{"id": "RHSA-2009:1123", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2009:1123) Moderate: gstreamer-plugins-good security update", "description": "GStreamer is a streaming media framework, based on graphs of filters which\noperate on media data. GStreamer Good Plug-ins is a collection of\nwell-supported, good quality GStreamer plug-ins.\n\nMultiple integer overflow flaws, that could lead to a buffer overflow, were\nfound in the GStreamer Good Plug-ins PNG decoding handler. An attacker\ncould create a specially-crafted PNG file that would cause an application\nusing the GStreamer Good Plug-ins library to crash or, potentially, execute\narbitrary code as the user running the application when parsed.\n(CVE-2009-1932)\n\nAll users of gstreamer-plugins-good are advised to upgrade to these updated\npackages, which contain a backported patch to correct these issues. After\ninstalling the update, all applications using GStreamer Good Plug-ins (such\nas some media playing applications) must be restarted for the changes to\ntake effect.", "published": "2009-06-25T00:00:00", "modified": "2017-09-08T07:49:17", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "href": "https://access.redhat.com/errata/RHSA-2009:1123", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2009-1932"], "immutableFields": [], "lastseen": "2021-10-21T04:44:44", "viewCount": 1, "enchantments": {"score": {"value": 7.8, "vector": "NONE"}, "dependencies": {"references": [{"type": "centos", "idList": ["CESA-2009:1123"]}, {"type": "cve", "idList": ["CVE-2009-1932"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1839-1:E5280"]}, {"type": "gentoo", "idList": ["GLSA-200907-11"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2009-1123.NASL", "DEBIAN_DSA-1839.NASL", "GENTOO_GLSA-200907-11.NASL", "MANDRIVA_MDVSA-2009-130.NASL", "ORACLELINUX_ELSA-2009-1123.NASL", "REDHAT-RHSA-2009-1123.NASL", "SL_20090625_GSTREAMER_PLUGINS_GOOD_ON_SL5_X.NASL", "SUSE_11_0_GSTREAMER-0_10-PLUGINS-GOOD-090609.NASL", "SUSE_11_1_GSTREAMER-0_10-PLUGINS-GOOD-090609.NASL", "SUSE_11_2_GSTREAMER-0_10-PLUGINS-GOOD-091218.NASL", "SUSE_11_GSTREAMER-0_10-PLUGINS-GOOD-090609.NASL", "SUSE_GSTREAMER010-PLUGINS-GOOD-6293.NASL", "SUSE_GSTREAMER010-PLUGINS-GOOD-6295.NASL", "UBUNTU_USN-789-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310122471", "OPENVAS:136141256231064181", "OPENVAS:136141256231064276", "OPENVAS:136141256231064329", "OPENVAS:136141256231064433", "OPENVAS:136141256231064477", "OPENVAS:136141256231065684", "OPENVAS:136141256231065950", "OPENVAS:136141256231066393", "OPENVAS:1361412562310880798", "OPENVAS:64181", "OPENVAS:64276", "OPENVAS:64318", "OPENVAS:64329", "OPENVAS:64433", "OPENVAS:64477", "OPENVAS:65684", "OPENVAS:65950", "OPENVAS:66393", "OPENVAS:880798"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-1123"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:21959", "SECURITYVULNS:VULN:9967"]}, {"type": "ubuntu", "idList": ["USN-789-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2009-1932"]}], "rev": 4}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2009:1123"]}, {"type": "cve", "idList": ["CVE-2009-1932"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1839-1:E5280"]}, {"type": "gentoo", "idList": ["GLSA-200907-11"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-200907-11.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:66393"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-1123"]}, {"type": "ubuntu", "idList": ["USN-789-1"]}]}, "exploitation": null, "vulnersScore": 7.8}, "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "arch": "s390x", "packageVersion": "0.10.9-1.el5_3.2", "packageFilename": "gstreamer-plugins-good-0.10.9-1.el5_3.2.s390x.rpm", "operator": "lt", "packageName": "gstreamer-plugins-good"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390x", "packageVersion": "0.10.9-1.el5_3.2", "packageFilename": "gstreamer-plugins-good-devel-0.10.9-1.el5_3.2.s390x.rpm", "operator": "lt", "packageName": "gstreamer-plugins-good-devel"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageVersion": "0.10.9-1.el5_3.2", "packageFilename": "gstreamer-plugins-good-0.10.9-1.el5_3.2.i386.rpm", "operator": "lt", "packageName": "gstreamer-plugins-good"}, {"OS": "RedHat", "OSVersion": "5", "arch": "src", "packageVersion": "0.10.9-1.el5_3.2", "packageFilename": "gstreamer-plugins-good-0.10.9-1.el5_3.2.src.rpm", "operator": "lt", "packageName": "gstreamer-plugins-good"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390", "packageVersion": "0.10.9-1.el5_3.2", "packageFilename": "gstreamer-plugins-good-devel-0.10.9-1.el5_3.2.s390.rpm", "operator": "lt", "packageName": "gstreamer-plugins-good-devel"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ppc64", "packageVersion": "0.10.9-1.el5_3.2", "packageFilename": "gstreamer-plugins-good-0.10.9-1.el5_3.2.ppc64.rpm", "operator": "lt", "packageName": "gstreamer-plugins-good"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ppc", "packageVersion": "0.10.9-1.el5_3.2", "packageFilename": "gstreamer-plugins-good-0.10.9-1.el5_3.2.ppc.rpm", "operator": "lt", "packageName": "gstreamer-plugins-good"}, {"OS": "RedHat", "OSVersion": "5", "arch": "x86_64", "packageVersion": "0.10.9-1.el5_3.2", "packageFilename": "gstreamer-plugins-good-devel-0.10.9-1.el5_3.2.x86_64.rpm", "operator": "lt", "packageName": "gstreamer-plugins-good-devel"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageVersion": "0.10.9-1.el5_3.2", "packageFilename": "gstreamer-plugins-good-devel-0.10.9-1.el5_3.2.i386.rpm", "operator": "lt", "packageName": "gstreamer-plugins-good-devel"}, {"OS": "RedHat", "OSVersion": "5", "arch": "x86_64", "packageVersion": "0.10.9-1.el5_3.2", "packageFilename": "gstreamer-plugins-good-0.10.9-1.el5_3.2.x86_64.rpm", "operator": "lt", "packageName": "gstreamer-plugins-good"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ia64", "packageVersion": "0.10.9-1.el5_3.2", "packageFilename": "gstreamer-plugins-good-devel-0.10.9-1.el5_3.2.ia64.rpm", "operator": "lt", "packageName": "gstreamer-plugins-good-devel"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ppc64", "packageVersion": "0.10.9-1.el5_3.2", "packageFilename": "gstreamer-plugins-good-devel-0.10.9-1.el5_3.2.ppc64.rpm", "operator": "lt", "packageName": "gstreamer-plugins-good-devel"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ppc", "packageVersion": "0.10.9-1.el5_3.2", "packageFilename": "gstreamer-plugins-good-devel-0.10.9-1.el5_3.2.ppc.rpm", "operator": "lt", "packageName": "gstreamer-plugins-good-devel"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ia64", "packageVersion": "0.10.9-1.el5_3.2", "packageFilename": "gstreamer-plugins-good-0.10.9-1.el5_3.2.ia64.rpm", "operator": "lt", "packageName": "gstreamer-plugins-good"}], "vendorCvss": {"severity": "moderate"}, "_state": {"dependencies": 1646893701}}

{"nessus": [{"lastseen": "2021-08-19T13:07:16", "description": "Specially crafted files could cause integer overflows in the PNG decoding module of GStreamer (CVE-2009-1932).", "cvss3": {"score": null, "vector": null}, "published": "2009-07-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : gstreamer-0_10-plugins-good (gstreamer-0_10-plugins-good-989)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1932"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good", "p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-extra", "p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-lang", "cpe:/o:novell:opensuse:11.0"], "id": "SUSE_11_0_GSTREAMER-0_10-PLUGINS-GOOD-090609.NASL", "href": "https://www.tenable.com/plugins/nessus/39978", "sourceData": "if (\n !defined_func(\"nasl_level\") ||\n nasl_level() < 61201 ||\n (nasl_level() >= 70000 && nasl_level() < 70105) ||\n (nasl_level() >= 70200 && nasl_level() < 70203) ||\n (nasl_level() >= 80000 && nasl_level() < 80502)\n ) exit(0);\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update gstreamer-0_10-plugins-good-989.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(39978);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/10/24 13:56:46\");\n\n script_cve_id(\"CVE-2009-1932\");\n\n script_name(english:\"openSUSE Security Update : gstreamer-0_10-plugins-good (gstreamer-0_10-plugins-good-989)\");\n script_summary(english:\"Check for the gstreamer-0_10-plugins-good-989 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted files could cause integer overflows in the PNG\ndecoding module of GStreamer (CVE-2009-1932).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=510292\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gstreamer-0_10-plugins-good packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"gstreamer-0_10-plugins-good-0.10.7-38.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"gstreamer-0_10-plugins-good-extra-0.10.7-38.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"gstreamer-0_10-plugins-good-lang-0.10.7-38.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gstreamer-0_10-plugins-good / gstreamer-0_10-plugins-good-extra / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:05:13", "description": "It has been discovered that gst-plugins-good0.10, the GStreamer plugins from the 'good' set, are prone to an integer overflow, when processing a large PNG file. This could lead to the execution of arbitrary code.", "cvss3": {"score": null, "vector": null}, "published": "2010-02-24T00:00:00", "type": "nessus", "title": "Debian DSA-1839-1 : gst-plugins-good0.10 - integer overflow", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1932"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:gst-plugins-good0.10", "cpe:/o:debian:debian_linux:4.0", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-1839.NASL", "href": "https://www.tenable.com/plugins/nessus/44704", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1839. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44704);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-1932\");\n script_xref(name:\"DSA\", value:\"1839\");\n\n script_name(english:\"Debian DSA-1839-1 : gst-plugins-good0.10 - integer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It has been discovered that gst-plugins-good0.10, the GStreamer\nplugins from the 'good' set, are prone to an integer overflow, when\nprocessing a large PNG file. This could lead to the execution of\narbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=531631\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532352\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1839\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the gst-plugins-good0.10 packages.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.10.8-4.1~lenny2.\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 0.10.4-4+etch1.\n\nPackages for the s390 and hppa architectures will be released once\nthey are available.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gst-plugins-good0.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"gstreamer0.10-esd\", reference:\"0.10.4-4+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"gstreamer0.10-plugins-good\", reference:\"0.10.4-4+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"gstreamer0.10-plugins-good-dbg\", reference:\"0.10.4-4+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"gstreamer0.10-plugins-good-doc\", reference:\"0.10.4-4+etch1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"gstreamer0.10-esd\", reference:\"0.10.8-4.1~lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"gstreamer0.10-plugins-good\", reference:\"0.10.8-4.1~lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"gstreamer0.10-plugins-good-dbg\", reference:\"0.10.8-4.1~lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"gstreamer0.10-plugins-good-doc\", reference:\"0.10.8-4.1~lenny2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:05:32", "description": "Specially crafted files could cause integer overflows in the PNG decoding module of GStreamer (CVE-2009-1932).", "cvss3": {"score": null, "vector": null}, "published": "2010-01-06T00:00:00", "type": "nessus", "title": "openSUSE Security Update : gstreamer-0_10-plugins-good (gstreamer-0_10-plugins-good-1717)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1932"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good", "p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-extra", "p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-lang", "cpe:/o:novell:opensuse:11.2"], "id": "SUSE_11_2_GSTREAMER-0_10-PLUGINS-GOOD-091218.NASL", "href": "https://www.tenable.com/plugins/nessus/43813", "sourceData": "if (\n !defined_func(\"nasl_level\") ||\n nasl_level() < 61201 ||\n (nasl_level() >= 70000 && nasl_level() < 70105) ||\n (nasl_level() >= 70200 && nasl_level() < 70203) ||\n (nasl_level() >= 80000 && nasl_level() < 80502)\n ) exit(0);\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update gstreamer-0_10-plugins-good-1717.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43813);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/10/24 13:56:47\");\n\n script_cve_id(\"CVE-2009-1932\");\n\n script_name(english:\"openSUSE Security Update : gstreamer-0_10-plugins-good (gstreamer-0_10-plugins-good-1717)\");\n script_summary(english:\"Check for the gstreamer-0_10-plugins-good-1717 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted files could cause integer overflows in the PNG\ndecoding module of GStreamer (CVE-2009-1932).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=510292\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gstreamer-0_10-plugins-good packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"gstreamer-0_10-plugins-good-0.10.15-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"gstreamer-0_10-plugins-good-extra-0.10.15-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"gstreamer-0_10-plugins-good-lang-0.10.15-3.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gstreamer-0_10-plugins-good / gstreamer-0_10-plugins-good-extra / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:07:12", "description": "Specially crafted files could cause integer overflows in the PNG decoding module of GStreamer (CVE-2009-1932).", "cvss3": {"score": null, "vector": null}, "published": "2009-07-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : gstreamer-0_10-plugins-good (gstreamer-0_10-plugins-good-989)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1932"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good", "p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-extra", "p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-lang", "cpe:/o:novell:opensuse:11.1"], "id": "SUSE_11_1_GSTREAMER-0_10-PLUGINS-GOOD-090609.NASL", "href": "https://www.tenable.com/plugins/nessus/40228", "sourceData": "if (\n !defined_func(\"nasl_level\") ||\n nasl_level() < 61201 ||\n (nasl_level() >= 70000 && nasl_level() < 70105) ||\n (nasl_level() >= 70200 && nasl_level() < 70203) ||\n (nasl_level() >= 80000 && nasl_level() < 80502)\n ) exit(0);\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update gstreamer-0_10-plugins-good-989.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40228);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/10/24 13:56:47\");\n\n script_cve_id(\"CVE-2009-1932\");\n\n script_name(english:\"openSUSE Security Update : gstreamer-0_10-plugins-good (gstreamer-0_10-plugins-good-989)\");\n script_summary(english:\"Check for the gstreamer-0_10-plugins-good-989 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted files could cause integer overflows in the PNG\ndecoding module of GStreamer (CVE-2009-1932).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=510292\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gstreamer-0_10-plugins-good packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"gstreamer-0_10-plugins-good-0.10.10-3.