{"id": "RHSA-2010:0622", "hash": "4c697d8db37adb78fba5a216feb09c91", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2010:0622) Important: rhev-hypervisor security and bug fix update", "description": "The rhev-hypervisor package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nIt was found that the libspice component of QEMU-KVM on the host did not\nvalidate all pointers provided from a guest system's QXL graphics card\ndriver. A privileged guest user could use this flaw to cause the host to\ndereference an invalid pointer, causing the guest to crash (denial of\nservice) or, possibly, resulting in the privileged guest user escalating\ntheir privileges on the host. (CVE-2010-0428)\n\nIt was found that the libspice component of QEMU-KVM on the host could be\nforced to perform certain memory management operations on memory addresses\ncontrolled by a guest. A privileged guest user could use this flaw to crash\nthe guest (denial of service) or, possibly, escalate their privileges on\nthe host. (CVE-2010-0429)\n\nIt was found that QEMU-KVM on the host did not validate all pointers\nprovided from a guest system's QXL graphics card driver. A privileged guest\nuser could use this flaw to cause the host to dereference an invalid\npointer, causing the guest to crash (denial of service) or, possibly,\nresulting in the privileged guest user escalating their privileges on the\nhost. (CVE-2010-0431)\n\nA flaw was found in QEMU-KVM, allowing the guest some control over the\nindex used to access the callback array during sub-page MMIO\ninitialization. A privileged guest user could use this flaw to crash the\nguest (denial of service) or, possibly, escalate their privileges on the\nhost. (CVE-2010-2784)\n\nA NULL pointer dereference flaw was found when Red Hat Enterprise\nVirtualization Hypervisor was run on a system that has a processor with the\nIntel VT-x extension enabled. A privileged guest user could use this flaw\nto trick the host into emulating a certain instruction, which could crash\nthe host (denial of service). (CVE-2010-0435)\n\nA flaw was found in the way VDSM accepted SSL connections. An attacker\ncould trigger this flaw by creating a crafted SSL connection to VDSM,\npreventing VDSM from accepting SSL connections from other users.\n(CVE-2010-2811)\n\nThese updated packages provide updated components that include fixes for\nsecurity issues; however, these issues have no security impact for Red Hat\nEnterprise Virtualization Hypervisor. These fixes are for avahi issues\nCVE-2009-0758 and CVE-2010-2244; freetype issues CVE-2010-1797,\nCVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519, CVE-2010-2527,\nand CVE-2010-2541; kernel issues CVE-2010-1084, CVE-2010-2066,\nCVE-2010-2070, CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, and\nCVE-2010-2524; and openldap issues CVE-2010-0211 and CVE-2010-0212.\n\nThese updated rhev-hypervisor packages also fix two bugs. Documentation for\nthese bug fixes will be available shortly from\nhttp://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization_for_Servers/2.2/html/Technical_Notes/index.html\n\nAs Red Hat Enterprise Virtualization Hypervisor is based on KVM, the bug\nfixes from the KVM update RHSA-2010:0627 have been included in this update.\nAlso included are the bug fixes from the VDSM update RHSA-2010:0628.\n\nKVM: https://rhn.redhat.com/errata/RHSA-2010-0627.html\nVDSM: https://rhn.redhat.com/errata/RHSA-2010-0628.html\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to these updated rhev-hypervisor packages, which resolve these\nissues.\n", "published": "2010-08-19T04:00:00", "modified": "2019-03-22T23:44:57", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://access.redhat.com/errata/RHSA-2010:0622", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2009-0758", "CVE-2010-0211", "CVE-2010-0212", "CVE-2010-0428", "CVE-2010-0429", "CVE-2010-0431", "CVE-2010-0435", "CVE-2010-1084", "CVE-2010-1797", "CVE-2010-2066", "CVE-2010-2070", "CVE-2010-2226", "CVE-2010-2244", "CVE-2010-2248", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2521", "CVE-2010-2524", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2784", "CVE-2010-2811"], "lastseen": "2019-05-29T14:34:42", "history": [{"bulletin": {"id": "RHSA-2010:0622", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2010:0622) Important: rhev-hypervisor security and bug fix update", "description": "The rhev-hypervisor package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nIt was found that the libspice component of QEMU-KVM on the host did not\nvalidate all pointers provided from a guest system's QXL graphics card\ndriver. A privileged guest user could use this flaw to cause the host to\ndereference an invalid pointer, causing the guest to crash (denial of\nservice) or, possibly, resulting in the privileged guest user escalating\ntheir privileges on the host. (CVE-2010-0428)\n\nIt was found that the libspice component of QEMU-KVM on the host could be\nforced to perform certain memory management operations on memory addresses\ncontrolled by a guest. A privileged guest user could use this flaw to crash\nthe guest (denial of service) or, possibly, escalate their privileges on\nthe host. (CVE-2010-0429)\n\nIt was found that QEMU-KVM on the host did not validate all pointers\nprovided from a guest system's QXL graphics card driver. A privileged guest\nuser could use this flaw to cause the host to dereference an invalid\npointer, causing the guest to crash (denial of service) or, possibly,\nresulting in the privileged guest user escalating their privileges on the\nhost. (CVE-2010-0431)\n\nA flaw was found in QEMU-KVM, allowing the guest some control over the\nindex used to access the callback array during sub-page MMIO\ninitialization. A privileged guest user could use this flaw to crash the\nguest (denial of service) or, possibly, escalate their privileges on the\nhost. (CVE-2010-2784)\n\nA NULL pointer dereference flaw was found when Red Hat Enterprise\nVirtualization Hypervisor was run on a system that has a processor with the\nIntel VT-x extension enabled. A privileged guest user could use this flaw\nto trick the host into emulating a certain instruction, which could crash\nthe host (denial of service). (CVE-2010-0435)\n\nA flaw was found in the way VDSM accepted SSL connections. An attacker\ncould trigger this flaw by creating a crafted SSL connection to VDSM,\npreventing VDSM from accepting SSL connections from other users.\n(CVE-2010-2811)\n\nThese updated packages provide updated components that include fixes for\nsecurity issues; however, these issues have no security impact for Red Hat\nEnterprise Virtualization Hypervisor. These fixes are for avahi issues\nCVE-2009-0758 and CVE-2010-2244; freetype issues CVE-2010-1797,\nCVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519, CVE-2010-2527,\nand CVE-2010-2541; kernel issues CVE-2010-1084, CVE-2010-2066,\nCVE-2010-2070, CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, and\nCVE-2010-2524; and openldap issues CVE-2010-0211 and CVE-2010-0212.\n\nThese updated rhev-hypervisor packages also fix two bugs. Documentation for\nthese bug fixes will be available shortly from\nhttp://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization_for_Servers/2.2/html/Technical_Notes/index.html\n\nAs Red Hat Enterprise Virtualization Hypervisor is based on KVM, the bug\nfixes from the KVM update RHSA-2010:0627 have been included in this update.\nAlso included are the bug fixes from the VDSM update RHSA-2010:0628.\n\nKVM: https://rhn.redhat.com/errata/RHSA-2010-0627.html\nVDSM: https://rhn.redhat.com/errata/RHSA-2010-0628.html\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to these updated rhev-hypervisor packages, which resolve these\nissues.\n", "published": "2010-08-19T04:00:00", "modified": "2018-05-03T23:42:42", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2010:0622", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2009-0758", "CVE-2010-0211", "CVE-2010-0212", "CVE-2010-0428", "CVE-2010-0429", "CVE-2010-0431", "CVE-2010-0435", "CVE-2010-1084", "CVE-2010-1797", "CVE-2010-2066", "CVE-2010-2070", "CVE-2010-2226", "CVE-2010-2244", "CVE-2010-2248", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2521", "CVE-2010-2524", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2784", "CVE-2010-2811"], "lastseen": "2018-05-06T19:00:55", "history": [], "viewCount": 0, "enchantments": {}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "arch": "noarch", "packageName": "rhev-hypervisor-pxe", "packageVersion": "5.5-2.2.6.1.el5_5rhev2_2", "packageFilename": "rhev-hypervisor-pxe-5.5-2.2.6.1.el5_5rhev2_2.