description": "teTeX is an implementation of TeX. TeX takes a text file and a set of\nformatting commands as input, and creates a typesetter-independent DeVice\nIndependent (DVI) file as output.\n\nA buffer overflow flaw was found in the way teTeX processed virtual font\nfiles when converting DVI files into PostScript. An attacker could create a\nmalicious DVI file that would cause the dvips executable to crash or,\npotentially, execute arbitrary code. (CVE-2010-0827)\n\nMultiple integer overflow flaws were found in the way teTeX processed\nspecial commands when converting DVI files into PostScript. An attacker\ncould create a malicious DVI file that would cause the dvips executable to\ncrash or, potentially, execute arbitrary code. (CVE-2010-0739,\nCVE-2010-1440)\n\nA stack-based buffer overflow flaw was found in the way teTeX processed DVI\nfiles containing HyperTeX references with long titles, when converting them\ninto PostScript. An attacker could create a malicious DVI file that would\ncause the dvips executable to crash. (CVE-2007-5935)\n\nteTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF)\nfile viewer, to allow adding images in PDF format to the generated PDF\ndocuments. The following issues affect Xpdf code:\n\nMultiple integer overflow flaws were found in Xpdf. If a local user\ngenerated a PDF file from a TeX document, referencing a specially-crafted\nPDF file, it would cause Xpdf to crash or, potentially, execute arbitrary\ncode with the privileges of the user running pdflatex. (CVE-2009-0791,\nCVE-2009-3609)\n\nAll users of tetex are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n", "modified": "2018-05-26T04:26:18", "published": "2010-05-06T04:00:00", "id": "RHSA-2010:0401", "href": "https://access.redhat.com/errata/RHSA-2010:0401", "type": "redhat", "title": "(RHSA-2010:0401) Moderate: tetex security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:23", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3608", "CVE-2009-1181", "CVE-2009-0791", "CVE-2007-5936", "CVE-2009-1180", "CVE-2009-0195", "CVE-2010-0829", "CVE-2010-1440", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-3609", "CVE-2009-0147", "CVE-2010-0739", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2007-5937", "CVE-2009-1179"], "description": "[3.0-33.8.el5.5]\n- unify patches for CVE-2010-0739 and CVE-2010-1440\n[3.0-33.8.el5.4]\n- fix CVE-2010-1440 (#586819)\n[3.0-33.8.el5.3]\n- initialize data in arithmetic coder elsewhere (CVE-2009-0146)\n[3.0-33.8.el5.2]\n- initialize dataLen to properly fix CVE-2009-0146\n[3.0-33.8.el5.1]\n- fix CVE-2010-0739 CVE-2010-0829 CVE-2007-5936 CVE-2007-5937\nCVE-2009-0146 CVE-2009-0195 CVE-2009-0147 CVE-2009-0166 CVE-2009-0799\nCVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182\nCVE-2009-1183 CVE-2009-0791 CVE-2009-3608 CVE-2009-3609\nResolves: #577328 ", "edition": 4, "modified": "2010-05-06T00:00:00", "published": "2010-05-06T00:00:00", "id": "ELSA-2010-0400", "href": "http://linux.oracle.com/errata/ELSA-2010-0400.html", "title": "tetex security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:50", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1181", "CVE-2009-0791", "CVE-2007-5936", "CVE-2009-1180", "CVE-2009-0195", "CVE-2010-1440", "CVE-2010-0827", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-3609", "CVE-2009-0147", "CVE-2010-0739", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2007-5937", "CVE-2007-5935", "CVE-2009-1179"], "description": "[2.0.2-22.EL4.16]\n- fix last changelog entry\n[2.0.2-22.EL4.15]\n- unify patches for CVE-2010-0739 and CVE-2010-1440\n[2.0.2-22.EL4.14]\n- add missing check in the first hunk in Stream.cc for CVE-2009-0791\n[2.0.2-22.EL4.13]\n- add another hunk to CVE-2010-0827 patch to fix tfmload.c as well\n (https://bugzilla.redhat.com/show_bug.cgi?id=577322#c3)\n[2.0.2-22.0.1.EL4.12]\n- fix SELinux contexts after install\n[2.0.2-22.0.1.EL4.11]\n- fix CVE-2010-0827 CVE-2010-0739 CVE-2007-5935 CVE-2007-5936 CVE-2007-5937\nCVE-2009-0146 CVE-2009-0195 CVE-2009-0147 CVE-2009-0166 CVE-2009-0799\nCVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182\nCVE-2009-1183 CVE-2009-0791 CVE-2009-3609\nResolves: #577322", "edition": 4, "modified": "2010-05-06T00:00:00", "published": "2010-05-06T00:00:00", "id": "ELSA-2010-0399", "href": "http://linux.oracle.com/errata/ELSA-2010-0399.html", "title": "tetex security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:57", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0791", "CVE-2007-5936", "CVE-2010-1440", "CVE-2010-0827", "CVE-2009-3609", "CVE-2010-0739", "CVE-2007-5937", "CVE-2007-5935"], "description": "[1.0.7-67.19]\n- apply patch