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"gstreamer-0_10-plugins-good-extra-0.10.10-3.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"gstreamer-0_10-plugins-good-lang-0.10.10-3.22.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gstreamer-0_10-plugins-good / gstreamer-0_10-plugins-good-extra / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:06:41", "description": "Specially crafted files could cause integer overflows in the PNG decoding module of GStreamer. (CVE-2009-1932)", "cvss3": {"score": null, "vector": null}, "published": "2009-09-24T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : gstreamer (ZYPP Patch Number 6293)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1932"], "modified": "2019-10-24T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_GSTREAMER010-PLUGINS-GOOD-6293.NASL", "href": "https://www.tenable.com/plugins/nessus/41518", "sourceData": "if (\n !defined_func(\"nasl_level\") ||\n nasl_level() < 61201 ||\n (nasl_level() >= 70000 && nasl_level() < 70105) ||\n (nasl_level() >= 70200 && nasl_level() < 70203) ||\n (nasl_level() >= 80000 && nasl_level() < 80502)\n ) exit(0);\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(41518);\n script_version (\"1.9\");\n script_cvs_date(\"Date: 2019/10/24 13:56:49\");\n\n script_cve_id(\"CVE-2009-1932\");\n\n script_name(english:\"SuSE 10 Security Update : gstreamer (ZYPP Patch Number 6293)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted files could cause integer overflows in the PNG\ndecoding module of GStreamer. (CVE-2009-1932)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1932.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6293.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"gstreamer010-plugins-good-0.10.2-16.23\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"gstreamer010-plugins-good-doc-0.10.2-16.23\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"gstreamer010-plugins-good-extra-0.10.2-16.23\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"gstreamer010-plugins-good-0.10.2-16.23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:07:37", "description": "Tielei Wang discovered that GStreamer Good Plugins did not correctly handle malformed PNG image files. If a user were tricked into opening a crafted PNG image file with a GStreamer application, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2009-06-23T00:00:00", "type": "nessus", "title": "Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : gst-plugins-good0.10 vulnerability (USN-789-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1932"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:gstreamer0.10-esd", "p-cpe:/a:canonical:ubuntu_linux:gstreamer0.10-plugins-good", "p-cpe:/a:canonical:ubuntu_linux:gstreamer0.10-plugins-good-dbg", "p-cpe:/a:canonical:ubuntu_linux:gstreamer0.10-plugins-good-doc", "p-cpe:/a:canonical:ubuntu_linux:gstreamer0.10-pulseaudio", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:8.10", "cpe:/o:canonical:ubuntu_linux:9.04"], "id": "UBUNTU_USN-789-1.NASL", "href": "https://www.tenable.com/plugins/nessus/39491", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-789-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39491);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2009-1932\");\n script_xref(name:\"USN\", value:\"789-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : gst-plugins-good0.10 vulnerability (USN-789-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tielei Wang discovered that GStreamer Good Plugins did not correctly\nhandle malformed PNG image files. If a user were tricked into opening\na crafted PNG image file with a GStreamer application, an attacker\ncould cause a denial of service via application crash, or possibly\nexecute arbitrary code with the privileges of the user invoking the\nprogram.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/789-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gstreamer0.10-esd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gstreamer0.10-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gstreamer0.10-plugins-good-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gstreamer0.10-plugins-good-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gstreamer0.10-pulseaudio\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|8\\.04|8\\.10|9\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 8.04 / 8.10 / 9.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"gstreamer0.10-esd\", pkgver:\"0.10.3-0ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"gstreamer0.10-plugins-good\", pkgver:\"0.10.3-0ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"gstreamer0.10-plugins-good-dbg\", pkgver:\"0.10.3-0ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"gstreamer0.10-plugins-good-doc\", pkgver:\"0.10.3-0ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"gstreamer0.10-esd\", pkgver:\"0.10.7-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"gstreamer0.10-plugins-good\", pkgver:\"0.10.7-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"gstreamer0.10-plugins-good-dbg\", pkgver:\"0.10.7-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"gstreamer0.10-plugins-good-doc\", pkgver:\"0.10.7-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"gstreamer0.10-esd\", pkgver:\"0.10.10.4-1ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"gstreamer0.10-plugins-good\", pkgver:\"0.10.10.4-1ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"gstreamer0.10-plugins-good-dbg\", pkgver:\"0.10.10.4-1ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"gstreamer0.10-plugins-good-doc\", pkgver:\"0.10.10.4-1ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"gstreamer0.10-pulseaudio\", pkgver:\"0.10.10.4-1ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"gstreamer0.10-esd\", pkgver:\"0.10.14-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"gstreamer0.10-plugins-good\", pkgver:\"0.10.14-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"gstreamer0.10-plugins-good-dbg\", pkgver:\"0.10.14-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"gstreamer0.10-plugins-good-doc\", pkgver:\"0.10.14-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"gstreamer0.10-pulseaudio\", pkgver:\"0.10.14-1ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gstreamer0.10-esd / gstreamer0.10-plugins-good / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:05:25", "description": "Updated gstreamer-plugins-good packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nGStreamer is a streaming media framework, based on graphs of filters which operate on media data. GStreamer Good Plug-ins is a collection of well-supported, good quality GStreamer plug-ins.\n\nMultiple integer overflow flaws, that could lead to a buffer overflow, were found in the GStreamer Good Plug-ins PNG decoding handler. An attacker could create a specially crafted PNG file that would cause an application using the GStreamer Good Plug-ins library to crash or, potentially, execute arbitrary code as the user running the application when parsed. (CVE-2009-1932)\n\nAll users of gstreamer-plugins-good are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. After installing the update, all applications using GStreamer Good Plug-ins (such as some media playing applications) must be restarted for the changes to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2010-01-06T00:00:00", "type": "nessus", "title": "CentOS 5 : gstreamer-plugins-good (CESA-2009:1123)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1932"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:gstreamer-plugins-good", "p-cpe:/a:centos:centos:gstreamer-plugins-good-devel", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2009-1123.NASL", "href": "https://www.tenable.com/plugins/nessus/43761", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1123 and \n# CentOS Errata and Security Advisory 2009:1123 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43761);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-1932\");\n script_xref(name:\"RHSA\", value:\"2009:1123\");\n\n script_name(english:\"CentOS 5 : gstreamer-plugins-good (CESA-2009:1123)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated gstreamer-plugins-good packages that fix multiple security\nissues are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nGStreamer is a streaming media framework, based on graphs of filters\nwhich operate on media data. GStreamer Good Plug-ins is a collection\nof well-supported, good quality GStreamer plug-ins.\n\nMultiple integer overflow flaws, that could lead to a buffer overflow,\nwere found in the GStreamer Good Plug-ins PNG decoding handler. An\nattacker could create a specially crafted PNG file that would cause an\napplication using the GStreamer Good Plug-ins library to crash or,\npotentially, execute arbitrary code as the user running the\napplication when parsed. (CVE-2009-1932)\n\nAll users of gstreamer-plugins-good are advised to upgrade to these\nupdated packages, which contain a backported patch to correct these\nissues. After installing the update, all applications using GStreamer\nGood Plug-ins (such as some media playing applications) must be\nrestarted for the changes to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-June/016005.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9aaacfb9\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-June/016006.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?089dbb72\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gstreamer-plugins-good packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gstreamer-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gstreamer-plugins-good-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/06/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"gstreamer-plugins-good-0.10.9-1.el5_3.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"gstreamer-plugins-good-devel-0.10.9-1.el5_3.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gstreamer-plugins-good / gstreamer-plugins-good-devel\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:07:34", "description": "Multiple integer overflows in the (1) user_info_callback, (2) user_endrow_callback, and (3) gst_pngdec_task functions (ext/libpng/gstpngdec.c) in GStreamer Good Plug-ins (aka gst-plugins-good or gstreamer-plugins-good) 0.10.15 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted PNG file, which triggers a buffer overflow (CVE-2009-1932).\n\nUpdate :\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0 customers", "cvss3": {"score": null, "vector": null}, "published": "2009-06-08T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : gstreamer0.10-plugins-good (MDVSA-2009:130-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1932"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:gstreamer0.10-aalib", "p-cpe:/a:mandriva:linux:gstreamer0.10-caca", "p-cpe:/a:mandriva:linux:gstreamer0.10-dv", "p-cpe:/a:mandriva:linux:gstreamer0.10-esound", "p-cpe:/a:mandriva:linux:gstreamer0.10-flac", "p-cpe:/a:mandriva:linux:gstreamer0.10-plugins-good", "p-cpe:/a:mandriva:linux:gstreamer0.10-raw1394", "p-cpe:/a:mandriva:linux:gstreamer0.10-speex", "p-cpe:/a:mandriva:linux:gstreamer0.10-wavpack", "cpe:/o:mandriva:linux:2008.0"], "id": "MANDRIVA_MDVSA-2009-130.NASL", "href": "https://www.tenable.com/plugins/nessus/39322", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:130. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39322);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-1932\");\n script_xref(name:\"MDVSA\", value:\"2009:130-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : gstreamer0.10-plugins-good (MDVSA-2009:130-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple integer overflows in the (1) user_info_callback, (2)\nuser_endrow_callback, and (3) gst_pngdec_task functions\n(ext/libpng/gstpngdec.c) in GStreamer Good Plug-ins (aka\ngst-plugins-good or gstreamer-plugins-good) 0.10.15 allow remote\nattackers to cause a denial of service and possibly execute arbitrary\ncode via a crafted PNG file, which triggers a buffer overflow\n(CVE-2009-1932).\n\nUpdate :\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gstreamer0.10-aalib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gstreamer0.10-caca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gstreamer0.10-dv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gstreamer0.10-esound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gstreamer0.10-flac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gstreamer0.10-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gstreamer0.10-raw1394\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gstreamer0.10-speex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gstreamer0.10-wavpack\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gstreamer0.10-aalib-0.10.6-3.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gstreamer0.10-caca-0.10.6-3.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gstreamer0.10-dv-0.10.6-3.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gstreamer0.10-esound-0.10.6-3.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gstreamer0.10-flac-0.10.6-3.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gstreamer0.10-plugins-good-0.10.6-3.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gstreamer0.10-raw1394-0.10.6-3.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gstreamer0.10-speex-0.10.6-3.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gstreamer0.10-wavpack-0.10.6-3.3mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:54:35", "description": "From Red Hat Security Advisory 2009:1123 :\n\nUpdated gstreamer-plugins-good packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nGStreamer is a streaming media framework, based on graphs of filters which operate on media data. GStreamer Good Plug-ins is a collection of well-supported, good quality GStreamer plug-ins.\n\nMultiple integer overflow flaws, that could lead to a buffer overflow, were found in the GStreamer Good Plug-ins PNG decoding handler. An attacker could create a specially crafted PNG file that would cause an application using the GStreamer Good Plug-ins library to crash or, potentially, execute arbitrary code as the user running the application when parsed. (CVE-2009-1932)\n\nAll users of gstreamer-plugins-good are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. After installing the update, all applications using GStreamer Good Plug-ins (such as some media playing applications) must be restarted for the changes to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : gstreamer-plugins-good (ELSA-2009-1123)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1932"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:gstreamer-plugins-good", "p-cpe:/a:oracle:linux:gstreamer-plugins-good-devel", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2009-1123.NASL", "href": "https://www.tenable.com/plugins/nessus/67879", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2009:1123 and \n# Oracle Linux Security Advisory ELSA-2009-1123 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67879);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1932\");\n script_xref(name:\"RHSA\", value:\"2009:1123\");\n\n script_name(english:\"Oracle Linux 5 : gstreamer-plugins-good (ELSA-2009-1123)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2009:1123 :\n\nUpdated gstreamer-plugins-good packages that fix multiple security\nissues are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nGStreamer is a streaming media framework, based on graphs of filters\nwhich operate on media data. GStreamer Good Plug-ins is a collection\nof well-supported, good quality GStreamer plug-ins.