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "noarch", "packageName": "rhev-hypervisor", "packageVersion": "5.5-2.2.6.1.el5_5rhev2_2", "packageFilename": "rhev-hypervisor-5.5-2.2.6.1.el5_5rhev2_2.noarch.rpm", "operator": "lt"}]}, "lastseen": "2018-05-06T19:00:55", "differentElements": ["modified"], "edition": 1}, {"bulletin": {"id": "RHSA-2010:0622", "hash": "cc853267c439f6ac8d9501ba9900376b", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2010:0622) Important: rhev-hypervisor security and bug fix update", "description": "The rhev-hypervisor package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nIt was found that the libspice component of QEMU-KVM on the host did not\nvalidate all pointers provided from a guest system's QXL graphics card\ndriver. A privileged guest user could use this flaw to cause the host to\ndereference an invalid pointer, causing the guest to crash (denial of\nservice) or, possibly, resulting in the privileged guest user escalating\ntheir privileges on the host. (CVE-2010-0428)\n\nIt was found that the libspice component of QEMU-KVM on the host could be\nforced to perform certain memory management operations on memory addresses\ncontrolled by a guest. A privileged guest user could use this flaw to crash\nthe guest (denial of service) or, possibly, escalate their privileges on\nthe host. (CVE-2010-0429)\n\nIt was found that QEMU-KVM on the host did not validate all pointers\nprovided from a guest system's QXL graphics card driver. A privileged guest\nuser could use this flaw to cause the host to dereference an invalid\npointer, causing the guest to crash (denial of service) or, possibly,\nresulting in the privileged guest user escalating their privileges on the\nhost. (CVE-2010-0431)\n\nA flaw was found in QEMU-KVM, allowing the guest some control over the\nindex used to access the callback array during sub-page MMIO\ninitialization. A privileged guest user could use this flaw to crash the\nguest (denial of service) or, possibly, escalate their privileges on the\nhost. (CVE-2010-2784)\n\nA NULL pointer dereference flaw was found when Red Hat Enterprise\nVirtualization Hypervisor was run on a system that has a processor with the\nIntel VT-x extension enabled. A privileged guest user could use this flaw\nto trick the host into emulating a certain instruction, which could crash\nthe host (denial of service). (CVE-2010-0435)\n\nA flaw was found in the way VDSM accepted SSL connections. An attacker\ncould trigger this flaw by creating a crafted SSL connection to VDSM,\npreventing VDSM from accepting SSL connections from other users.\n(CVE-2010-2811)\n\nThese updated packages provide updated components that include fixes for\nsecurity issues; however, these issues have no security impact for Red Hat\nEnterprise Virtualization Hypervisor. These fixes are for avahi issues\nCVE-2009-0758 and CVE-2010-2244; freetype issues CVE-2010-1797,\nCVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519, CVE-2010-2527,\nand CVE-2010-2541; kernel issues CVE-2010-1084, CVE-2010-2066,\nCVE-2010-2070, CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, and\nCVE-2010-2524; and openldap issues CVE-2010-0211 and CVE-2010-0212.\n\nThese updated rhev-hypervisor packages also fix two bugs. Documentation for\nthese bug fixes will be available shortly from\nhttp://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization_for_Servers/2.2/html/Technical_Notes/index.html\n\nAs Red Hat Enterprise Virtualization Hypervisor is based on KVM, the bug\nfixes from the KVM update RHSA-2010:0627 have been included in this update.\nAlso included are the bug fixes from the VDSM update RHSA-2010:0628.\n\nKVM: https://rhn.redhat.com/errata/RHSA-2010-0627.html\nVDSM: https://rhn.redhat.com/errata/RHSA-2010-0628.html\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to these updated rhev-hypervisor packages, which resolve these\nissues.\n", "published": "2010-08-19T04:00:00", "modified": "2018-05-25T06:35:12", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2010:0622", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2009-0758", "CVE-2010-0211", "CVE-2010-0212", "CVE-2010-0428", "CVE-2010-0429", "CVE-2010-0431", "CVE-2010-0435", "CVE-2010-1084", "CVE-2010-1797", "CVE-2010-2066", "CVE-2010-2070", "CVE-2010-2226", "CVE-2010-2244", "CVE-2010-2248", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2521", "CVE-2010-2524", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2784", "CVE-2010-2811"], "lastseen": "2018-05-25T03:56:50", "history": [], "viewCount": 3, "enchantments": {"score": {"value": 7.2, "vector": "NONE", "modified": "2018-05-25T03:56:50"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "arch": "noarch", "packageName": "rhev-hypervisor-pxe", "packageVersion": "5.5-2.2.6.1.el5_5rhev2_2", "packageFilename": "rhev-hypervisor-pxe-5.5-2.2.6.1.el5_5rhev2_2.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "noarch", "packageName": "rhev-hypervisor", "packageVersion": "5.5-2.2.6.1.el5_5rhev2_2", "packageFilename": "rhev-hypervisor-5.5-2.2.6.1.el5_5rhev2_2.noarch.rpm", "operator": "lt"}]}, "lastseen": "2018-05-25T03:56:50", "differentElements": ["affectedPackage"], "edition": 2}, {"bulletin": {"id": "RHSA-2010:0622", "hash": "3b0e7ef487bf1af8cdd3f1caace2cb38", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2010:0622) Important: rhev-hypervisor security and bug fix update", "description": "The rhev-hypervisor package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nIt was found that the libspice component of QEMU-KVM on the host did not\nvalidate all pointers provided from a guest system's QXL graphics card\ndriver. A privileged guest user could use this flaw to cause the host to\ndereference an invalid pointer, causing the guest to crash (denial of\nservice) or, possibly, resulting in the privileged guest user escalating\ntheir privileges on the host. (CVE-2010-0428)\n\nIt was found that the libspice component of QEMU-KVM on the host could be\nforced to perform certain memory management operations on memory addresses\ncontrolled by a guest. A privileged guest user could use this flaw to crash\nthe guest (denial of service) or, possibly, escalate their privileges on\nthe host. (CVE-2010-0429)\n\nIt was found that QEMU-KVM on the host did not validate all pointers\nprovided from a guest system's QXL graphics card driver. A privileged guest\nuser could use this flaw to cause the host to dereference an invalid\npointer, causing the guest to crash (denial of service) or, possibly,\nresulting in the privileged guest user escalating their privileges on the\nhost. (CVE-2010-0431)\n\nA flaw was found in QEMU-KVM, allowing the guest some control over the\nindex used to access the callback array during sub-page MMIO\ninitialization. A privileged guest user could use this flaw to crash the\nguest (denial of service) or, possibly, escalate their privileges on the\nhost. (CVE-2010-2784)\n\nA NULL pointer dereference flaw was found when Red Hat Enterprise\nVirtualization Hypervisor was run on a system that has a processor with the\nIntel VT-x extension enabled. A privileged guest user could use this flaw\nto trick the host into emulating a certain instruction, which could crash\nthe host (denial of service). (CVE-2010-0435)\n\nA flaw was found in the way VDSM accepted SSL connections. An attacker\ncould trigger this flaw by creating a crafted SSL connection to VDSM,\npreventing VDSM from accepting SSL connections from other users.\n(CVE-2010-2811)\n\nThese updated packages provide updated components that include fixes for\nsecurity issues; however, these issues have no security impact for Red Hat\nEnterprise Virtualization Hypervisor. These fixes are for avahi issues\nCVE-2009-0758 and CVE-2010-2244; freetype issues CVE-2010-1797,\nCVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519, CVE-2010-2527,\nand CVE-2010-2541; kernel issues CVE-2010-1084, CVE-2010-2066,\nCVE-2010-2070, CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, and\nCVE-2010-2524; and openldap issues CVE-2010-0211 and CVE-2010-0212.\n\nThese updated rhev-hypervisor packages also fix two bugs. Documentation for\nthese bug fixes will be available shortly from\nhttp://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization_for_Servers/2.2/html/Technical_Notes/index.html\n\nAs Red Hat Enterprise Virtualization Hypervisor is based on KVM, the bug\nfixes from the KVM update RHSA-2010:0627 have been included in this update.\nAlso included are the bug fixes from the VDSM update RHSA-2010:0628.\n\nKVM: https://rhn.redhat.com/errata/RHSA-2010-0627.html\nVDSM: https://rhn.redhat.com/errata/RHSA-2010-0628.html\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to these updated rhev-hypervisor packages, which resolve these\nissues.