CentOS Update for kdegraphics CESA-2009:1512 centos4 i386

CentOS Update for kdegraphics CESA-2009:1512 centos4 i386. Multiple integer overflow flaws were found in KPDF, a viewer for PDF files, which could allow attackers to execute arbitrary code. Please Install the Updated Packages

Reporter	Title	Published	Views	Family All 485
ALT Linux	Security fix for the ALT Linux 5 package xpdf version 3.02-alt5	22 Apr 200900:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 5 package xpdf version 3.02-alt7	15 Nov 200900:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 5 package poppler5 version 0.12.1-alt1	19 Oct 200900:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 5 package kdegraphics version 3.5.10-alt3	19 Oct 200900:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 5 package poppler5 version 0.10.6-alt1	20 Apr 200900:00	–	altlinux
BDU FSTEC	Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information	6 Jul 201600:00	–	bdu_fstec
BDU FSTEC	Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information	6 Jul 201600:00	–	bdu_fstec
BDU FSTEC	Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information	6 Jul 201600:00	–	bdu_fstec
BDU FSTEC	Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information	6 Jul 201600:00	–	bdu_fstec
BDU FSTEC	Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information	6 Jul 201600:00	–	bdu_fstec

Source	Link
lists	www.lists.centos.org/pipermail/centos-announce/2009-October/016193.html

###############################################################################
# OpenVAS Vulnerability Test
#
# CentOS Update for kdegraphics CESA-2009:1512 centos4 i386
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");
tag_insight = "The kdegraphics packages contain applications for the K Desktop
  Environment, including KPDF, a viewer for Portable Document Format (PDF)
  files.

  Multiple integer overflow flaws were found in KPDF. An attacker could
  create a malicious PDF file that would cause KPDF to crash or, potentially,
  execute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188,
  CVE-2009-3604, CVE-2009-3608, CVE-2009-3609)
  
  Red Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604
  issue, and Chris Rohlf for reporting the CVE-2009-3608 issue.
  
  Users are advised to upgrade to these updated packages, which contain a
  backported patch to resolve these issues.";
tag_solution = "Please Install the Updated Packages.";

tag_affected = "kdegraphics on CentOS 4";


if(description)
{
  script_xref(name : "URL" , value : "http://lists.centos.org/pipermail/centos-announce/2009-October/016193.html");
  script_id(880906);
  script_version("$Revision: 6653 $");
  script_tag(name:"last_modification", value:"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $");
  script_tag(name:"creation_date", value:"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)");
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_xref(name: "CESA", value: "2009:1512");
  script_cve_id("CVE-2009-0791", "CVE-2009-1188", "CVE-2009-3604", "CVE-2009-3608", "CVE-2009-3609");
  script_name("CentOS Update for kdegraphics CESA-2009:1512 centos4 i386");

  script_summary("Check for the Version of kdegraphics");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
  script_family("CentOS Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/centos", "ssh/login/rpms");
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("pkg-lib-rpm.inc");

release = get_kb_item("ssh/login/release");


res = "";
if(release == NULL){
  exit(0);
}

if(release == "CentOS4")
{

  if ((res = isrpmvuln(pkg:"kdegraphics", rpm:"kdegraphics~3.3.1~15.el4_8.2", rls:"CentOS4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"kdegraphics-devel", rpm:"kdegraphics-devel~3.3.1~15.el4_8.2", rls:"CentOS4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}

10 Jul 2017 00:00Current

0.2Low risk

Vulners AI Score0.2

EPSS0.10228