\n\nMultiple integer overflow flaws, that could lead to a buffer overflow,\nwere found in the GStreamer Good Plug-ins PNG decoding handler. An\nattacker could create a specially crafted PNG file that would cause an\napplication using the GStreamer Good Plug-ins library to crash or,\npotentially, execute arbitrary code as the user running the\napplication when parsed. (CVE-2009-1932)\n\nAll users of gstreamer-plugins-good are advised to upgrade to these\nupdated packages, which contain a backported patch to correct these\nissues. After installing the update, all applications using GStreamer\nGood Plug-ins (such as some media playing applications) must be\nrestarted for the changes to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-June/001054.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gstreamer-plugins-good packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gstreamer-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gstreamer-plugins-good-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/06/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"gstreamer-plugins-good-0.10.9-1.el5_3.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"gstreamer-plugins-good-devel-0.10.9-1.el5_3.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gstreamer-plugins-good / gstreamer-plugins-good-devel\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:06:22", "description": "Specially crafted files could cause integer overflows in the PNG decoding module of GStreamer (CVE-2009-1932).", "cvss3": {"score": null, "vector": null}, "published": "2009-10-06T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : gstreamer010-plugins-good (gstreamer010-plugins-good-6295)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1932"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:gstreamer010-plugins-good", "p-cpe:/a:novell:opensuse:gstreamer010-plugins-good-extra", "cpe:/o:novell:opensuse:10.3"], "id": "SUSE_GSTREAMER010-PLUGINS-GOOD-6295.NASL", "href": "https://www.tenable.com/plugins/nessus/42004", "sourceData": "if (\n !defined_func(\"nasl_level\") ||\n nasl_level() < 61201 ||\n (nasl_level() >= 70000 && nasl_level() < 70105) ||\n (nasl_level() >= 70200 && nasl_level() < 70203) ||\n (nasl_level() >= 80000 && nasl_level() < 80502)\n ) exit(0);\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update gstreamer010-plugins-good-6295.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(42004);\n script_version (\"1.6\");\n script_cvs_date(\"Date: 2019/10/24 13:56:49\");\n\n script_cve_id(\"CVE-2009-1932\");\n\n script_name(english:\"openSUSE 10 Security Update : gstreamer010-plugins-good (gstreamer010-plugins-good-6295)\");\n script_summary(english:\"Check for the gstreamer010-plugins-good-6295 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted files could cause integer overflows in the PNG\ndecoding module of GStreamer (CVE-2009-1932).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gstreamer010-plugins-good packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer010-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer010-plugins-good-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"gstreamer010-plugins-good-0.10.6-41.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"gstreamer010-plugins-good-extra-0.10.6-41.6\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gstreamer010-plugins-good / gstreamer010-plugins-good-extra\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:06:51", "description": "Specially crafted files could cause integer overflows in the PNG decoding module of GStreamer. (CVE-2009-1932)", "cvss3": {"score": null, "vector": null}, "published": "2009-09-24T00:00:00", "type": "nessus", "title": "SuSE 11 Security Update : gstreamer (SAT Patch Number 984)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1932"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:gstreamer-0_10-plugins-good", "p-cpe:/a:novell:suse_linux:11:gstreamer-0_10-plugins-good-doc", "p-cpe:/a:novell:suse_linux:11:gstreamer-0_10-plugins-good-lang", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_GSTREAMER-0_10-PLUGINS-GOOD-090609.NASL", "href": "https://www.tenable.com/plugins/nessus/41401", "sourceData": "if (\n !defined_func(\"nasl_level\") ||\n nasl_level() < 61201 ||\n (nasl_level() >= 70000 && nasl_level() < 70105) ||\n (nasl_level() >= 70200 && nasl_level() < 70203) ||\n (nasl_level() >= 80000 && nasl_level() < 80502)\n ) exit(0);\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(41401);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/10/24 13:56:48\");\n\n script_cve_id(\"CVE-2009-1932\");\n\n script_name(english:\"SuSE 11 Security Update : gstreamer (SAT Patch Number 984)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted files could cause integer overflows in the PNG\ndecoding module of GStreamer. (CVE-2009-1932)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=510292\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1932.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 984.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:gstreamer-0_10-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:gstreamer-0_10-plugins-good-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:gstreamer-0_10-plugins-good-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"gstreamer-0_10-plugins-good-0.10.10-4.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"gstreamer-0_10-plugins-good-lang-0.10.10-4.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"gstreamer-0_10-plugins-good-0.10.10-4.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"gstreamer-0_10-plugins-good-lang-0.10.10-4.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"gstreamer-0_10-plugins-good-0.10.10-4.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"gstreamer-0_10-plugins-good-doc-0.10.10-4.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"gstreamer-0_10-plugins-good-lang-0.10.10-4.9.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:57:31", "description": "Multiple integer overflow flaws, that could lead to a buffer overflow, were found in the GStreamer Good Plug-ins PNG decoding handler. An attacker could create a specially crafted PNG file that would cause an application using the GStreamer Good Plug-ins library to crash or, potentially, execute arbitrary code as the user running the application when parsed. (CVE-2009-1932)\n\nAfter installing the update, all applications using GStreamer Good Plug-ins (such as some media playing applications) must be restarted for the changes to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : gstreamer-plugins-good on SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1932"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20090625_GSTREAMER_PLUGINS_GOOD_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60602", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60602);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1932\");\n\n script_name(english:\"Scientific Linux Security Update : gstreamer-plugins-good on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple integer overflow flaws, that could lead to a buffer overflow,\nwere found in the GStreamer Good Plug-ins PNG decoding handler. An\nattacker could create a specially crafted PNG file that would cause an\napplication using the GStreamer Good Plug-ins library to crash or,\npotentially, execute arbitrary code as the user running the\napplication when parsed. (CVE-2009-1932)\n\nAfter installing the update, all applications using GStreamer Good\nPlug-ins (such as some media playing applications) must be restarted\nfor the changes to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0906&L=scientific-linux-errata&T=0&P=2327\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?86833644\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected gstreamer-plugins-good and / or\ngstreamer-plugins-good-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"gstreamer-plugins-good-0.10.9-1.el5_3.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"gstreamer-plugins-good-devel-0.10.9-1.el5_3.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:07:31", "description": "Updated gstreamer-plugins-good packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nGStreamer is a streaming media framework, based on graphs of filters which operate on media data. GStreamer Good Plug-ins is a collection of well-supported, good quality GStreamer plug-ins.\n\nMultiple integer overflow flaws, that could lead to a buffer overflow, were found in the GStreamer Good Plug-ins PNG decoding handler. An attacker could create a specially crafted PNG file that would cause an application using the GStreamer Good Plug-ins library to crash or, potentially, execute arbitrary code as the user running the application when parsed. (CVE-2009-1932)\n\nAll users of gstreamer-plugins-good are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. After installing the update, all applications using GStreamer Good Plug-ins (such as some media playing applications) must be restarted for the changes to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2009-06-26T00:00:00", "type": "nessus", "title": "RHEL 5 : gstreamer-plugins-good (RHSA-2009:1123)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1932"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:gstreamer-plugins-good", "p-cpe:/a:redhat:enterprise_linux:gstreamer-plugins-good-devel", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.3"], "id": "REDHAT-RHSA-2009-1123.NASL", "href": "https://www.tenable.com/plugins/nessus/39526", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1123. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39526);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1932\");\n script_xref(name:\"RHSA\", value:\"2009:1123\");\n\n script_name(english:\"RHEL 5 : gstreamer-plugins-good (RHSA-2009:1123)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated gstreamer-plugins-good packages that fix multiple security\nissues are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nGStreamer is a streaming media framework, based on graphs of filters\nwhich operate on media data. GStreamer Good Plug-ins is a collection\nof well-supported, good quality GStreamer plug-ins.\n\nMultiple integer overflow flaws, that could lead to a buffer overflow,\nwere found in the GStreamer Good Plug-ins PNG decoding handler. An\nattacker could create a specially crafted PNG file that would cause an\napplication using the GStreamer Good Plug-ins library to crash or,\npotentially, execute arbitrary code as the user running the\napplication when parsed. (CVE-2009-1932)\n\nAll users of gstreamer-plugins-good are advised to upgrade to these\nupdated packages, which contain a backported patch to correct these\nissues. After installing the update, all applications using GStreamer\nGood Plug-ins (such as some media playing applications) must be\nrestarted for the changes to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1932\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1123\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected gstreamer-plugins-good and / or\ngstreamer-plugins-good-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gstreamer-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gstreamer-plugins-good-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/06/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1123\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"gstreamer-plugins-good-0.10.9-1.el5_3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"gstreamer-plugins-good-0.10.9-1.el5_3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"gstreamer-plugins-good-0.10.9-1.el5_3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"gstreamer-plugins-good-devel-0.10.9-1.el5_3.2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gstreamer-plugins-good / gstreamer-plugins-good-devel\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:07:19", "description": "The remote host is affected by the vulnerability described in GLSA-200907-11 (GStreamer plug-ins: User-assisted execution of arbitrary code)\n\n Multiple vulnerabilities have been reported in several GStreamer plug-ins:\n Tobias Klein reported two heap-based buffer overflows and an array index error in the qtdemux_parse_samples() function in gst-plugins-good when processing a QuickTime media .mov file (CVE-2009-0386, CVE-2009-0387, CVE-2009-0397).\n Thomas Hoger of the Red Hat Security Response Team reported an integer overflow that can lead to a heap-based buffer overflow in the gst_vorbis_tag_add_coverart() function in gst-plugins-base when processing COVERART tags (CVE-2009-0586).\n Tielei Wang of ICST-ERCIS, Peking University reported multiple integer overflows leading to buffer overflows in gst-plugins-libpng when processing a PNG file (CVE-2009-1932).\n Impact :\n\n A remote attacker could entice a user or automated system using a GStreamer plug-in to process a specially crafted file, resulting in the execution of arbitrary code or a Denial of Service.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2009-07-13T00:00:00", "type": "nessus", "title": "GLSA-200907-11 : GStreamer plug-ins: User-assisted execution of arbitrary code", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0386", "CVE-2009-0387", "CVE-2009-0397", "CVE-2009-0586", "CVE-2009-1932"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:gst-plugins-base", "p-cpe:/a:gentoo:linux:gst-plugins-good", "p-cpe:/a:gentoo:linux:gst-plugins-libpng", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200907-11.NASL", "href": "https://www.tenable.com/plugins/nessus/39782", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200907-11.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39782);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-0386\", \"CVE-2009-0387\", \"CVE-2009-0397\", \"CVE-2009-0586\", \"CVE-2009-1932\");\n script_bugtraq_id(33405, 34100);\n script_xref(name:\"GLSA\", value:\"200907-11\");\n\n script_name(english:\"GLSA-200907-11 : GStreamer plug-ins: User-assisted execution of arbitrary code\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200907-11\n(GStreamer plug-ins: User-assisted execution of arbitrary code)\n\n Multiple vulnerabilities have been reported in several GStreamer\n plug-ins:\n Tobias Klein reported two heap-based buffer overflows and an array\n index error in the qtdemux_parse_samples() function in gst-plugins-good\n when processing a QuickTime media .mov file (CVE-2009-0386,\n CVE-2009-0387, CVE-2009-0397).\n Thomas Hoger of the Red Hat Security Response Team reported an integer\n overflow that can lead to a heap-based buffer overflow in the\n gst_vorbis_tag_add_coverart() function in gst-plugins-base when\n processing COVERART tags (CVE-2009-0586).\n Tielei Wang of ICST-ERCIS, Peking University reported multiple integer\n overflows leading to buffer overflows in gst-plugins-libpng when\n processing a PNG file (CVE-2009-1932).