\n", "published": "2010-08-19T04:00:00", "modified": "2018-05-25T06:35:12", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2010:0622", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2009-0758", "CVE-2010-0211", "CVE-2010-0212", "CVE-2010-0428", "CVE-2010-0429", "CVE-2010-0431", "CVE-2010-0435", "CVE-2010-1084", "CVE-2010-1797", "CVE-2010-2066", "CVE-2010-2070", "CVE-2010-2226", "CVE-2010-2244", "CVE-2010-2248", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2521", "CVE-2010-2524", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2784", "CVE-2010-2811"], "lastseen": "2018-12-11T17:43:24", "history": [], "viewCount": 4, "enchantments": {"score": {"value": 7.2, "vector": "NONE", "modified": "2018-12-11T17:43:24"}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:870300", "OPENVAS:1361412562310870300", "OPENVAS:1361412562310122337", "OPENVAS:1361412562310880576", "OPENVAS:880576", "OPENVAS:870308", "OPENVAS:1361412562310122332", "OPENVAS:880569", "OPENVAS:1361412562310870308", "OPENVAS:1361412562310880569"]}, {"type": "redhat", "idList": ["RHSA-2010:0578", "RHSA-2010:0610", "RHSA-2010:0577", "RHSA-2010:0627"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2010-0578.NASL", "CENTOS_RHSA-2010-0578.NASL", "SL_20100730_FREETYPE_FOR_SL4.NASL", "ORACLELINUX_ELSA-2010-0578.NASL", "REDHAT-RHSA-2010-0622.NASL", "CENTOS_RHSA-2010-0610.NASL", "REDHAT-RHSA-2010-0610.NASL", "SL_20100810_KERNEL_ON_SL5_X.NASL", "ORACLELINUX_ELSA-2010-0610.NASL", "UBUNTU_USN-963-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0578", "ELSA-2010-0610", "ELSA-2010-0627", "ELSA-2010-0606"]}, {"type": "centos", "idList": ["CESA-2010:0578", "CESA-2010:0610", "CESA-2010:0577", "CESA-2010:0627"]}, {"type": "cve", "idList": ["CVE-2010-2226", "CVE-2010-2499", "CVE-2010-2066", "CVE-2010-2248", "CVE-2010-2244", "CVE-2010-2070", "CVE-2010-2521", "CVE-2010-2541", "CVE-2010-2784", "CVE-2009-0758"]}, {"type": "ubuntu", "idList": ["USN-963-1"]}, {"type": "f5", "idList": ["SOL16477"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:24241"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2070-1:50712"]}, {"type": "n0where", "idList": ["N0WHERE:31614"]}], "modified": "2018-12-11T17:43:24"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "arch": "noarch", "packageName": "rhev-hypervisor-pxe", "packageVersion": "5.5-2.2.6.1.el5_5rhev2_2", "packageFilename": "rhev-hypervisor-pxe-5.5-2.2.6.1.el5_5rhev2_2.noarch.rpm", "operator": "lt"}]}, "lastseen": "2018-12-11T17:43:24", "differentElements": ["modified"], "edition": 3}, {"bulletin": {"id": "RHSA-2010:0622", "hash": "8352e8fa2e960a7c25025404afa84de2", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2010:0622) Important: rhev-hypervisor security and bug fix update", "description": "The rhev-hypervisor package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nIt was found that the libspice component of QEMU-KVM on the host did not\nvalidate all pointers provided from a guest system's QXL graphics card\ndriver. A privileged guest user could use this flaw to cause the host to\ndereference an invalid pointer, causing the guest to crash (denial of\nservice) or, possibly, resulting in the privileged guest user escalating\ntheir privileges on the host. (CVE-2010-0428)\n\nIt was found that the libspice component of QEMU-KVM on the host could be\nforced to perform certain memory management operations on memory addresses\ncontrolled by a guest. A privileged guest user could use this flaw to crash\nthe guest (denial of service) or, possibly, escalate their privileges on\nthe host. (CVE-2010-0429)\n\nIt was found that QEMU-KVM on the host did not validate all pointers\nprovided from a guest system's QXL graphics card driver. A privileged guest\nuser could use this flaw to cause the host to dereference an invalid\npointer, causing the guest to crash (denial of service) or, possibly,\nresulting in the privileged guest user escalating their privileges on the\nhost. (CVE-2010-0431)\n\nA flaw was found in QEMU-KVM, allowing the guest some control over the\nindex used to access the callback array during sub-page MMIO\ninitialization. A privileged guest user could use this flaw to crash the\nguest (denial of service) or, possibly, escalate their privileges on the\nhost. (CVE-2010-2784)\n\nA NULL pointer dereference flaw was found when Red Hat Enterprise\nVirtualization Hypervisor was run on a system that has a processor with the\nIntel VT-x extension enabled. A privileged guest user could use this flaw\nto trick the host into emulating a certain instruction, which could crash\nthe host (denial of service). (CVE-2010-0435)\n\nA flaw was found in the way VDSM accepted SSL connections. An attacker\ncould trigger this flaw by creating a crafted SSL connection to VDSM,\npreventing VDSM from accepting SSL connections from other users.\n(CVE-2010-2811)\n\nThese updated packages provide updated components that include fixes for\nsecurity issues; however, these issues have no security impact for Red Hat\nEnterprise Virtualization Hypervisor. These fixes are for avahi issues\nCVE-2009-0758 and CVE-2010-2244; freetype issues CVE-2010-1797,\nCVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519, CVE-2010-2527,\nand CVE-2010-2541; kernel issues CVE-2010-1084, CVE-2010-2066,\nCVE-2010-2070, CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, and\nCVE-2010-2524; and openldap issues CVE-2010-0211 and CVE-2010-0212.\n\nThese updated rhev-hypervisor packages also fix two bugs. Documentation for\nthese bug fixes will be available shortly from\nhttp://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization_for_Servers/2.2/html/Technical_Notes/index.html\n\nAs Red Hat Enterprise Virtualization Hypervisor is based on KVM, the bug\nfixes from the KVM update RHSA-2010:0627 have been included in this update.\nAlso included are the bug fixes from the VDSM update RHSA-2010:0628.\n\nKVM: https://rhn.redhat.com/errata/RHSA-2010-0627.html\nVDSM: https://rhn.redhat.com/errata/RHSA-2010-0628.html\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to these updated rhev-hypervisor packages, which resolve these\nissues.\n", "published": "2010-08-19T04:00:00", "modified": "2019-03-22T23:44:57", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2010:0622", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2009-0758", "CVE-2010-0211", "CVE-2010-0212", "CVE-2010-0428", "CVE-2010-0429", "CVE-2010-0431", "CVE-2010-0435", "CVE-2010-1084", "CVE-2010-1797", "CVE-2010-2066", "CVE-2010-2070", "CVE-2010-2226", "CVE-2010-2244", "CVE-2010-2248", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2521", "CVE-2010-2524", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2784", "CVE-2010-2811"], "lastseen": "2019-03-22T21:12:38", "history": [], "viewCount": 4, "enchantments": {"score": {"value": 6.5, "vector": "NONE", "modified": "2019-03-22T21:12:38"}, "dependencies": {"references": [{"type": "oraclelinux", "idList": ["ELSA-2010-0578", "ELSA-2010-0610", "ELSA-2010-0627"]}, {"type": "openvas", "idList": ["OPENVAS:880576", "OPENVAS:1361412562310880576", "OPENVAS:870300", "OPENVAS:1361412562310122337", "OPENVAS:1361412562310880569", "OPENVAS:880569", "OPENVAS:870308", "OPENVAS:1361412562310870300", "OPENVAS:1361412562310840461", "OPENVAS:1361412562310870308"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2010-0610.NASL", "ORACLELINUX_ELSA-2010-0610.NASL", "REDHAT-RHSA-2010-0578.NASL", "ORACLELINUX_ELSA-2010-0578.NASL", "SL_20100730_FREETYPE_FOR_SL4.NASL", "SL_20100810_KERNEL_ON_SL5_X.NASL", "CENTOS_RHSA-2010-0578.NASL", "UBUNTU_USN-963-1.NASL", "REDHAT-RHSA-2010-0622.NASL", "REDHAT-RHSA-2010-0610.NASL"]}, {"type": "redhat", "idList": ["RHSA-2010:0578", "RHSA-2010:0610", "RHSA-2010:0577", "RHSA-2010:0627"]}, {"type": "centos", "idList": ["CESA-2010:0610", "CESA-2010:0578", "CESA-2010:0577", "CESA-2010:0627"]}, {"type": "ubuntu", "idList": ["USN-963-1"]}, {"type": "cve", "idList": ["CVE-2010-2244", "CVE-2010-2070", "CVE-2010-2499", "CVE-2010-2784", "CVE-2010-2541", "CVE-2010-2226", "CVE-2010-2248", "CVE-2010-2811", "CVE-2010-2498", "CVE-2010-0435"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:24241"]}, {"type": "f5", "idList": ["SOL16477"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2070-1:50712"]}, {"type": "n0where", "idList": ["N0WHERE:31614"]}], "modified": "2019-03-22T21:12:38"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "arch": "noarch", "packageName": "rhev-hypervisor-pxe", "packageVersion": "5.5-2.2.6.1.el5_5rhev2_2", "packageFilename": "rhev-hypervisor-pxe-5.5-2.2.6.1.el5_5rhev2_2.noarch.rpm", "operator": "lt"}]}, "lastseen": "2019-03-22T21:12:38", "differentElements": ["cvss"], "edition": 4}], "viewCount": 4, "enchantments": {"score": {"value": 