for CVE-2007-5935 in proper location\n[1.0.7-67.18]\n- add overflow check for CVE-2009-0791\n- unify pacthes for 2010-0739 and CVE-2010-1440\n[1.0.7-67.17]\n- fix version typos in the last changelog entries\n[1.0.7-67.16]\n- include limits.h for INT_MAX\n[1.0.7-67.15]\n- fix CVE-2009-0791 patch, xpdf in this old version doesn't know\n anything about GMEM_EXCEP\n[1.0.7-67.14]\n- add another hunk to CVE-2010-0827 patch to fix tfmload.c as well\n (https://bugzilla.redhat.com/show_bug.cgi?id=577322#c3)\n[1.0.7-67.13]\n- fix virtual fonts patch, CVE-2010-0827\n (https://bugzilla.redhat.com/show_bug.cgi?id=572914#c11)\n[1.0.7-67.12]\n- fix CVE-2007-5935 CVE-2007-5936 CVE-2007-5937 CVE-2009-0791 CVE-2009-3609\nCVE-2010-0739 CVE-2010-0827\nResolves: #577309", "edition": 4, "modified": "2010-05-06T00:00:00", "published": "2010-05-06T00:00:00", "id": "ELSA-2010-0401", "href": "http://linux.oracle.com/errata/ELSA-2010-0401.html", "title": "tetex security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "slackware": [{"lastseen": "2019-05-30T07:37:10", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0164", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-0146", "CVE-2009-0163"], "description": "New cups packages are available for Slackware 12.0, 12.1, 12.2, and -current to\nfix security issues.\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0163\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0164\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166\n\n\nHere are the details from the Slackware 12.2 ChangeLog:\n\npatches/packages/cups-1.3.10-i486-1_slack12.2.tgz:\n Upgraded to cups-1.3.10.\n This fixes several security issues, including an integer overflow in the TIFF\n decoder, a failure to properly verify the Host HTTP header, and several\n problems with PDF handling (the new CUPS uses a wrapper rather than embedded\n code taken from xpdf). These issues could result in a denial of service or\n the execution of arbitrary code.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0163\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0164\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/cups-1.3.10-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/cups-1.3.10-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/cups-1.3.10-i486-1_slack12.2.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/cups-1.3.10-i486-1.tgz\n\n\nMD5 signatures:\n\nSlackware 12.0 package:\ndbf34b8eb6f942ae8cb14ab43e5d3abf cups-1.3.10-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\n96e3963385de424bd0455760ecf70944 cups-1.3.10-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\nccb8896aeb41dd321af8318e51e9f8d2 cups-1.3.10-i486-1_slack12.2.tgz\n\nSlackware -current package:\nf7bd3fa36e2c2741ad029ed07fa4425b cups-1.3.10-i486-1.tgz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg cups-1.3.10-i486-1_slack12.2.tgz\n\nIf the machine is running the CUPS server, restart it:\n\n > sh /etc/rc.d/rc.cups restart", "modified": "2009-04-26T15:50:34", "published": "2009-04-26T15:50:34", "id": "SSA-2009-116-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.448542", "type": "slackware", "title": "cups", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:15", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0164", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-0146", "CVE-2009-0163"], "description": "\nGentoo security team summarizes:\n\nThe following issues were reported in CUPS:\n\niDefense reported an integer overflow in the\n\t _cupsImageReadTIFF() function in the \"imagetops\" filter,\n\t leading to a heap-based buffer overflow (CVE-2009-0163).\nAaron Siegel of Apple Product Security reported that the\n\t CUPS web interface does not verify the content of the \"Host\"\n\t HTTP header properly (CVE-2009-0164).\nBraden Thomas and Drew Yao of Apple Product Security\n\t reported that CUPS is vulnerable to CVE-2009-0146,\n\t CVE-2009-0147 and CVE-2009-0166, found earlier in xpdf and\n\t poppler.\n\nA remote attacker might send or entice a user to send a\n\t specially crafted print job to CUPS, possibly resulting in the\n\t execution of arbitrary code with the privileges of the\n\t configured CUPS user -- by default this is \"lp\", or a Denial\n\t of Service. Furthermore, the web interface could be used to\n\t conduct DNS rebinding attacks.\n\n", "edition": 4, "modified": "2009-05-13T00:00:00", "published": "2009-05-05T00:00:00", "id": "736E55BC-39BB-11DE-A493-001B77D09812", "href": "https://vuxml.freebsd.org/freebsd/736e55bc-39bb-11de-a493-001b77d09812.html", "title": "cups -- remote code execution and DNS rebinding", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}