\n \nImpact :\n\n A remote attacker could entice a user or automated system using a\n GStreamer plug-in to process a specially crafted file, resulting in the\n execution of arbitrary code or a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200907-11\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All gst-plugins-good users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/gst-plugins-good-0.10.14'\n All gst-plugins-base users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/gst-plugins-base-0.10.22'\n All gst-plugins-libpng users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-plugins/gst-plugins-libpng-0.10.14-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gst-plugins-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gst-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gst-plugins-libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-plugins/gst-plugins-libpng\", unaffected:make_list(\"ge 0.10.14-r1\"), vulnerable:make_list(\"lt 0.10.14-r1\"))) flag++;\nif (qpkg_check(package:\"media-libs/gst-plugins-base\", unaffected:make_list(\"ge 0.10.22\"), vulnerable:make_list(\"lt 0.10.22\"))) flag++;\nif (qpkg_check(package:\"media-libs/gst-plugins-good\", unaffected:make_list(\"ge 0.10.14\"), vulnerable:make_list(\"lt 0.10.14\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GStreamer plug-ins\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-24T12:56:58", "description": "The remote host is missing an update to gstreamer0.10-plugins-good\nannounced via advisory MDVSA-2009:130-1.", "cvss3": {}, "published": "2009-12-10T00:00:00", "type": "openvas", "title": "Mandriva Security Advisory MDVSA-2009:130-1 (gstreamer0.10-plugins-good)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1932"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:66393", "href": "http://plugins.openvas.org/nasl.php?oid=66393", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_130_1.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:130-1 (gstreamer0.10-plugins-good)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple integer overflows in the (1) user_info_callback,\n(2) user_endrow_callback, and (3) gst_pngdec_task functions\n(ext/libpng/gstpngdec.c) in GStreamer Good Plug-ins (aka\ngst-plugins-good or gstreamer-plugins-good) 0.10.15 allow remote\nattackers to cause a denial of service and possibly execute arbitrary\ncode via a crafted PNG file, which triggers a buffer overflow\n(CVE-2009-1932).\n\nUpdate:\n\nPackages for 2008.0 are being provided due to extended support for\nCorporate products.\n\nAffected: 2008.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:130-1\";\ntag_summary = \"The remote host is missing an update to gstreamer0.10-plugins-good\nannounced via advisory MDVSA-2009:130-1.\";\n\n \n\nif(description)\n{\n script_id(66393);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2009-1932\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:130-1 (gstreamer0.10-plugins-good)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-aalib\", rpm:\"gstreamer0.10-aalib~0.10.6~3.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-caca\", rpm:\"gstreamer0.10-caca~0.10.6~3.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-dv\", rpm:\"gstreamer0.10-dv~0.10.6~3.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-esound\", rpm:\"gstreamer0.10-esound~0.10.6~3.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-flac\", rpm:\"gstreamer0.10-flac~0.10.6~3.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-plugins-good\", rpm:\"gstreamer0.10-plugins-good~0.10.6~3.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-raw1394\", rpm:\"gstreamer0.10-raw1394~0.10.6~3.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-speex\", rpm:\"gstreamer0.10-speex~0.10.6~3.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-wavpack\", rpm:\"gstreamer0.10-wavpack~0.10.6~3.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:06", "description": "The remote host is missing an update to gst-plugins-good0.10\nannounced via advisory DSA 1839-1.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1839-1 (gst-plugins-good0.10)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1932"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064477", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064477", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1839_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1839-1 (gst-plugins-good0.10)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It has been discovered that gst-plugins-good0.10, the GStreamer plugins\nfrom the good set, are prone to an integer overflow, when processing\na large PNG file. This could lead to the execution of arbitrary code.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.10.8-4.1~lenny2.\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 0.10.4-4+etch1.\n\nPackages for the s390 and hppa architectures will be released once they\nare available.\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), this problem has been fixed in version 0.10.15-2.\n\nWe recommend that you upgrade your gst-plugins-good0.10 packages.\";\ntag_summary = \"The remote host is missing an update to gst-plugins-good0.10\nannounced via advisory DSA 1839-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201839-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64477\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2009-1932\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1839-1 (gst-plugins-good0.10)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"gstreamer0.10-plugins-good-doc\", ver:\"0.10.4-4+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gstreamer0.10-esd\", ver:\"0.10.4-4+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gstreamer0.10-plugins-good\", ver:\"0.10.4-4+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gstreamer0.10-plugins-good-dbg\", ver:\"0.10.4-4+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gstreamer0.10-plugins-good-doc\", ver:\"0.10.8-4.1~lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gstreamer0.10-plugins-good\", ver:\"0.10.8-4.1~lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gstreamer0.10-plugins-good-dbg\", ver:\"0.10.8-4.1~lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gstreamer0.10-esd\", ver:\"0.10.8-4.1~lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:52", "description": "The remote host is missing an update to gstreamer0.10-plugins-good\nannounced via advisory MDVSA-2009:130-1.", "cvss3": {}, "published": "2009-12-10T00:00:00", "type": "openvas", "title": "Mandriva Security Advisory MDVSA-2009:130-1 (gstreamer0.10-plugins-good)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1932"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066393", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066393", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_130_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:130-1 (gstreamer0.10-plugins-good)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple integer overflows in the (1) user_info_callback,\n(2) user_endrow_callback, and (3) gst_pngdec_task functions\n(ext/libpng/gstpngdec.c) in GStreamer Good Plug-ins (aka\ngst-plugins-good or gstreamer-plugins-good) 0.10.15 allow remote\nattackers to cause a denial of service and possibly execute arbitrary\ncode via a crafted PNG file, which triggers a buffer overflow\n(CVE-2009-1932).\n\nUpdate:\n\nPackages for 2008.0 are being provided due to extended support for\nCorporate products.\n\nAffected: 2008.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:130-1\";\ntag_summary = \"The remote host is missing an update to gstreamer0.10-plugins-good\nannounced via advisory MDVSA-2009:130-1.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66393\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2009-1932\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:130-1 (gstreamer0.10-plugins-good)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-aalib\", rpm:\"gstreamer0.10-aalib~0.10.6~3.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-caca\", rpm:\"gstreamer0.10-caca~0.10.6~3.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-dv\", rpm:\"gstreamer0.10-dv~0.10.6~3.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-esound\", rpm:\"gstreamer0.10-esound~0.10.6~3.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-flac\", rpm:\"gstreamer0.10-flac~0.10.6~3.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-plugins-good\", rpm:\"gstreamer0.10-plugins-good~0.10.6~3.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-raw1394\", rpm:\"gstreamer0.10-raw1394~0.10.6~3.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-speex\", rpm:\"gstreamer0.10-speex~0.10.6~3.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-wavpack\", rpm:\"gstreamer0.10-wavpack~0.10.6~3.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:19", "description": "The remote host is missing updates to gstreamer-plugins-good announced in\nadvisory CESA-2009:1123.", "cvss3": {}, "published": "2009-06-30T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1123 (gstreamer-plugins-good)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1932"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:64329", "href": "http://plugins.openvas.org/nasl.php?oid=64329", "sourceData": "#CESA-2009:1123 64329 2\n# $Id: ovcesa2009_1123.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1123 (gstreamer-plugins-good)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1123\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1123\nhttps://rhn.redhat.com/errata/RHSA-2009-1123.html\";\ntag_summary = \"The remote host is missing updates to gstreamer-plugins-good announced in\nadvisory CESA-2009:1123.\";\n\n\n\nif(description)\n{\n script_id(64329);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-30 00:29:55 +0200 (Tue, 30 Jun 2009)\");\n script_cve_id(\"CVE-2009-1932\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Security Advisory CESA-2009:1123 (gstreamer-plugins-good)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gstreamer-plugins-good\", rpm:\"gstreamer-plugins-good~0.10.9~1.el5_3.2\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer-plugins-good-devel\", rpm:\"gstreamer-plugins-good-devel~0.10.9~1.el5_3.2\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:37", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n gstreamer010-plugins-good\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for gstreamer", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1932"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65950", "href": "http://plugins.openvas.org/nasl.php?oid=65950", "sourceData": "#\n#VID slesp2-gstreamer010-plugins-good-6293\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for gstreamer\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n gstreamer010-plugins-good\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65950);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2009-1932\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES10: Security update for gstreamer\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gstreamer010-plugins-good\", rpm:\"gstreamer010-plugins-good~0.10.2~16.23\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:55", "description": "Check for the Version of gstreamer-plugins-good", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for gstreamer-plugins-good CESA-2009:1123 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1932"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880798", "href": "http://plugins.openvas.org/nasl.php?oid=880798", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for gstreamer-plugins-good CESA-2009:1123 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"GStreamer is a streaming media framework, based on graphs of filters which\n operate on media data. GStreamer Good Plug-ins is a collection of\n well-supported, good quality GStreamer plug-ins.\n\n Multiple integer overflow flaws, that could lead to a buffer overflow, were\n found in the GStreamer Good Plug-ins PNG decoding handler. An attacker\n could create a specially-crafted PNG file that would cause an application\n using the GStreamer Good Plug-ins library to crash or, potentially, execute\n arbitrary code as the user running the application when parsed.\n (CVE-2009-1932)\n \n All users of gstreamer-plugins-good are advised to upgrade to these updated\n packages, which contain a backported patch to correct these issues. After\n installing the update, all applications using GStreamer Good Plug-ins (such\n as some media playing applications) must be restarted for the changes to\n take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"gstreamer-plugins-good on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-June/016005.html\");\n script_id(880798);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2009:1123\");\n script_cve_id(\"CVE-2009-1932\");\n script_name(\"CentOS Update for gstreamer-plugins-good CESA-2009:1123 centos5 i386\");\n\n script_summary(\"Check for the Version of gstreamer-plugins-good\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"gstreamer-plugins-good\", rpm:\"gstreamer-plugins-good~0.10.9~1.el5_3.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gstreamer-plugins-good-devel\", rpm:\"gstreamer-plugins-good-devel~0.10.9~1.el5_3.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:43", "description": "The remote host is missing an update to gst-plugins-good0.10\nannounced via advisory DSA 1839-1.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1839-1 (gst-plugins-good0.10)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1932"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:64477", "href": "http://plugins.openvas.org/nasl.php?oid=64477", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1839_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1839-1 (gst-plugins-good0.10)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It has been discovered that gst-plugins-good0.10, the GStreamer plugins\nfrom the good set, are prone to an integer overflow, when processing\na large PNG file. This could lead to the execution of arbitrary code.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.10.8-4.1~lenny2.\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 0.10.4-4+etch1.\n\nPackages for the s390 and hppa architectures will be released once they\nare available.\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), this problem has been fixed in version 0.10.15-2.\n\nWe recommend that you upgrade your gst-plugins-good0.10 packages.\";\ntag_summary = \"The remote host is missing an update to gst-plugins-good0.10\nannounced via advisory DSA 1839-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201839-1\";\n\n\nif(description)\n{\n script_id(64477);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2009-1932\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1839-1 (gst-plugins-good0.10)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"gstreamer0.10-plugins-good-doc\", ver:\"0.10.4-4+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gstreamer0.10-esd\", ver:\"0.10.4-4+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gstreamer0.10-plugins-good\", ver:\"0.10.4-4+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gstreamer0.10-plugins-good-dbg\", ver:\"0.10.4-4+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gstreamer0.10-plugins-good-doc\", ver:\"0.10.8-4.1~lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gstreamer0.10-plugins-good\", ver:\"0.10.8-4.1~lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gstreamer0.10-plugins-good-dbg\", ver:\"0.10.8-4.1~lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gstreamer0.10-esd\", ver:\"0.10.8-4.1~lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:25", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for gstreamer-plugins-good CESA-2009:1123 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1932"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880798", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880798", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for gstreamer-plugins-good CESA-2009:1123 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-June/016005.