6.5, "vector": "NONE", "modified": "2019-05-29T14:34:42"}, "dependencies": {"references": [{"type": "centos", "idList": ["CESA-2010:0578", "CESA-2010:0610", "CESA-2010:0577", "CESA-2010:0627"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2010-0578.NASL", "SL_20100730_FREETYPE_FOR_SL4.NASL", "ORACLELINUX_ELSA-2010-0578.NASL", "REDHAT-RHSA-2010-0578.NASL", "REDHAT-RHSA-2010-0610.NASL", "ORACLELINUX_ELSA-2010-0610.NASL", "CENTOS_RHSA-2010-0610.NASL", "REDHAT-RHSA-2010-0622.NASL", "SL_20100810_KERNEL_ON_SL5_X.NASL", "UBUNTU_USN-963-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310870300", "OPENVAS:880576", "OPENVAS:870300", "OPENVAS:1361412562310122337", "OPENVAS:1361412562310880576", "OPENVAS:1361412562310122332", "OPENVAS:1361412562310870308", "OPENVAS:880569", "OPENVAS:1361412562310880569", "OPENVAS:870308"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0578", "ELSA-2010-0610", "ELSA-2010-0627"]}, {"type": "redhat", "idList": ["RHSA-2010:0578", "RHSA-2010:0610", "RHSA-2010:0577", "RHSA-2010:0627"]}, {"type": "ubuntu", "idList": ["USN-963-1"]}, {"type": "cve", "idList": ["CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2244", "CVE-2010-2226", "CVE-2010-1084", "CVE-2010-0435", "CVE-2010-2070", "CVE-2010-2066", "CVE-2010-2541", "CVE-2010-2498"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2070-1:50712"]}, {"type": "n0where", "idList": ["N0WHERE:31614"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:24241"]}, {"type": "f5", "idList": ["SOL16477"]}], "modified": "2019-05-29T14:34:42"}, "vulnersScore": 6.5}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "arch": "noarch", "packageName": "rhev-hypervisor-pxe", "packageVersion": "5.5-2.2.6.1.el5_5rhev2_2", "packageFilename": "rhev-hypervisor-pxe-5.5-2.2.6.1.el5_5rhev2_2.noarch.rpm", "operator": "lt"}], "_object_type": "robots.models.redhat.RedHatBulletin", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"]}

{"redhat": [{"lastseen": "2019-05-29T14:34:11", "bulletinFamily": "unix", "description": "FreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently. The freetype packages for Red Hat Enterprise Linux 4 provide\nboth the FreeType 1 and FreeType 2 font engines. The freetype packages for\nRed Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\nAn invalid memory management flaw was found in the way the FreeType font\nengine processed font files. If a user loaded a carefully-crafted font file\nwith an application linked against FreeType, it could cause the application\nto crash or, possibly, execute arbitrary code with the privileges of the\nuser running the application. (CVE-2010-2498)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed font files. If a user loaded a carefully-crafted font file with\nan application linked against FreeType, it could cause the application to\ncrash or, possibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the way the FreeType font\nengine processed font files. If a user loaded a carefully-crafted font file\nwith an application linked against FreeType, it could cause the application\nto crash or, possibly, execute arbitrary code with the privileges of the\nuser running the application. (CVE-2010-2499, CVE-2010-2519)\n\nSeveral buffer overflow flaws were found in the FreeType demo applications.\nIf a user loaded a carefully-crafted font file with a demo application, it\ncould cause the application to crash or, possibly, execute arbitrary code\nwith the privileges of the user running the application. (CVE-2010-2527,\nCVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team for\nthe discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499,\nCVE-2010-2519, and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2 font\nengine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect.\n", "modified": "2017-09-08T11:50:38", "published": "2010-07-30T04:00:00", "id": "RHSA-2010:0578", "href": "https://access.redhat.com/errata/RHSA-2010:0578", "type": "redhat", "title": "(RHSA-2010:0578) Important: freetype security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T14:34:58", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* instances of unsafe sprintf() use were found in the Linux kernel\nBluetooth implementation. Creating a large number of Bluetooth L2CAP, SCO,\nor RFCOMM sockets could result in arbitrary memory pages being overwritten.\nA local, unprivileged user could use this flaw to cause a kernel panic\n(denial of service) or escalate their privileges. (CVE-2010-1084,\nImportant)\n\n* a flaw was found in the Xen hypervisor implementation when using the\nIntel Itanium architecture, allowing guests to enter an unsupported state.\nAn unprivileged guest user could trigger this flaw by setting the BE (Big\nEndian) bit of the Processor Status Register (PSR), leading to the guest\ncrashing (denial of service). (CVE-2010-2070, Important)\n\n* a flaw was found in the CIFSSMBWrite() function in the Linux kernel\nCommon Internet File System (CIFS) implementation. A remote attacker could\nsend a specially-crafted SMB response packet to a target CIFS client,\nresulting in a kernel panic (denial of service). (CVE-2010-2248, Important)\n\n* buffer overflow flaws were found in the Linux kernel's implementation of\nthe server-side External Data Representation (XDR) for the Network File\nSystem (NFS) version 4. An attacker on the local network could send a\nspecially-crafted large compound request to the NFSv4 server, which could\npossibly result in a kernel panic (denial of service) or, potentially, code\nexecution. (CVE-2010-2521, Important)\n\n* a flaw was found in the handling of the SWAPEXT IOCTL in the Linux kernel\nXFS file system implementation. A local user could use this flaw to read\nwrite-only files, that they do not own, on an XFS file system. This could\nlead to unintended information disclosure. (CVE-2010-2226, Moderate)\n\n* a flaw was found in the dns_resolver upcall used by CIFS. A local,\nunprivileged user could redirect a Microsoft Distributed File System link\nto another IP address, tricking the client into mounting the share from a\nserver of the user's choosing. (CVE-2010-2524, Moderate)\n\n* a missing check was found in the mext_check_arguments() function in the\next4 file system code. A local user could use this flaw to cause the\nMOVE_EXT IOCTL to overwrite the contents of an append-only file on an ext4\nfile system, if they have write permissions for that file. (CVE-2010-2066,\nLow)\n\nRed Hat would like to thank Neil Brown for reporting CVE-2010-1084, and Dan\nRosenberg for reporting CVE-2010-2226 and CVE-2010-2066.\n\nThis update also fixes several bugs. Documentation for these bug fixes will\nbe available shortly from the Technical Notes document linked to in the\nReferences.\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. The system must be rebooted for this\nupdate to take effect.\n", "modified": "2017-09-08T11:53:32", "published": "2010-08-10T04:00:00", "id": "RHSA-2010:0610", "href": "https://access.redhat.com/errata/RHSA-2010:0610", "type": "redhat", "title": "(RHSA-2010:0610) Important: kernel security and bug fix update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T14:35:08", "bulletinFamily": "unix", "description": "FreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently. These packages provide both the FreeType 1 and FreeType 2 font\nengines.\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed font files. If a user loaded a carefully-crafted font file with\nan application linked against FreeType, it could cause the application to\ncrash or, possibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the FreeType demo applications.\nIf a user loaded a carefully-crafted font file with a demo application, it\ncould cause the application to crash or, possibly, execute arbitrary code\nwith the privileges of the user running the application. (CVE-2010-2527,\nCVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team for\nthe discovery of the CVE-2010-2500 and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2 font\nengine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect.\n", "modified": "2018-05-26T04:26:18", "published": "2010-07-30T04:00:00", "id": "RHSA-2010:0577", "href": "https://access.redhat.com/errata/RHSA-2010:0577", "type": "redhat", "title": "(RHSA-2010:0577) Important: freetype security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T14:34:52", "bulletinFamily": "unix", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for\nthe standard Red Hat Enterprise Linux kernel.