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880798\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2009:1123\");\n script_cve_id(\"CVE-2009-1932\");\n script_name(\"CentOS Update for gstreamer-plugins-good CESA-2009:1123 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gstreamer-plugins-good'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"gstreamer-plugins-good on CentOS 5\");\n script_tag(name:\"insight\", value:\"GStreamer is a streaming media framework, based on graphs of filters which\n operate on media data. GStreamer Good Plug-ins is a collection of\n well-supported, good quality GStreamer plug-ins.\n\n Multiple integer overflow flaws, that could lead to a buffer overflow, were\n found in the GStreamer Good Plug-ins PNG decoding handler. An attacker\n could create a specially-crafted PNG file that would cause an application\n using the GStreamer Good Plug-ins library to crash or, potentially, execute\n arbitrary code as the user running the application when parsed.\n (CVE-2009-1932)\n\n All users of gstreamer-plugins-good are advised to upgrade to these updated\n packages, which contain a backported patch to correct these issues. After\n installing the update, all applications using GStreamer Good Plug-ins (such\n as some media playing applications) must be restarted for the changes to\n take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"gstreamer-plugins-good\", rpm:\"gstreamer-plugins-good~0.10.9~1.el5_3.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gstreamer-plugins-good-devel\", rpm:\"gstreamer-plugins-good-devel~0.10.9~1.el5_3.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:15", "description": "Oracle Linux Local Security Checks ELSA-2009-1123", "cvss3": {}, "published": "2015-10-08T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2009-1123", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1932"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122471", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122471", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2009-1123.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122471\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:46:05 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2009-1123\");\n script_tag(name:\"insight\", value:\"ELSA-2009-1123 - gstreamer-plugins-good security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2009-1123\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2009-1123.html\");\n script_cve_id(\"CVE-2009-1932\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"gstreamer-plugins-good\", rpm:\"gstreamer-plugins-good~0.10.9~1.el5_3.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"gstreamer-plugins-good-devel\", rpm:\"gstreamer-plugins-good-devel~0.10.9~1.el5_3.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-27T10:55:44", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1123.\n\nGStreamer is a streaming media framework, based on graphs of filters which\noperate on media data. GStreamer Good Plug-ins is a collection of\nwell-supported, good quality GStreamer plug-ins.\n\nMultiple integer overflow flaws, that could lead to a buffer overflow, were\nfound in the GStreamer Good Plug-ins PNG decoding handler. An attacker\ncould create a specially-crafted PNG file that would cause an application\nusing the GStreamer Good Plug-ins library to crash or, potentially, execute\narbitrary code as the user running the application when parsed.\n(CVE-2009-1932)\n\nAll users of gstreamer-plugins-good are advised to upgrade to these updated\npackages, which contain a backported patch to correct these issues. After\ninstalling the update, all applications using GStreamer Good Plug-ins (such\nas some media playing applications) must be restarted for the changes to\ntake effect.", "cvss3": {}, "published": "2009-06-30T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1123", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1932"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:64276", "href": "http://plugins.openvas.org/nasl.php?oid=64276", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1123.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1123 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1123.\n\nGStreamer is a streaming media framework, based on graphs of filters which\noperate on media data. GStreamer Good Plug-ins is a collection of\nwell-supported, good quality GStreamer plug-ins.\n\nMultiple integer overflow flaws, that could lead to a buffer overflow, were\nfound in the GStreamer Good Plug-ins PNG decoding handler. An attacker\ncould create a specially-crafted PNG file that would cause an application\nusing the GStreamer Good Plug-ins library to crash or, potentially, execute\narbitrary code as the user running the application when parsed.\n(CVE-2009-1932)\n\nAll users of gstreamer-plugins-good are advised to upgrade to these updated\npackages, which contain a backported patch to correct these issues. After\ninstalling the update, all applications using GStreamer Good Plug-ins (such\nas some media playing applications) must be restarted for the changes to\ntake effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(64276);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-30 00:29:55 +0200 (Tue, 30 Jun 2009)\");\n script_cve_id(\"CVE-2009-1932\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Security Advisory RHSA-2009:1123\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1123.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#moderate\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gstreamer-plugins-good\", rpm:\"gstreamer-plugins-good~0.10.9~1.el5_3.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer-plugins-good-debuginfo\", rpm:\"gstreamer-plugins-good-debuginfo~0.10.9~1.el5_3.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer-plugins-good-devel\", rpm:\"gstreamer-plugins-good-devel~0.10.9~1.el5_3.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:19", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n gstreamer-0_10-plugins-good\n gstreamer-0_10-plugins-good-doc\n gstreamer-0_10-plugins-good-lang\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-11T00:00:00", "type": "openvas", "title": "SLES11: Security update for gstreamer", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1932"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065684", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065684", "sourceData": "#\n#VID e3f7d863f6867202ad78ce023a8c99e9\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for gstreamer\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n gstreamer-0_10-plugins-good\n gstreamer-0_10-plugins-good-doc\n gstreamer-0_10-plugins-good-lang\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=510292\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.65684\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-11 22:58:51 +0200 (Sun, 11 Oct 2009)\");\n script_cve_id(\"CVE-2009-1932\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES11: Security update for gstreamer\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gstreamer-0_10-plugins-good\", rpm:\"gstreamer-0_10-plugins-good~0.10.10~4.9.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer-0_10-plugins-good-doc\", rpm:\"gstreamer-0_10-plugins-good-doc~0.10.10~4.9.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer-0_10-plugins-good-lang\", rpm:\"gstreamer-0_10-plugins-good-lang~0.10.10~4.9.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:27", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n gstreamer010-plugins-good\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for gstreamer", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1932"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065950", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065950", "sourceData": "#\n#VID slesp2-gstreamer010-plugins-good-6293\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for gstreamer\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n gstreamer010-plugins-good\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65950\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2009-1932\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES10: Security update for gstreamer\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gstreamer010-plugins-good\", rpm:\"gstreamer010-plugins-good~0.10.2~16.23\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:37:20", "description": "The remote host is missing an update to gstreamer0.10-plugins-good\nannounced via advisory MDVSA-2009:130.", "cvss3": {}, "published": "2009-06-09T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:130 (gstreamer0.10-plugins-good)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1932"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064181", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064181", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_130.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:130 (gstreamer0.10-plugins-good)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple integer overflows in the (1) user_info_callback,\n(2) user_endrow_callback, and (3) gst_pngdec_task functions\n(ext/libpng/gstpngdec.c) in GStreamer Good Plug-ins (aka\ngst-plugins-good or gstreamer-plugins-good) 0.10.15 allow remote\nattackers to cause a denial of service and possibly execute arbitrary\ncode via a crafted PNG file, which triggers a buffer overflow\n(CVE-2009-1932).\n\nAffected: 2008.1, 2009.0, 2009.1\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:130\";\ntag_summary = \"The remote host is missing an update to gstreamer0.10-plugins-good\nannounced via advisory MDVSA-2009:130.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64181\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-09 19:38:29 +0200 (Tue, 09 Jun 2009)\");\n script_cve_id(\"CVE-2009-1932\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:130 (gstreamer0.10-plugins-good)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-aalib\", rpm:\"gstreamer0.10-aalib~0.10.7~3.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-caca\", rpm:\"gstreamer0.10-caca~0.10.7~3.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-dv\", rpm:\"gstreamer0.10-dv~0.10.7~3.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-esound\", rpm:\"gstreamer0.10-esound~0.10.7~3.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-flac\", rpm:\"gstreamer0.10-flac~0.10.7~3.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-plugins-good\", rpm:\"gstreamer0.10-plugins-good~0.10.7~3.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-raw1394\", rpm:\"gstreamer0.10-raw1394~0.10.7~3.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-speex\", rpm:\"gstreamer0.10-speex~0.10.7~3.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-wavpack\", rpm:\"gstreamer0.10-wavpack~0.10.7~3.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-aalib\", rpm:\"gstreamer0.10-aalib~0.10.10~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-caca\", rpm:\"gstreamer0.10-caca~0.10.10~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-dv\", rpm:\"gstreamer0.10-dv~0.10.10~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-esound\", rpm:\"gstreamer0.10-esound~0.10.10~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-flac\", rpm:\"gstreamer0.10-flac~0.10.10~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-plugins-good\", rpm:\"gstreamer0.10-plugins-good~0.10.10~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-pulse\", rpm:\"gstreamer0.10-pulse~0.10.10~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-raw1394\", rpm:\"gstreamer0.10-raw1394~0.10.10~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-soup\", rpm:\"gstreamer0.10-soup~0.10.10~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-speex\", rpm:\"gstreamer0.10-speex~0.10.10~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-wavpack\", rpm:\"gstreamer0.10-wavpack~0.10.10~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-aalib\", rpm:\"gstreamer0.10-aalib~0.10.14~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-caca\", rpm:\"gstreamer0.10-caca~0.10.14~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-dv\", rpm:\"gstreamer0.10-dv~0.10.14~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-esound\", rpm:\"gstreamer0.10-esound~0.10.14~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-flac\", rpm:\"gstreamer0.10-flac~0.10.14~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-plugins-good\", rpm:\"gstreamer0.10-plugins-good~0.10.14~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-pulse\", rpm:\"gstreamer0.10-pulse~0.10.14~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-raw1394\", rpm:\"gstreamer0.10-raw1394~0.10.14~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-soup\", rpm:\"gstreamer0.10-soup~0.10.14~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-speex\", rpm:\"gstreamer0.10-speex~0.10.14~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-wavpack\", rpm:\"gstreamer0.10-wavpack~0.10.14~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:37:32", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1123.\n\nGStreamer is a streaming media framework, based on graphs of filters which\noperate on media data. GStreamer Good Plug-ins is a collection of\nwell-supported, good quality GStreamer plug-ins.\n\nMultiple integer overflow flaws, that could lead to a buffer overflow, were\nfound in the GStreamer Good Plug-ins PNG decoding handler. An attacker\ncould create a specially-crafted PNG file that would cause an application\nusing the GStreamer Good Plug-ins library to crash or, potentially, execute\narbitrary code as the user running the application when parsed.\n(CVE-2009-1932)\n\nAll users of gstreamer-plugins-good are advised to upgrade to these updated\npackages, which contain a backported patch to correct these issues. After\ninstalling the update, all applications using GStreamer Good Plug-ins (such\nas some media playing applications) must be restarted for the changes to\ntake effect.", "cvss3": {}, "published": "2009-06-30T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1123", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1932"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064276", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064276", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1123.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1123 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1123.\n\nGStreamer is a streaming media framework, based on graphs of filters which\noperate on media data. GStreamer Good Plug-ins is a collection of\nwell-supported, good quality GStreamer plug-ins.\n\nMultiple integer overflow flaws, that could lead to a buffer overflow, were\nfound in the GStreamer Good Plug-ins PNG decoding handler. An attacker\ncould create a specially-crafted PNG file that would cause an application\nusing the GStreamer Good Plug-ins library to crash or, potentially, execute\narbitrary code as the user running the application when parsed.\n(CVE-2009-1932)\n\nAll users of gstreamer-plugins-good are advised to upgrade to these updated\npackages, which contain a backported patch to correct these issues. After\ninstalling the update, all applications using GStreamer Good Plug-ins (such\nas some media playing applications) must be restarted for the changes to\ntake effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64276\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-30 00:29:55 +0200 (Tue, 30 Jun 2009)\");\n script_cve_id(\"CVE-2009-1932\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Security Advisory RHSA-2009:1123\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1123.