\n\nIt was found that QEMU-KVM on the host did not validate all pointers\nprovided from a guest system's QXL graphics card driver. A privileged guest\nuser could use this flaw to cause the host to dereference an invalid\npointer, causing the guest to crash (denial of service) or, possibly,\nresulting in the privileged guest user escalating their privileges on the\nhost. (CVE-2010-0431)\n\nA flaw was found in QEMU-KVM, allowing the guest some control over the\nindex used to access the callback array during sub-page MMIO\ninitialization. A privileged guest user could use this flaw to crash the\nguest (denial of service) or, possibly, escalate their privileges on the\nhost. (CVE-2010-2784)\n\nA NULL pointer dereference flaw was found when the host system had a\nprocessor with the Intel VT-x extension enabled. A privileged guest user\ncould use this flaw to trick the host into emulating a certain instruction,\nwhich could crash the host (denial of service). (CVE-2010-0435)\n\nThis update also fixes the following bugs:\n\n* running a \"qemu-img\" check on a faulty virtual machine image ended with a\nsegmentation fault. With this update, the segmentation fault no longer\noccurs when running the \"qemu-img\" check. (BZ#610342)\n\n* when attempting to transfer a file between two guests that were joined in\nthe same virtual LAN (VLAN), the receiving guest unexpectedly quit. With\nthis update, the transfer completes successfully. (BZ#610343)\n\n* installation of a system was occasionally failing in KVM. This was caused\nby KVM using wrong permissions for large guest pages. With this update, the\ninstallation completes successfully. (BZ#616796)\n\n* previously, the migration process would fail for a virtual machine\nbecause the virtual machine could not map all the memory. This was caused\nby a conflict that was initiated when a virtual machine was initially run\nand then migrated right away. With this update, the conflict no longer\noccurs and the migration process no longer fails. (BZ#618205)\n\n* using a thinly provisioned VirtIO disk on iSCSI storage and performing a\n\"qemu-img\" check during an \"e_no_space\" event returned cluster errors. With\nthis update, the errors no longer appear. (BZ#618206)\n\nAll KVM users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. Note: The procedure in the\nSolution section must be performed before this update will take effect.\n", "modified": "2017-09-08T12:20:05", "published": "2010-08-19T04:00:00", "id": "RHSA-2010:0627", "href": "https://access.redhat.com/errata/RHSA-2010:0627", "type": "redhat", "title": "(RHSA-2010:0627) Important: kvm security and bug fix update", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T14:34:39", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* a flaw was found in the CIFSSMBWrite() function in the Linux kernel\nCommon Internet File System (CIFS) implementation. A remote attacker could\nsend a specially-crafted SMB response packet to a target CIFS client,\nresulting in a kernel panic (denial of service). (CVE-2010-2248, Important)\n\n* buffer overflow flaws were found in the Linux kernel's implementation of\nthe server-side External Data Representation (XDR) for the Network File\nSystem (NFS) version 4. An attacker on the local network could send a\nspecially-crafted large compound request to the NFSv4 server, which could\npossibly result in a kernel panic (denial of service) or, potentially, code\nexecution. (CVE-2010-2521, Important)\n\nThis update also fixes the following bug:\n\n* the rpc_call_async() function in the SUN Remote Procedure Call (RPC)\nsubsystem in the Linux kernel had a reference counting bug. In certain\nsituations, some Network Lock Manager (NLM) messages may have triggered\nthis bug on NFSv2 and NFSv3 servers, leading to a kernel panic (with\n\"kernel BUG at fs/lockd/host.c:[xxx]!\" logged to \"/var/log/messages\").\n(BZ#612962)\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. The system must be rebooted for this\nupdate to take effect.\n", "modified": "2017-09-08T12:20:13", "published": "2010-08-05T04:00:00", "id": "RHSA-2010:0606", "href": "https://access.redhat.com/errata/RHSA-2010:0606", "type": "redhat", "title": "(RHSA-2010:0606) Important: kernel security and bug fix update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:35:54", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2010-0578", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122337", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122337", "title": "Oracle Linux Local Check: ELSA-2010-0578", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2010-0578.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122337\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:17:02 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2010-0578\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2010-0578\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2010-0578.html\");\n script_cve_id(\"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.2.1~25.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.2.1~25.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.2.1~25.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-02T10:54:32", "bulletinFamily": "scanner", "description": "Check for the Version of freetype", "modified": "2017-12-22T00:00:00", "published": "2010-08-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870300", "id": "OPENVAS:870300", "title": "RedHat Update for freetype RHSA-2010:0578-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for freetype RHSA-2010:0578-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide\n both the FreeType 1 and FreeType 2 font engines. The freetype packages for\n Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\n An invalid memory management flaw was found in the way the FreeType font\n engine processed font files. If a user loaded a carefully-crafted font file\n with an application linked against FreeType, it could cause the application\n to crash or, possibly, execute arbitrary code with the privileges of the\n user running the application. (CVE-2010-2498)\n \n An integer overflow flaw was found in the way the FreeType font engine\n processed font files. If a user loaded a carefully-crafted font file with\n an application linked against FreeType, it could cause the application to\n crash or, possibly, execute arbitrary code with the privileges of the user\n running the application. (CVE-2010-2500)\n \n Several buffer overflow flaws were found in the way the FreeType font\n engine processed font files. If a user loaded a carefully-crafted font file\n with an application linked against FreeType, it could cause the application\n to crash or, possibly, execute arbitrary code with the privileges of the\n user running the application. (CVE-2010-2499, CVE-2010-2519)\n \n Several buffer overflow flaws were found in the FreeType demo applications.\n If a user loaded a carefully-crafted font file with a demo application, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2527,\n CVE-2010-2541)\n \n Red Hat would like to thank Robert Swiecki of the Google Security Team for\n the discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499,\n CVE-2010-2519, and CVE-2010-2527 issues.\n \n Note: All of the issues in this erratum only affect the FreeType 2 font\n engine.\n \n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\";\n\ntag_affected = \"freetype on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-July/msg00026.html\");\n script_id(870300);\n script_version(\"$Revision: 8226 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 07:30:26 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-02 12:38:17 +0200 (Mon, 02 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2010:0578-01\");\n script_cve_id(\"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_name(\"RedHat Update for freetype RHSA-2010:0578-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.2.1~25.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.2.1~25.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.2.1~25.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.2.1~25.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.9~14.el4.8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.1.9~14.el4.8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.9~14.el4.8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.9~14.el4.8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.9~14.el4.8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:39", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880576", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880576", "title": "CentOS Update for freetype CESA-2010:0578 centos5 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freetype CESA-2010:0578 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2010-August/016855.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880576\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2010:0578\");\n script_cve_id(\"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_name(\"CentOS Update for freetype CESA-2010:0578 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'freetype'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"freetype on CentOS 5\");\n script_tag(name:\"insight\", value:\"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide\n both the FreeType 1 and FreeType 2 font engines. The freetype packages for\n Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\n An invalid memory management flaw was found in the way the FreeType font\n engine processed font files. If a user loaded a carefully-crafted font file\n with an application linked against FreeType, it could cause the application\n to crash or, possibly, execute arbitrary code with the privileges of the\n user running the application. (CVE-2010-2498)\n\n An integer overflow flaw was found in the way the FreeType font engine\n processed font files. If a user loaded a carefully-crafted font file with\n an application linked against FreeType, it could cause the application to\n crash or, possibly, execute arbitrary code with the privileges of the user\n running the application. (CVE-2010-2500)\n\n Several buffer overflow flaws were found in the way the FreeType font\n engine processed font files. If a user loaded a carefully-crafted font file\n with an application linked against FreeType, it could cause the application\n to crash or, possibly, execute arbitrary code with the privileges of the\n user running the application. (CVE-2010-2499, CVE-2010-2519)\n\n Several buffer overflow flaws were found in the FreeType demo applications.\n If a user loaded a carefully-crafted font file with a demo application, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2527,\n CVE-2010-2541)\n\n Red Hat would like to thank Robert Swiecki of the Google Security Team for\n the discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499,\n CVE-2010-2519, and CVE-2010-2527 issues.\n\n Note: All of the issues in this erratum only affect the FreeType 2 font\n engine.\n\n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.2.1~25.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.2.1~25.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.2.1~25.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:55:53", "bulletinFamily": "scanner", "description": "Check for the Version of freetype", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880576", "id": "OPENVAS:880576", "title": "CentOS Update for freetype CESA-2010:0578 centos5 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freetype CESA-2010:0578 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide\n both the FreeType 1 and FreeType 2 font engines. The freetype packages for\n Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\n An invalid memory management flaw was found in the way the FreeType font\n engine processed font files. If a user loaded a carefully-crafted font file\n with an application linked against FreeType, it could cause the application\n to crash or, possibly, execute arbitrary code with the privileges of the\n user running the application. (CVE-2010-2498)\n \n An integer overflow flaw was found in the way the FreeType font engine\n processed font files. If a user loaded a carefully-crafted font file with\n an application linked against FreeType, it could cause the application to\n crash or, possibly, execute arbitrary code with the privileges of the user\n running the application. (CVE-2010-2500)\n \n Several buffer overflow flaws were found in the way the FreeType font\n engine processed font files. If a user loaded a carefully-crafted font file\n with an application linked against FreeType, it could cause the application\n to crash or, possibly, execute arbitrary code with the privileges of the\n user running the application. (CVE-2010-2499, CVE-2010-2519)\n \n Several buffer overflow flaws were found in the FreeType demo applications.\n If a user loaded a carefully-crafted font file with a demo application, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2527,\n CVE-2010-2541)\n \n Red Hat would like to thank Robert Swiecki of the Google Security Team for\n the discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499,\n CVE-2010-2519, and CVE-2010-2527 issues.\n \n Note: All of the issues in this erratum only affect the FreeType 2 font\n engine.\n \n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"freetype on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-August/016855.html\");\n script_id(880576);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2010:0578\");\n script_cve_id(\"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_name(\"CentOS Update for freetype CESA-2010:0578 centos5 i386\");\n\n script_summary(\"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.2.1~25.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.2.1~25.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.2.1~25.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-22T13:05:55", "bulletinFamily": "scanner", "description": "Check for the Version of freetype", "modified": "2018-01-22T00:00:00", "published": "2010-08-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870300", "id": "OPENVAS:1361412562310870300", "title": "RedHat Update for freetype RHSA-2010:0578-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for freetype RHSA-2010:0578-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide\n both the FreeType 1 and FreeType 2 font engines. The freetype packages for\n Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\n An invalid memory management flaw was found in the way the FreeType font\n engine processed font files. If a user loaded a carefully-crafted font file\n with an application linked against FreeType, it could cause the application\n to crash or, possibly, execute arbitrary code with the privileges of the\n user running the application. (CVE-2010-2498)\n \n An integer overflow flaw was found in the way the FreeType font engine\n processed font files. If a user loaded a carefully-crafted font file with\n an application linked against FreeType, it could cause the application to\n crash or, possibly, execute arbitrary code with the privileges of the user\n running the application. (CVE-2010-2500)\n \n Several buffer overflow flaws were found in the way the FreeType font\n engine processed font files. If a user loaded a carefully-crafted font file\n with an application linked against FreeType, it could cause the application\n to crash or, possibly, execute arbitrary code with the privileges of the\n user running the application. (CVE-2010-2499, CVE-2010-2519)\n \n Several buffer overflow flaws were found in the FreeType demo applications.\n If a user loaded a carefully-crafted font file with a demo application, it\n could cause the application to crash or, possibly, execute arbitrary code\n with the privileges of the user running the application. (CVE-2010-2527,\n CVE-2010-2541)\n \n Red Hat would like to thank Robert Swiecki of the Google Security Team for\n the discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499,\n CVE-2010-2519, and CVE-2010-2527 issues.\n \n Note: All of the issues in this erratum only affect the FreeType 2 font\n engine.\n \n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\";\n\ntag_affected = \"freetype on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-July/msg00026.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870300\");\n script_version(\"$Revision: 8485 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 08:57:57 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-02 12:38:17 +0200 (Mon, 02 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2010:0578-01\");\n script_cve_id(\"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_name(\"RedHat Update for freetype RHSA-2010:0578-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.2.1~25.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.2.1~25.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.2.1~25.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.2.1~25.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.9~14.el4.8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.1.9~14.el4.8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.9~14.el4.8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.9~14.el4.8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.9~14.el4.8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:47", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880569", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880569", "title": "CentOS Update for kernel CESA-2010:0610 centos5 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2010:0610 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2010-August/016890.