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#moderate\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gstreamer-plugins-good\", rpm:\"gstreamer-plugins-good~0.10.9~1.el5_3.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer-plugins-good-debuginfo\", rpm:\"gstreamer-plugins-good-debuginfo~0.10.9~1.el5_3.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer-plugins-good-devel\", rpm:\"gstreamer-plugins-good-devel~0.10.9~1.el5_3.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:04", "description": "The remote host is missing an update to gstreamer0.10-plugins-good\nannounced via advisory MDVSA-2009:130.", "cvss3": {}, "published": "2009-06-09T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:130 (gstreamer0.10-plugins-good)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1932"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:64181", "href": "http://plugins.openvas.org/nasl.php?oid=64181", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_130.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:130 (gstreamer0.10-plugins-good)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple integer overflows in the (1) user_info_callback,\n(2) user_endrow_callback, and (3) gst_pngdec_task functions\n(ext/libpng/gstpngdec.c) in GStreamer Good Plug-ins (aka\ngst-plugins-good or gstreamer-plugins-good) 0.10.15 allow remote\nattackers to cause a denial of service and possibly execute arbitrary\ncode via a crafted PNG file, which triggers a buffer overflow\n(CVE-2009-1932).\n\nAffected: 2008.1, 2009.0, 2009.1\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:130\";\ntag_summary = \"The remote host is missing an update to gstreamer0.10-plugins-good\nannounced via advisory MDVSA-2009:130.\";\n\n \n\nif(description)\n{\n script_id(64181);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-09 19:38:29 +0200 (Tue, 09 Jun 2009)\");\n script_cve_id(\"CVE-2009-1932\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:130 (gstreamer0.10-plugins-good)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-aalib\", rpm:\"gstreamer0.10-aalib~0.10.7~3.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-caca\", rpm:\"gstreamer0.10-caca~0.10.7~3.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-dv\", rpm:\"gstreamer0.10-dv~0.10.7~3.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-esound\", rpm:\"gstreamer0.10-esound~0.10.7~3.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-flac\", rpm:\"gstreamer0.10-flac~0.10.7~3.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-plugins-good\", rpm:\"gstreamer0.10-plugins-good~0.10.7~3.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-raw1394\", rpm:\"gstreamer0.10-raw1394~0.10.7~3.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-speex\", rpm:\"gstreamer0.10-speex~0.10.7~3.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-wavpack\", rpm:\"gstreamer0.10-wavpack~0.10.7~3.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-aalib\", rpm:\"gstreamer0.10-aalib~0.10.10~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-caca\", rpm:\"gstreamer0.10-caca~0.10.10~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-dv\", rpm:\"gstreamer0.10-dv~0.10.10~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-esound\", rpm:\"gstreamer0.10-esound~0.10.10~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-flac\", rpm:\"gstreamer0.10-flac~0.10.10~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-plugins-good\", rpm:\"gstreamer0.10-plugins-good~0.10.10~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-pulse\", rpm:\"gstreamer0.10-pulse~0.10.10~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-raw1394\", rpm:\"gstreamer0.10-raw1394~0.10.10~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-soup\", rpm:\"gstreamer0.10-soup~0.10.10~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-speex\", rpm:\"gstreamer0.10-speex~0.10.10~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-wavpack\", rpm:\"gstreamer0.10-wavpack~0.10.10~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-aalib\", rpm:\"gstreamer0.10-aalib~0.10.14~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-caca\", rpm:\"gstreamer0.10-caca~0.10.14~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-dv\", rpm:\"gstreamer0.10-dv~0.10.14~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-esound\", rpm:\"gstreamer0.10-esound~0.10.14~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-flac\", rpm:\"gstreamer0.10-flac~0.10.14~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-plugins-good\", rpm:\"gstreamer0.10-plugins-good~0.10.14~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-pulse\", rpm:\"gstreamer0.10-pulse~0.10.14~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-raw1394\", rpm:\"gstreamer0.10-raw1394~0.10.14~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-soup\", rpm:\"gstreamer0.10-soup~0.10.14~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-speex\", rpm:\"gstreamer0.10-speex~0.10.14~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer0.10-wavpack\", rpm:\"gstreamer0.10-wavpack~0.10.14~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:54", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n gstreamer-0_10-plugins-good\n gstreamer-0_10-plugins-good-doc\n gstreamer-0_10-plugins-good-lang\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-11T00:00:00", "type": "openvas", "title": "SLES11: Security update for gstreamer", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1932"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65684", "href": "http://plugins.openvas.org/nasl.php?oid=65684", "sourceData": "#\n#VID e3f7d863f6867202ad78ce023a8c99e9\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for gstreamer\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n gstreamer-0_10-plugins-good\n gstreamer-0_10-plugins-good-doc\n gstreamer-0_10-plugins-good-lang\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=510292\");\n script_id(65684);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-11 22:58:51 +0200 (Sun, 11 Oct 2009)\");\n script_cve_id(\"CVE-2009-1932\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES11: Security update for gstreamer\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gstreamer-0_10-plugins-good\", rpm:\"gstreamer-0_10-plugins-good~0.10.10~4.9.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer-0_10-plugins-good-doc\", rpm:\"gstreamer-0_10-plugins-good-doc~0.10.10~4.9.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer-0_10-plugins-good-lang\", rpm:\"gstreamer-0_10-plugins-good-lang~0.10.10~4.9.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:02", "description": "The remote host is missing updates to gstreamer-plugins-good announced in\nadvisory CESA-2009:1123.", "cvss3": {}, "published": "2009-06-30T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1123 (gstreamer-plugins-good)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1932"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064329", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064329", "sourceData": "#CESA-2009:1123 64329 2\n# $Id: ovcesa2009_1123.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1123 (gstreamer-plugins-good)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1123\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1123\nhttps://rhn.redhat.com/errata/RHSA-2009-1123.html\";\ntag_summary = \"The remote host is missing updates to gstreamer-plugins-good announced in\nadvisory CESA-2009:1123.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64329\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-30 00:29:55 +0200 (Tue, 30 Jun 2009)\");\n script_cve_id(\"CVE-2009-1932\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Security Advisory CESA-2009:1123 (gstreamer-plugins-good)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gstreamer-plugins-good\", rpm:\"gstreamer-plugins-good~0.10.9~1.el5_3.2\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gstreamer-plugins-good-devel\", rpm:\"gstreamer-plugins-good-devel~0.10.9~1.el5_3.2\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:11", "description": "The remote host is missing updates announced in\nadvisory GLSA 200907-11.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200907-11 (gst-plugins-good gst-plugins-base gst-plugins-libpng)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1932", "CVE-2009-0586", "CVE-2009-0397", "CVE-2009-0386", "CVE-2009-0387"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064433", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064433", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities in multiple GStreamer plug-ins might allow for the\nexecution of arbitrary code.\";\ntag_solution = \"All gst-plugins-good users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/gst-plugins-good-0.10.14'\n\nAll gst-plugins-base users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/gst-plugins-base-0.10.22'\n\nAll gst-plugins-libpng users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-plugins/gst-plugins-libpng-0.10.14-r1'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200907-11\nhttp://bugs.gentoo.org/show_bug.cgi?id=256096\nhttp://bugs.gentoo.org/show_bug.cgi?id=261594\nhttp://bugs.gentoo.org/show_bug.cgi?id=272972\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200907-11.\";\n\n \n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64433\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2009-0386\", \"CVE-2009-0387\", \"CVE-2009-0397\", \"CVE-2009-0586\", \"CVE-2009-1932\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200907-11 (gst-plugins-good gst-plugins-base gst-plugins-libpng)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-libs/gst-plugins-good\", unaffected: make_list(\"ge 0.10.14\"), vulnerable: make_list(\"lt 0.10.14\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"media-libs/gst-plugins-base\", unaffected: make_list(\"ge 0.10.22\"), vulnerable: make_list(\"lt 0.10.22\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"media-plugins/gst-plugins-libpng\", unaffected: make_list(\"ge 0.10.14-r1\"), vulnerable: make_list(\"lt 0.10.14-r1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:23", "description": "The remote host is missing updates announced in\nadvisory GLSA 200907-11.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200907-11 (gst-plugins-good gst-plugins-base gst-plugins-libpng)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1932", "CVE-2009-0586", "CVE-2009-0397", "CVE-2009-0386", "CVE-2009-0387"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:64433", "href": "http://plugins.openvas.org/nasl.php?oid=64433", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities in multiple GStreamer plug-ins might allow for the\nexecution of arbitrary code.\";\ntag_solution = \"All gst-plugins-good users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/gst-plugins-good-0.10.14'\n\nAll gst-plugins-base users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/gst-plugins-base-0.10.22'\n\nAll gst-plugins-libpng users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-plugins/gst-plugins-libpng-0.10.14-r1'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200907-11\nhttp://bugs.gentoo.org/show_bug.cgi?id=256096\nhttp://bugs.gentoo.org/show_bug.cgi?id=261594\nhttp://bugs.gentoo.org/show_bug.cgi?id=272972\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200907-11.\";\n\n \n \n\nif(description)\n{\n script_id(64433);\n script_version(\"$Revision: 6595 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:19:55 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2009-0386\", \"CVE-2009-0387\", \"CVE-2009-0397\", \"CVE-2009-0586\", \"CVE-2009-1932\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200907-11 (gst-plugins-good gst-plugins-base gst-plugins-libpng)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-libs/gst-plugins-good\", unaffected: make_list(\"ge 0.10.14\"), vulnerable: make_list(\"lt 0.10.14\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"media-libs/gst-plugins-base\", unaffected: make_list(\"ge 0.10.22\"), vulnerable: make_list(\"lt 0.10.22\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"media-plugins/gst-plugins-libpng\", unaffected: make_list(\"ge 0.10.14-r1\"), vulnerable: make_list(\"lt 0.10.14-r1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:28:48", "description": "The remote host is missing an update to gst-plugins-good0.10\nannounced via advisory USN-789-1.", "cvss3": {}, "published": "2009-06-30T00:00:00", "type": "openvas", "title": "Ubuntu USN-789-1 (gst-plugins-good0.10)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1202", "CVE-2009-1932", "CVE-2009-0033", "CVE-2009-2045", "CVE-2009-2046", "CVE-2009-0580", "CVE-2009-0781", "CVE-2008-5515", "CVE-2009-1163", "CVE-2009-1760", "CVE-2009-0688", "CVE-2009-0783", "CVE-2009-1203", "CVE-2009-1201", "CVE-2009-1440"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:64318", "href": "http://plugins.openvas.org/nasl.php?oid=64318", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_789_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_789_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-789-1 (gst-plugins-good0.10)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 6.06 LTS:\n gstreamer0.10-plugins-good 0.10.3-0ubuntu4.2\n\nUbuntu 8.04 LTS:\n gstreamer0.10-plugins-good 0.10.7-3ubuntu0.3\n\nUbuntu 8.10:\n gstreamer0.10-plugins-good 0.10.10.4-1ubuntu1.2\n\nUbuntu 9.04:\n gstreamer0.10-plugins-good 0.10.14-1ubuntu0.1\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-789-1\";\n\ntag_insight = \"Tielei Wang discovered that GStreamer Good Plugins did not correctly handle\nmalformed PNG image files. If a user were tricked into opening a crafted\nPNG image file with a GStreamer application, an attacker could cause a\ndenial of service via application crash, or possibly execute arbitrary code\nwith the privileges of the user invoking the program.\";\ntag_summary = \"The remote host is missing an update to gst-plugins-good0.10\nannounced via advisory USN-789-1.\";\n\n \n\n\nif(description)\n{\n script_id(64318);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-30 00:29:55 +0200 (Tue, 30 Jun 2009)\");\n script_cve_id(\"CVE-2009-1932\", \"CVE-2008-5515\", \"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2009-0781\", \"CVE-2009-0783\", \"CVE-2009-1440\", \"CVE-2009-1201\", \"CVE-2009-1202\", \"CVE-2009-1203\", \"CVE-2009-1760\", \"CVE-2009-1163\", \"CVE-2009-2045\", \"CVE-2009-2046\", \"CVE-2009-0688\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"Ubuntu USN-789-1 (gst-plugins-good0.10)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-789-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"gstreamer0.10-plugins-good-doc\", ver:\"0.10.3-0ubuntu4.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gstreamer0.10-esd\", ver:\"0.10.3-0ubuntu4.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gstreamer0.10-plugins-good-dbg\", ver:\"0.10.3-0ubuntu4.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gstreamer0.10-plugins-good\", ver:\"0.10.3-0ubuntu4.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gstreamer0.10-plugins-good-doc\", ver:\"0.10.7-3ubuntu0.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gstreamer0.10-esd\", ver:\"0.10.7-3ubuntu0.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gstreamer0.10-plugins-good-dbg\", ver:\"0.10.7-3ubuntu0.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gstreamer0.10-plugins-good\", ver:\"0.10.7-3ubuntu0.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gstreamer0.10-plugins-good-doc\", ver:\"0.10.10.4-1ubuntu1.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gstreamer0.10-esd\", ver:\"0.10.10.4-1ubuntu1.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gstreamer0.10-plugins-good-dbg\", ver:\"0.10.10.4-1ubuntu1.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gstreamer0.10-plugins-good\", ver:\"0.10.10.4-1ubuntu1.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gstreamer0.10-pulseaudio\", ver:\"0.10.10.4-1ubuntu1.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gstreamer0.10-plugins-good-doc\", ver:\"0.10.14-1ubuntu0.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gstreamer0.10-esd\", ver:\"0.10.14-1ubuntu0.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gstreamer0.10-plugins-good-dbg\", ver:\"0.10.14-1ubuntu0.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gstreamer0.10-plugins-good\", ver:\"0.10.14-1ubuntu0.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gstreamer0.10-pulseaudio\", ver:\"0.10.14-1ubuntu0.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"amule-common\", ver:\"2.2.1-1+lenny2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"amule-utils\", ver:\"2.2.1-1+lenny2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"amule-utils-gui\", ver:\"2.2.1-1+lenny2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"amule-daemon\", ver:\"2.2.1-1+lenny2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"amule\", ver:\"2.2.1-1+lenny2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mahara\", ver:\"1.0.4-4+lenny3\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mahara-apache2\", ver:\"1.0.4-4+lenny3\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsasl2-dev\", ver:\"2.1.19.dfsg1-0.1ubuntu3.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsasl2-modules-sql\", ver:\"2.1.19.dfsg1-0.1ubuntu3.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsasl2-modules\", ver:\"2.1.19.dfsg1-0.1ubuntu3.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsasl2\", ver:\"2.1.19.dfsg1-0.1ubuntu3.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"sasl2-bin\", ver:\"2.1.19.dfsg1-0.1ubuntu3.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsasl2-modules-gssapi-heimdal\", ver:\"2.1.19.dfsg1-0.1ubuntu3.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cyrus-sasl2-doc\", ver:\"2.1.22.dfsg1-18ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsasl2\", ver:\"2.1.22.dfsg1-18ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cyrus-sasl2-dbg\", ver:\"2.1.22.dfsg1-18ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsasl2-2\", ver:\"2.1.22.dfsg1-18ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsasl2-dev\", ver:\"2.1.22.dfsg1-18ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsasl2-modules-sql\", ver:\"2.1.22.dfsg1-18ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsasl2-modules\", ver:\"2.1.22.dfsg1-18ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"sasl2-bin\", ver:\"2.1.22.dfsg1-18ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsasl2-modules-gssapi-mit\", ver:\"2.1.22.dfsg1-18ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsasl2-modules-ldap\", ver:\"2.1.22.dfsg1-18ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsasl2-modules-otp\", ver:\"2.1.22.dfsg1-18ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cyrus-sasl2-doc\", ver:\"2.1.22.dfsg1-21ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cyrus-sasl2-dbg\", ver:\"2.1.22.dfsg1-21ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsasl2-2\", ver:\"2.1.22.dfsg1-21ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsasl2-dev\", ver:\"2.1.22.dfsg1-21ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsasl2-modules-sql\", ver:\"2.1.22.dfsg1-21ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsasl2-modules\", ver:\"2.1.22.dfsg1-21ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"sasl2-bin\", ver:\"2.1.22.dfsg1-21ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsasl2-modules-gssapi-mit\", ver:\"2.1.22.dfsg1-21ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsasl2-modules-ldap\", ver:\"2.1.22.dfsg1-21ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsasl2-modules-otp\", ver:\"2.1.22.dfsg1-21ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cyrus-sasl2-doc\", ver:\"2.1.22.dfsg1-23ubuntu3.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cyrus-sasl2-dbg\", ver:\"2.1.22.dfsg1-23ubuntu3.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsasl2-2\", ver:\"2.1.22.dfsg1-23ubuntu3.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsasl2-dev\", ver:\"2.1.22.dfsg1-23ubuntu3.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsasl2-modules-sql\", ver:\"2.1.22.dfsg1-23ubuntu3.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsasl2-modules\", ver:\"2.1.22.dfsg1-23ubuntu3.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"sasl2-bin\", ver:\"2.1.22.dfsg1-23ubuntu3.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsasl2-modules-gssapi-mit\", ver:\"2.1.22.dfsg1-23ubuntu3.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsasl2-modules-ldap\", ver:\"2.1.22.dfsg1-23ubuntu3.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsasl2-modules-otp\", ver:\"2.1.22.dfsg1-23ubuntu3.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:13", "description": "[0.10.9-1.el5.2]\n- CVE-2009-1932: Integer overflow in PNG decoder. ", "cvss3": {}, "published": "2009-06-25T00:00:00", "type": "oraclelinux", "title": "gstreamer-plugins-good security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2009-1932"], "modified": "2009-06-25T00:00:00", "id": "ELSA-2009-1123", "href": "http://linux.oracle.com/errata/ELSA-2009-1123.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:33", "bulletinFamily": "software", "cvelist": ["CVE-2009-1932"], "description": "Crash on malformed PNG image.", "edition": 1, "modified": "2009-06-06T00:00:00", "published": "2009-06-06T00:00:00", "id": "SECURITYVULNS:VULN:9967", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9967", "title": "GStreamer Good Plug-ins DoS", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:30", "bulletinFamily": "software", "cvelist": ["CVE-2009-1932"], "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2009:130\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : gstreamer0.10-plugins-good\r\n Date : June 5, 2009\r\n Affected: 2008.1, 2009.0, 2009.1\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Multiple integer overflows in the &#40;1&#41; user_info_callback,\r\n &#40;2&#41; user_endrow_callback, and &#40;3&#41; gst_pngdec_task functions\r\n &#40;ext/libpng/gstpngdec.c&#41; in GStreamer Good Plug-ins &#40;aka\r\n gst-plugins-good or gstreamer-plugins-good&#41; 0.10.15 allow remote\r\n attackers to cause a denial of service and possibly execute arbitrary\r\n code via a crafted PNG file, which triggers a buffer overflow\r\n &#40;CVE-2009-1932&#41;.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1932\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2008.1:\r\n 32b4c3a6282627f92f51a7d2d46ff77e 2008.1/i586/gstreamer0.10-aalib-0.10.7-3.3mdv2008.1.i586.rpm\r\n c795af9934302427b9eff941f8202a21 2008.1/i586/gstreamer0.10-caca-0.10.7-3.3mdv2008.1.i586.rpm\r\n 2f6ee0c43cceb1b6a45c397230b2007d 2008.1/i586/gstreamer0.10-dv-0.10.7-3.3mdv2008.1.i586.rpm\r\n 66e9ffff70400e28a06b9acad18e9460 2008.1/i586/gstreamer0.10-esound-0.10.7-3.3mdv2008.1.i586.rpm\r\n 7f519c98463940c13d950f2c19bc91b3 2008.1/i586/gstreamer0.10-flac-0.10.7-3.3mdv2008.1.i586.rpm\r\n 88d2eec0febfa0fe536d43fcc0f06281 \r\n2008.1/i586/gstreamer0.10-plugins-good-0.10.7-3.3mdv2008.1.i586.rpm\r\n e642a9932760431f65d6e2ec91aebe2f 2008.1/i586/gstreamer0.10-raw1394-0.10.7-3.3mdv2008.1.i586.rpm\r\n 16d3b8e3d5f5e79dbf975b7755d481d6 2008.1/i586/gstreamer0.10-speex-0.10.7-3.3mdv2008.1.i586.rpm\r\n a35c2dacfc21179a7ce1ad2ddbde58b5 \r\n2008.1/i586/gstreamer0.10-wavpack-0.10.7-3.3mdv2008.1.i586.rpm \r\n 7f89efbf201445b95c6d1f8e48cdbcf5 \r\n2008.1/SRPMS/gstreamer0.10-plugins-good-0.10.7-3.3mdv2008.1.src.rpm\r\n\r\n Mandriva Linux 2008.1/X86_64:\r\n 47251e20c751b5cac7c878577fd32cbb \r\n2008.1/x86_64/gstreamer0.10-aalib-0.10.7-3.3mdv2008.1.x86_64.rpm\r\n 41ad7308ecfdd545d1eeb625f9be26f0 \r\n2008.1/x86_64/gstreamer0.10-caca-0.10.7-3.3mdv2008.1.x86_64.rpm\r\n c38747918e25383cf266575007b70bbc 2008.1/x86_64/gstreamer0.10-dv-0.10.7-3.3mdv2008.1.x86_64.rpm\r\n 3b43f5f0c6d7472bdd2d3a230ec4a5aa \r\n2008.1/x86_64/gstreamer0.10-esound-0.10.7-3.3mdv2008.1.x86_64.rpm\r\n e5eb3c018bfaf8db6f98787f919e7213 \r\n2008.1/x86_64/gstreamer0.10-flac-0.10.7-3.3mdv2008.1.x86_64.rpm\r\n faf028bd1201249fef3b051451ee0a67 \r\n2008.1/x86_64/gstreamer0.10-plugins-good-0.10.7-3.3mdv2008.1.x86_64.rpm\r\n 21dadd252d853fba7fc0c711c8afd00f \r\n2008.1/x86_64/gstreamer0.10-raw1394-0.10.7-3.3mdv2008.1.x86_64.rpm\r\n 874657a9c5ae3d65a010c887462cf832 \r\n2008.1/x86_64/gstreamer0.10-speex-0.10.7-3.3mdv2008.1.x86_64.rpm\r\n decd0fa087bdec088152dd61974d71b1 \r\n2008.1/x86_64/gstreamer0.10-wavpack-0.10.7-3.3mdv2008.1.x86_64.rpm \r\n 7f89efbf201445b95c6d1f8e48cdbcf5 \r\n2008.1/SRPMS/gstreamer0.10-plugins-good-0.10.7-3.3mdv2008.1.src.rpm\r\n\r\n Mandriva Linux 2009.0:\r\n de338a01c224c0b9231d8f0e3434d653 2009.0/i586/gstreamer0.10-aalib-0.10.10-2.2mdv2009.0.i586.rpm\r\n a96a976b99688e00563e2e239f061576 2009.0/i586/gstreamer0.10-caca-0.10.10-2.2mdv2009.0.i586.rpm\r\n 3864fd359d74953b036a1bdf2a442bbe 2009.0/i586/gstreamer0.10-dv-0.10.10-2.2mdv2009.0.i586.rpm\r\n 9bc82a78ece0447e05a6538cc307b3cc 2009.0/i586/gstreamer0.10-esound-0.10.10-2.2mdv2009.0.i586.rpm\r\n 40de2ef276852777418f79f97de4015d 2009.0/i586/gstreamer0.10-flac-0.10.10-2.2mdv2009.0.i586.rpm\r\n e1e9be54e2de0341f427542370453873 \r\n2009.0/i586/gstreamer0.10-plugins-good-0.10.10-2.2mdv2009.0.i586.rpm\r\n 5e81527fee1fbe434934160101bad731 2009.0/i586/gstreamer0.10-pulse-0.10.10-2.2mdv2009.0.i586.rpm\r\n 4bb8e5964cdf388f30125e1799c041d9 \r\n2009.0/i586/gstreamer0.10-raw1394-0.10.10-2.2mdv2009.0.i586.rpm\r\n 5e8ecd8f2cd60980a9d1777af765ccb2 2009.0/i586/gstreamer0.10-soup-0.10.10-2.2mdv2009.0.i586.rpm\r\n 92926886890bb3c129d1358699369e07 2009.0/i586/gstreamer0.10-speex-0.10.10-2.2mdv2009.0.i586.rpm\r\n e0af5cebef95297da35dbe644d5bd07e \r\n2009.0/i586/gstreamer0.10-wavpack-0.10.10-2.2mdv2009.0.i586.rpm \r\n b52464a5db2a376c7ffe9b4ae0d73cba \r\n2009.0/SRPMS/gstreamer0.10-plugins-good-0.10.10-2.2mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.0/X86_64:\r\n b5caab29e29b756fefbb4c74e383ec00 \r\n2009.0/x86_64/gstreamer0.10-aalib-0.10.10-2.2mdv2009.0.x86_64.rpm\r\n e1ee1041b7ac2c2a10b5f3fb25b1cdd3 \r\n2009.0/x86_64/gstreamer0.10-caca-0.10.10-2.2mdv2009.0.x86_64.rpm\r\n aa5a02a2a2b1a83738360fe55df21df4 2009.0/x86_64/gstreamer0.10-dv-0.10.10-2.2mdv2009.0.x86_64.rpm\r\n dead047079a5b1a9052dfbe61b6fe5a9 \r\n2009.0/x86_64/gstreamer0.10-esound-0.10.10-2.2mdv2009.0.x86_64.rpm\r\n 1675f35f059b1c99228ae1aa125cfaac \r\n2009.0/x86_64/gstreamer0.10-flac-0.10.10-2.2mdv2009.0.x86_64.rpm\r\n 4584962d9870e9813b128ada5469defc \r\n2009.0/x86_64/gstreamer0.10-plugins-good-0.10.10-2.2mdv2009.0.x86_64.rpm\r\n bf54135323d93696ee68154df93ebbde \r\n2009.0/x86_64/gstreamer0.10-pulse-0.10.10-2.2mdv2009.0.x86_64.rpm\r\n 231e93b49075748873a361e38848f43c \r\n2009.0/x86_64/gstreamer0.10-raw1394-0.10.10-2.2mdv2009.0.x86_64.rpm\r\n 4a8863274976927a121bee25dd421523 \r\n2009.0/x86_64/gstreamer0.10-soup-0.10.10-2.2mdv2009.0.x86_64.rpm\r\n 35030eeae145d26f41d0efa2c46efcff \r\n2009.0/x86_64/gstreamer0.10-speex-0.10.10-2.2mdv2009.0.x86_64.rpm\r\n 11ecdd00ae934f05702c771946611333 \r\n2009.0/x86_64/gstreamer0.10-wavpack-0.10.10-2.2mdv2009.0.x86_64.rpm \r\n b52464a5db2a376c7ffe9b4ae0d73cba \r\n2009.0/SRPMS/gstreamer0.10-plugins-good-0.10.10-2.2mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.1:\r\n 576d67df2c10fd5ce98fafbcccf5d31f 2009.1/i586/gstreamer0.10-aalib-0.10.14-1.1mdv2009.1.i586.rpm\r\n c1df9fa818ac12667db9bfd51a8801df 2009.1/i586/gstreamer0.10-caca-0.10.14-1.1mdv2009.1.i586.rpm\r\n 1b2cbe0c1bd991db15f8a4ff30720430 2009.1/i586/gstreamer0.10-dv-0.10.14-1.1mdv2009.1.i586.rpm\r\n ae7c7483df3feb7ea984e32241bdba1f 2009.1/i586/gstreamer0.10-esound-0.10.14-1.1mdv2009.1.i586.rpm\r\n d881a0c3b7943dcde1e1ce2b12f55980 2009.1/i586/gstreamer0.10-flac-0.10.14-1.1mdv2009.1.i586.rpm\r\n 48b03dd5ff1f72383af81056a157d4d4 \r\n2009.1/i586/gstreamer0.10-plugins-good-0.10.14-1.1mdv2009.1.i586.rpm\r\n c72a5910e0c83f2e5b29db46f1a070d5 2009.1/i586/gstreamer0.10-pulse-0.10.14-1.1mdv2009.1.i586.rpm\r\n 2ec1d77cbee188562138681c274497d1 \r\n2009.1/i586/gstreamer0.10-raw1394-0.10.14-1.1mdv2009.1.i586.rpm\r\n d167d2ce3cabc24af442ad53736a4ae4 2009.1/i586/gstreamer0.10-soup-0.10.14-1.1mdv2009.1.i586.rpm\r\n 7e533c55706311d1abb8c1cf81febad7 2009.1/i586/gstreamer0.10-speex-0.10.14-1.1mdv2009.1.i586.rpm\r\n 442b714ff0d64c572c3f63a2b71cf39d \r\n2009.1/i586/gstreamer0.10-wavpack-0.10.14-1.1mdv2009.1.i586.rpm \r\n 0e0ec096f0960620be981e5d7b4bc216 \r\n2009.1/SRPMS/gstreamer0.10-plugins-good-0.10.14-1.1mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2009.1/X86_64:\r\n 252223161131b2287b9e7432b5152c08 \r\n2009.1/x86_64/gstreamer0.10-aalib-0.10.14-1.1mdv2009.1.x86_64.rpm\r\n a9fc8b915bf67dfc270c8ac403269a89 \r\n2009.1/x86_64/gstreamer0.10-caca-0.10.14-1.1mdv2009.1.x86_64.rpm\r\n 162a54cf36ce97f95aa06b36d3ea40df 2009.1/x86_64/gstreamer0.10-dv-0.10.14-1.1mdv2009.1.x86_64.rpm\r\n 88e60113882df2d775d458f88f035243 \r\n2009.1/x86_64/gstreamer0.10-esound-0.10.14-1.1mdv2009.1.x86_64.rpm\r\n 23263adc4119918c8e130866a02243fa \r\n2009.1/x86_64/gstreamer0.10-flac-0.10.14-1.1mdv2009.1.x86_64.rpm\r\n 63a6e950690392c3d8a7da89eeb23b1c \r\n2009.1/x86_64/gstreamer0.10-plugins-good-0.10.14-1.1mdv2009.1.x86_64.rpm\r\n d900bf012fbac7b6ed4cd019b1dc41b3 \r\n2009.1/x86_64/gstreamer0.10-pulse-0.10.14-1.1mdv2009.1.x86_64.rpm\r\n c9610f9bdab919fd6989bb00278fd83d \r\n2009.1/x86_64/gstreamer0.10-raw1394-0.10.14-1.1mdv2009.1.x86_64.rpm\r\n f8764ecd3d4ddb75ac4fb0fa6dae0ab9 \r\n2009.1/x86_64/gstreamer0.10-soup-0.10.14-1.1mdv2009.1.x86_64.rpm\r\n 9dd619ff1da567ebc0cddd82b085bd87 \r\n2009.1/x86_64/gstreamer0.10-speex-0.10.14-1.1mdv2009.1.x86_64.rpm\r\n 070d6303a673cb624866ab61f4dff728 \r\n2009.1/x86_64/gstreamer0.10-wavpack-0.10.14-1.1mdv2009.1.x86_64.rpm \r\n 0e0ec096f0960620be981e5d7b4bc216 \r\n2009.1/SRPMS/gstreamer0.10-plugins-good-0.10.14-1.1mdv2009.1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFKKVdrmqjQ0CJFipgRAvTdAJ9M4Mgl3lDDDlnwUwb5kR7dpOhp/QCgqQGH\r\nIiI+kqUb/EO99yc0N9eKqwM=\r\n=YXTZ\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2009-06-06T00:00:00", "published": "2009-06-06T00:00:00", "id": "SECURITYVULNS:DOC:21959", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21959", "title": "[ MDVSA-2009:130 ] gstreamer0.10-plugins-good", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cve": [{"lastseen": "2022-03-23T21:28:11", "description": "Multiple integer overflows in the (1) user_info_callback, (2) user_endrow_callback, and (3) gst_pngdec_task functions (ext/libpng/gstpngdec.c) in GStreamer Good Plug-ins (aka gst-plugins-good or gstreamer-plugins-good) 0.10.15 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted PNG file, which triggers a buffer overflow.", "cvss3": {}, "published": "2009-06-04T20:30:00", "type": "cve", "title": "CVE-2009-1932", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1932"], "modified": "2017-09-29T01:34:00", "cpe": ["cpe:/a:gstreamer:good_plug-ins:0.10.15"], "id": "CVE-2009-1932", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1932", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:gstreamer:good_plug-ins:0.10.15:*:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2022-01-04T13:27:13", "description": "Tielei Wang discovered that GStreamer Good Plugins did not correctly handle \nmalformed PNG image files. If a user were tricked into opening a crafted \nPNG image file with a GStreamer application, an attacker could cause a \ndenial of service via application crash, or possibly execute arbitrary code \nwith the privileges of the user invoking the program.