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880569\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2010:0610\");\n script_cve_id(\"CVE-2010-1084\", \"CVE-2010-2066\", \"CVE-2010-2070\", \"CVE-2010-2226\",\n \"CVE-2010-2248\", \"CVE-2010-2521\", \"CVE-2010-2524\", \"CVE-2006-0742\");\n script_name(\"CentOS Update for kernel CESA-2010:0610 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"kernel on CentOS 5\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n\n * instances of unsafe sprintf() use were found in the Linux kernel\n Bluetooth implementation. Creating a large number of Bluetooth L2CAP, SCO,\n or RFCOMM sockets could result in arbitrary memory pages being overwritten.\n A local, unprivileged user could use this flaw to cause a kernel panic\n (denial of service) or escalate their privileges. (CVE-2010-1084,\n Important)\n\n * a flaw was found in the Xen hypervisor implementation when using the\n Intel Itanium architecture, allowing guests to enter an unsupported state.\n An unprivileged guest user could trigger this flaw by setting the BE (Big\n Endian) bit of the Processor Status Register (PSR), leading to the guest\n crashing (denial of service). (CVE-2010-2070, Important)\n\n * a flaw was found in the CIFSSMBWrite() function in the Linux kernel\n Common Internet File System (CIFS) implementation. A remote attacker could\n send a specially-crafted SMB response packet to a target CIFS client,\n resulting in a kernel panic (denial of service). (CVE-2010-2248, Important)\n\n * buffer overflow flaws were found in the Linux kernel's implementation of\n the server-side External Data Representation (XDR) for the Network File\n System (NFS) version 4. An attacker on the local network could send a\n specially-crafted large compound request to the NFSv4 server, which could\n possibly result in a kernel panic (denial of service) or, potentially, code\n execution. (CVE-2010-2521, Important)\n\n * a flaw was found in the handling of the SWAPEXT IOCTL in the Linux kernel\n XFS file system implementation. A local user could use this flaw to read\n write-only files, that they do not own, on an XFS file system. This could\n lead to unintended information disclosure. (CVE-2010-2226, Moderate)\n\n * a flaw was found in the dns_resolver upcall used by CIFS. A local,\n unprivileged user could redirect a Microsoft Distributed File System link\n to another IP address, tricking the client into mounting the share from a\n server of the user's choosing. (CVE-2010-2524, Moderate)\n\n * a missing check was found in the mext_check_arguments() function in the\n ext4 file system code. A local user could use this flaw to cause the\n MOVE_EXT IOCTL to overwrite the contents of an append-only file on an ext4\n file system, if they have write permissions for that file. (CVE-2010-2066,\n Low)\n\n Red Hat would like to thank Neil Brown for reporting CVE-2010-1084, and Dan\n Rosenberg for reporting CVE-2010-2226 and CVE-2010-2 ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~194.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~194.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~194.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~194.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~194.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~194.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~194.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~194.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~194.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~194.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:55:22", "bulletinFamily": "scanner", "description": "Check for the Version of kernel", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880569", "id": "OPENVAS:880569", "title": "CentOS Update for kernel CESA-2010:0610 centos5 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2010:0610 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n \n * instances of unsafe sprintf() use were found in the Linux kernel\n Bluetooth implementation. Creating a large number of Bluetooth L2CAP, SCO,\n or RFCOMM sockets could result in arbitrary memory pages being overwritten.\n A local, unprivileged user could use this flaw to cause a kernel panic\n (denial of service) or escalate their privileges. (CVE-2010-1084,\n Important)\n \n * a flaw was found in the Xen hypervisor implementation when using the\n Intel Itanium architecture, allowing guests to enter an unsupported state.\n An unprivileged guest user could trigger this flaw by setting the BE (Big\n Endian) bit of the Processor Status Register (PSR), leading to the guest\n crashing (denial of service). (CVE-2010-2070, Important)\n \n * a flaw was found in the CIFSSMBWrite() function in the Linux kernel\n Common Internet File System (CIFS) implementation. A remote attacker could\n send a specially-crafted SMB response packet to a target CIFS client,\n resulting in a kernel panic (denial of service). (CVE-2010-2248, Important)\n \n * buffer overflow flaws were found in the Linux kernel's implementation of\n the server-side External Data Representation (XDR) for the Network File\n System (NFS) version 4. An attacker on the local network could send a\n specially-crafted large compound request to the NFSv4 server, which could\n possibly result in a kernel panic (denial of service) or, potentially, code\n execution. (CVE-2010-2521, Important)\n \n * a flaw was found in the handling of the SWAPEXT IOCTL in the Linux kernel\n XFS file system implementation. A local user could use this flaw to read\n write-only files, that they do not own, on an XFS file system. This could\n lead to unintended information disclosure. (CVE-2010-2226, Moderate)\n \n * a flaw was found in the dns_resolver upcall used by CIFS. A local,\n unprivileged user could redirect a Microsoft Distributed File System link\n to another IP address, tricking the client into mounting the share from a\n server of the user's choosing. (CVE-2010-2524, Moderate)\n \n * a missing check was found in the mext_check_arguments() function in the\n ext4 file system code. A local user could use this flaw to cause the\n MOVE_EXT IOCTL to overwrite the contents of an append-only file on an ext4\n file system, if they have write permissions for that file. (CVE-2010-2066,\n Low)\n \n Red Hat would like to thank Neil Brown for reporting CVE-2010-1084, and Dan\n Rosenberg for reporting CVE-2010-2226 and CVE-2010-2 ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"kernel on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-August/016890.html\");\n script_id(880569);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2010:0610\");\n script_cve_id(\"CVE-2010-1084\", \"CVE-2010-2066\", \"CVE-2010-2070\", \"CVE-2010-2226\",\n \"CVE-2010-2248\", \"CVE-2010-2521\", \"CVE-2010-2524\", \"CVE-2006-0742\");\n script_name(\"CentOS Update for kernel CESA-2010:0610 centos5 i386\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~194.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~194.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~194.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~194.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~194.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~194.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~194.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~194.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~194.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~194.11.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-15T11:58:07", "bulletinFamily": "scanner", "description": "Check for the Version of kernel", "modified": "2017-12-15T00:00:00", "published": "2010-08-13T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870308", "id": "OPENVAS:870308", "title": "RedHat Update for kernel RHSA-2010:0610-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2010:0610-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n \n * instances of unsafe sprintf() use were found in the Linux kernel\n Bluetooth implementation. Creating a large number of Bluetooth L2CAP, SCO,\n or RFCOMM sockets could result in arbitrary memory pages being overwritten.\n A local, unprivileged user could use this flaw to cause a kernel panic\n (denial of service) or escalate their privileges. (CVE-2010-1084,\n Important)\n \n * a flaw was found in the Xen hypervisor implementation when using the\n Intel Itanium architecture, allowing guests to enter an unsupported state.