\n", "cvss3": {}, "published": "2009-06-22T00:00:00", "type": "ubuntu", "title": "GStreamer Good Plugins vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1932"], "modified": "2009-06-22T00:00:00", "id": "USN-789-1", "href": "https://ubuntu.com/security/notices/USN-789-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:59:43", "description": "Multiple integer overflows in the (1) user_info_callback, (2)\nuser_endrow_callback, and (3) gst_pngdec_task functions\n(ext/libpng/gstpngdec.c) in GStreamer Good Plug-ins (aka gst-plugins-good\nor gstreamer-plugins-good) 0.10.15 allow remote attackers to cause a denial\nof service and possibly execute arbitrary code via a crafted PNG file,\nwhich triggers a buffer overflow.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532352>\n * <https://bugzilla.redhat.com/show_bug.cgi?id=504199>\n", "cvss3": {}, "published": "2009-06-04T00:00:00", "type": "ubuntucve", "title": "CVE-2009-1932", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1932"], "modified": "2009-06-04T00:00:00", "id": "UB:CVE-2009-1932", "href": "https://ubuntu.com/security/CVE-2009-1932", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2021-10-22T01:07:28", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1839-1 security@debian.org\nhttp://www.debian.org/security/ Steffen Joeris\nJuly 19, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : gst-plugins-good0.10\nVulnerability : integer overflow\nProblem type : local (remote)\nDebian-specific: no\nCVE Id(s) : CVE-2009-1932\nDebian Bugs : 531631 532352\n\n\nIt has been discovered that gst-plugins-good0.10, the GStreamer plugins\nfrom the &quot;good&quot; set, are prone to an integer overflow, when processing\na large PNG file. This could lead to the execution of arbitrary code.\n\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.10.8-4.1~lenny2.\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 0.10.4-4+etch1.\n\nPackages for the s390 and hppa architectures will be released once they\nare available.\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), this problem has been fixed in version 0.10.15-2.\n\n\nWe recommend that you upgrade your gst-plugins-good0.10 packages.\n\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian (oldstable)\n- ------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.4.orig.tar.gz\n Size/MD5 checksum: 1894794 88aa3c31909ed467605ed04434474c4d\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.4-4+etch1.dsc\n Size/MD5 checksum: 1576 4369a23f0e8576377918d7d07d6328dd\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.4-4+etch1.diff.gz\n Size/MD5 checksum: 24338 e5b085ae2275c9da0af25175f65c7baf\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-doc_0.10.4-4+etch1_all.deb\n Size/MD5 checksum: 95182 11e977d541258f5bb44fcfa9725544be\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.4-4+etch1_alpha.deb\n Size/MD5 checksum: 36152 824c86b12c45a27350e4aa619e032152\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.4-4+etch1_alpha.deb\n Size/MD5 checksum: 701616 03d794c04e432e88e63d46fae06280a1\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.4-4+etch1_alpha.deb\n Size/MD5 checksum: 1724576 290c5da8efa9ca0fb8d891e972dd0d3a\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.4-4+etch1_amd64.deb\n Size/MD5 checksum: 1732384 18059f6e0ad6e22d30cd37f67e805242\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.4-4+etch1_amd64.deb\n Size/MD5 checksum: 657520 38e793fe7760a4c0ff377c2334312672\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.4-4+etch1_amd64.deb\n Size/MD5 checksum: 35932 07678ef5b78b7d92e558432780249b53\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.4-4+etch1_arm.deb\n Size/MD5 checksum: 1682156 eae4e709d2092212c332a38584a0b02b\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.4-4+etch1_arm.deb\n Size/MD5 checksum: 36330 c66b476327a3a8af4ff2007df3195ad9\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.4-4+etch1_arm.deb\n Size/MD5 checksum: 648606 7eaca1b32d4f041fd8a470b4d2cde52d\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.4-4+etch1_i386.deb\n Size/MD5 checksum: 1663280 57029198e3d83aa970ab33d6ca350b39\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.4-4+etch1_i386.deb\n Size/MD5 checksum: 35760 5edf5708f77639289fe677ed7ca2e420\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.4-4+etch1_i386.deb\n Size/MD5 checksum: 627152 617ca7ae96554e009c38c2a5034f1990\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.4-4+etch1_ia64.deb\n Size/MD5 checksum: 38402 aad2afd4ffa648f3dfc1f7ae906dae7a\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.4-4+etch1_ia64.deb\n Size/MD5 checksum: 921426 8ca6d1599475312129e5d53d2a76bbb7\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.4-4+etch1_ia64.deb\n Size/MD5 checksum: 1699382 f4f07a7d7d090ba029b39f5593bd1506\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.4-4+etch1_mips.deb\n Size/MD5 checksum: 651366 81bc05502bf076091433986eedcddac3\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.4-4+etch1_mips.deb\n Size/MD5 checksum: 36372 6a948078c72d522d6bbea18c8d6c8605\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.4-4+etch1_mips.deb\n Size/MD5 checksum: 1757020 019dd9d275ac509ef12fec25e1b1927a\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.4-4+etch1_mipsel.deb\n Size/MD5 checksum: 1736574 5fb491e85fdc9e30ec00a1785bf592ab\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.4-4+etch1_mipsel.deb\n Size/MD5 checksum: 36388 a938fc1e339b3ab8df7261e75a9711cb\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.4-4+etch1_mipsel.deb\n Size/MD5 checksum: 647074 5c63e0acec9f0acb2bfa8dfd4ba9ba0c\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.4-4+etch1_powerpc.deb\n Size/MD5 checksum: 718846 23a52f9af7082a81c8ab0f34b253feef\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.4-4+etch1_powerpc.deb\n Size/MD5 checksum: 37784 ce7cefbf74bbf303313ada78c81229fb\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.4-4+etch1_powerpc.deb\n Size/MD5 checksum: 1782098 969ed616b5ab16ae09166b0e7370f67e\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.4-4+etch1_sparc.deb\n Size/MD5 checksum: 1645906 2c53a10e752461a3580a56319f2a0f0c\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.4-4+etch1_sparc.deb\n Size/MD5 checksum: 636014 52bb79329a93ba8e4ab1690c69845882\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.4-4+etch1_sparc.deb\n Size/MD5 checksum: 35678 d9c01bd16c1ce54000b16d8385e4ef98\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.8-4.1~lenny2.diff.gz\n Size/MD5 checksum: 30321 2f1494f7a2f648f84dd853f95fbc036b\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.8-4.1~lenny2.dsc\n Size/MD5 checksum: 2568 bb8e690805dfc8d9eb8595cf9f8738cb\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.8.orig.tar.gz\n Size/MD5 checksum: 2923109 467295921ca225aaa05afe9381f4b424\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-doc_0.10.8-4.1~lenny2_all.deb\n Size/MD5 checksum: 172232 cc5f1d3077e8ab179a99e7b00952e4e3\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.8-4.1~lenny2_alpha.deb\n Size/MD5 checksum: 1085902 ec69ccbbd739370cd5cdd87097845608\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.8-4.1~lenny2_alpha.deb\n Size/MD5 checksum: 2559520 ef84a92578c2a8883cb1f08850bd2503\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.8-4.1~lenny2_alpha.deb\n Size/MD5 checksum: 46504 d20ddb4964025adddb9c8a4c8134194f\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.8-4.1~lenny2_amd64.deb\n Size/MD5 checksum: 2602660 ed45c89a649bb02e74fd313c1c6ea571\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.8-4.1~lenny2_amd64.deb\n Size/MD5 checksum: 1024404 e2e2767732a649c650db109e1b654cbc\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.8-4.1~lenny2_amd64.deb\n Size/MD5 checksum: 46620 fb72b9020cfa305b9eac7d9dfb2611c1\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.8-4.1~lenny2_arm.deb\n Size/MD5 checksum: 1032978 041875758c9abfc88ccd1a4584603986\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.8-4.1~lenny2_arm.deb\n Size/MD5 checksum: 47358 d9ff739a754c29d75bb2ad089c1eeb18\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.8-4.1~lenny2_arm.deb\n Size/MD5 checksum: 2552334 c3c6d7c30c97565b0279b439c6d15024\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.8-4.1~lenny2_armel.deb\n Size/MD5 checksum: 2575848 48e7c802f6dd71b410b75878731743c3\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.8-4.1~lenny2_armel.deb\n Size/MD5 checksum: 47988 339dbfe5fed9a1b0bb4613592cbfa4c8\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.8-4.1~lenny2_armel.deb\n Size/MD5 checksum: 1090394 ce9ac0488902b58a8e44a96ff6aeb5c5\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.8-4.1~lenny2_hppa.deb\n Size/MD5 checksum: 1246866 176058c93063fd428d5eba0e53f4f316\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.8-4.1~lenny2_hppa.deb\n Size/MD5 checksum: 2583248 20e5ed5572de7ea2b9fc6eb6da245de3\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.8-4.1~lenny2_hppa.deb\n Size/MD5 checksum: 48926 265697d276c0090ab97870e83393372e\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.8-4.1~lenny2_i386.deb\n Size/MD5 checksum: 46554 6ded8d4176f2d53019907d70813c4b3a\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.8-4.1~lenny2_i386.deb\n Size/MD5 checksum: 960766 6d091000a4edb70d2c979cfd56529357\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.8-4.1~lenny2_i386.deb\n Size/MD5 checksum: 2503536 7a8c1fad3d157cb33e5119afd6a052cc\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.8-4.1~lenny2_ia64.deb\n Size/MD5 checksum: 1409690 a0ed8bc63531bfbecd97503c68e28f60\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.8-4.1~lenny2_ia64.deb\n Size/MD5 checksum: 48676 a126fb2251d1e18da80aecb8d7325727\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.8-4.1~lenny2_ia64.deb\n Size/MD5 checksum: 2549976 9ed6df4d0afd911cf916b4a1afa32b59\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.8-4.1~lenny2_mips.deb\n Size/MD5 checksum: 2618126 83f8267b980702b558d177f0d3f88f5d\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.8-4.1~lenny2_mips.deb\n Size/MD5 checksum: 1010320 bfa7c41cbba3541c9c0986539f8e0e45\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.8-4.1~lenny2_mips.deb\n Size/MD5 checksum: 46880 5dc0f286c77dad40ffc892e2d6decc35\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.8-4.1~lenny2_mipsel.deb\n Size/MD5 checksum: 46914 91c4cb67af4427246fbb3e808bf6a699\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.8-4.1~lenny2_mipsel.deb\n Size/MD5 checksum: 1002768 4d018f16fdcb9c6a6e38fff976d0943d\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.8-4.1~lenny2_mipsel.deb\n Size/MD5 checksum: 2594052 f372eb96a51cf574f73931de4b5dfa51\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.8-4.1~lenny2_powerpc.deb\n Size/MD5 checksum: 2643186 73d5591a8aed7d66c726d7b63e53a302\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.8-4.1~lenny2_powerpc.deb\n Size/MD5 checksum: 1084064 f00985c15b1f4164072af96b2cf69af9\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.8-4.1~lenny2_powerpc.deb\n Size/MD5 checksum: 47370 9139ab03055a0cc0c58b99b6b2936c6c\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.8-4.1~lenny2_sparc.deb\n Size/MD5 checksum: 2448238 d9664009d14d10e9e295d66a17a84378\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.8-4.1~lenny2_sparc.deb\n Size/MD5 checksum: 994402 fc847a1d0cb1721b8c0348a88a272b15\n http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.8-4.1~lenny2_sparc.deb\n Size/MD5 checksum: 45996 ccfb6b7d76be3274405f20775c2d7c9f\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;", "cvss3": {}, "published": "2009-07-19T07:06:36", "type": "debian", "title": "[SECURITY] [DSA 1839-1] New gst-plugins-good0.10 packages fix arbitrary code execution", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1932"], "modified": "2009-07-19T07:06:36", "id": "DEBIAN:DSA-1839-1:E5280", "href": "https://lists.debian.org/debian-security-announce/2009/msg00153.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2022-02-27T12:01:07", "description": "**CentOS Errata and Security Advisory** CESA-2009:1123\n\n\nGStreamer is a streaming media framework, based on graphs of filters which\noperate on media data. GStreamer Good Plug-ins is a collection of\nwell-supported, good quality GStreamer plug-ins.\n\nMultiple integer overflow flaws, that could lead to a buffer overflow, were\nfound in the GStreamer Good Plug-ins PNG decoding handler. An attacker\ncould create a specially-crafted PNG file that would cause an application\nusing the GStreamer Good Plug-ins library to crash or, potentially, execute\narbitrary code as the user running the application when parsed.\n(CVE-2009-1932)\n\nAll users of gstreamer-plugins-good are advised to upgrade to these updated\npackages, which contain a backported patch to correct these issues. After\ninstalling the update, all applications using GStreamer Good Plug-ins (such\nas some media playing applications) must be restarted for the changes to\ntake effect.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2009-June/052924.html\nhttps://lists.centos.org/pipermail/centos-announce/2009-June/052925.html\n\n**Affected packages:**\ngstreamer-plugins-good\ngstreamer-plugins-good-devel\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2009:1123", "cvss3": {}, "published": "2009-06-26T14:01:18", "type": "centos", "title": "gstreamer security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1932"], "modified": "2009-06-26T14:01:18", "id": "CESA-2009:1123", "href": "https://lists.centos.org/pipermail/centos-announce/2009-June/052924.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T19:14:10", "description": "### Background\n\nThe GStreamer plug-ins provide decoders to the GStreamer open source media framework. \n\n### Description\n\nMultiple vulnerabilities have been reported in several GStreamer plug-ins: \n\n * Tobias Klein reported two heap-based buffer overflows and an array index error in the qtdemux_parse_samples() function in gst-plugins-good when processing a QuickTime media .mov file (CVE-2009-0386, CVE-2009-0387, CVE-2009-0397). \n * Thomas Hoger of the Red Hat Security Response Team reported an integer overflow that can lead to a heap-based buffer overflow in the gst_vorbis_tag_add_coverart() function in gst-plugins-base when processing COVERART tags (CVE-2009-0586). \n * Tielei Wang of ICST-ERCIS, Peking University reported multiple integer overflows leading to buffer overflows in gst-plugins-libpng when processing a PNG file (CVE-2009-1932). \n\n### Impact\n\nA remote attacker could entice a user or automated system using a GStreamer plug-in to process a specially crafted file, resulting in the execution of arbitrary code or a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll gst-plugins-good users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/gst-plugins-good-0.10.14\"\n\nAll gst-plugins-base users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/gst-plugins-base-0.10.22\"\n\nAll gst-plugins-libpng users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-plugins/gst-plugins-libpng-0.10.14-r1\"", "cvss3": {}, "published": "2009-07-12T00:00:00", "type": "gentoo", "title": "GStreamer plug-ins: User-assisted execution of arbitrary code", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0386", "CVE-2009-0387", "CVE-2009-0397", "CVE-2009-0586", "CVE-2009-1932"], "modified": "2009-07-12T00:00:00", "id": "GLSA-200907-11", "href": "https://security.gentoo.org/glsa/200907-11", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}