\n An unprivileged guest user could trigger this flaw by setting the BE (Big\n Endian) bit of the Processor Status Register (PSR), leading to the guest\n crashing (denial of service). (CVE-2010-2070, Important)\n \n * a flaw was found in the CIFSSMBWrite() function in the Linux kernel\n Common Internet File System (CIFS) implementation. A remote attacker could\n send a specially-crafted SMB response packet to a target CIFS client,\n resulting in a kernel panic (denial of service). (CVE-2010-2248, Important)\n \n * buffer overflow flaws were found in the Linux kernel's implementation of\n the server-side External Data Representation (XDR) for the Network File\n System (NFS) version 4. An attacker on the local network could send a\n specially-crafted large compound request to the NFSv4 server, which could\n possibly result in a kernel panic (denial of service) or, potentially, code\n execution. (CVE-2010-2521, Important)\n \n * a flaw was found in the handling of the SWAPEXT IOCTL in the Linux kernel\n XFS file system implementation. A local user could use this flaw to read\n write-only files, that they do not own, on an XFS file system. This could\n lead to unintended information disclosure. (CVE-2010-2226, Moderate)\n \n * a flaw was found in the dns_resolver upcall used by CIFS. A local,\n unprivileged user could redirect a Microsoft Distributed File System link\n to another IP address, tricking the client into mounting the share from a\n server of the user's choosing. (CVE-2010-2524, Moderate)\n \n * a missing check was found in the mext_check_arguments() function in the\n ext4 file system code. A local user could use this flaw to cause the\n MOVE_EXT IOCTL to overwrite the contents of an append-only file on an ext4\n file system, if they have write permissions for that file. (CVE-2010-2066,\n Low)\n \n Red Hat would like to thank Neil Brown for reporting CVE-2010-1084, and Dan\n Rosenberg for reportin ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"kernel on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-August/msg00012.html\");\n script_id(870308);\n script_version(\"$Revision: 8130 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-15 07:31:09 +0100 (Fri, 15 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-13 14:24:53 +0200 (Fri, 13 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2010:0610-01\");\n script_cve_id(\"CVE-2010-1084\", \"CVE-2010-2066\", \"CVE-2010-2070\", \"CVE-2010-2226\", \"CVE-2010-2248\", \"CVE-2010-2521\", \"CVE-2010-2524\", \"CVE-2006-0742\");\n script_name(\"RedHat Update for kernel RHSA-2010:0610-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:35:55", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2010-0610", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122332", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122332", "title": "Oracle Linux Local Check: ELSA-2010-0610", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2010-0610.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122332\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:16:57 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2010-0610\");\n script_tag(name:\"insight\", value:\"ELSA-2010-0610 - kernel security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2010-0610\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2010-0610.html\");\n script_cve_id(\"CVE-2010-1084\", \"CVE-2010-2066\", \"CVE-2010-2070\", \"CVE-2010-2226\", \"CVE-2010-2248\", \"CVE-2010-2521\", \"CVE-2010-2524\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~194.11.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~194.11.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~194.11.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~194.11.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~194.11.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~194.11.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~194.11.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~194.11.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~194.11.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~194.11.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~194.11.1.0.1.el5~1.4.7~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~194.11.1.0.1.el5PAE~1.4.7~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~194.11.1.0.1.el5debug~1.4.7~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~194.11.1.0.1.el5xen~1.4.7~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~194.11.1.0.1.el5~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~194.11.1.0.1.el5PAE~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~194.11.1.0.1.el5debug~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~194.11.1.0.1.el5xen~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-06T13:05:08", "bulletinFamily": "scanner", "description": "Check for the Version of kernel", "modified": "2018-01-04T00:00:00", "published": "2010-08-13T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870308", "id": "OPENVAS:1361412562310870308", "type": "openvas", "title": "RedHat Update for kernel RHSA-2010:0610-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2010:0610-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n \n * instances of unsafe sprintf() use were found in the Linux kernel\n Bluetooth implementation. Creating a large number of Bluetooth L2CAP, SCO,\n or RFCOMM sockets could result in arbitrary memory pages being overwritten.\n A local, unprivileged user could use this flaw to cause a kernel panic\n (denial of service) or escalate their privileges. (CVE-2010-1084,\n Important)\n \n * a flaw was found in the Xen hypervisor implementation when using the\n Intel Itanium architecture, allowing guests to enter an unsupported state.\n An unprivileged guest user could trigger this flaw by setting the BE (Big\n Endian) bit of the Processor Status Register (PSR), leading to the guest\n crashing (denial of service). (CVE-2010-2070, Important)\n \n * a flaw was found in the CIFSSMBWrite() function in the Linux kernel\n Common Internet File System (CIFS) implementation. A remote attacker could\n send a specially-crafted SMB response packet to a target CIFS client,\n resulting in a kernel panic (denial of service). (CVE-2010-2248, Important)\n \n * buffer overflow flaws were found in the Linux kernel's implementation of\n the server-side External Data Representation (XDR) for the Network File\n System (NFS) version 4. An attacker on the local network could send a\n specially-crafted large compound request to the NFSv4 server, which could\n possibly result in a kernel panic (denial of service) or, potentially, code\n execution. (CVE-2010-2521, Important)\n \n * a flaw was found in the handling of the SWAPEXT IOCTL in the Linux kernel\n XFS file system implementation. A local user could use this flaw to read\n write-only files, that they do not own, on an XFS file system. This could\n lead to unintended information disclosure. (CVE-2010-2226, Moderate)\n \n * a flaw was found in the dns_resolver upcall used by CIFS. A local,\n unprivileged user could redirect a Microsoft Distributed File System link\n to another IP address, tricking the client into mounting the share from a\n server of the user's choosing. (CVE-2010-2524, Moderate)\n \n * a missing check was found in the mext_check_arguments() function in the\n ext4 file system code. A local user could use this flaw to cause the\n MOVE_EXT IOCTL to overwrite the contents of an append-only file on an ext4\n file system, if they have write permissions for that file. (CVE-2010-2066,\n Low)\n \n Red Hat would like to thank Neil Brown for reporting CVE-2010-1084, and Dan\n Rosenberg for reportin ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"kernel on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-August/msg00012.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870308\");\n script_version(\"$Revision: 8287 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 08:28:11 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-13 14:24:53 +0200 (Fri, 13 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2010:0610-01\");\n script_cve_id(\"CVE-2010-1084\", \"CVE-2010-2066\", \"CVE-2010-2070\", \"CVE-2010-2226\", \"CVE-2010-2248\", \"CVE-2010-2521\", \"CVE-2010-2524\", \"CVE-2006-0742\");\n script_name(\"RedHat Update for kernel RHSA-2010:0610-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~194.11.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-02-21T01:17:15", "bulletinFamily": "scanner", "description": "An invalid memory management flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2498)\n\nAn integer overflow flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2499, CVE-2010-2519)\n\nSeveral buffer overflow flaws were found in the FreeType demo applications. If a user loaded a carefully-crafted font file with a demo application, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2527, CVE-2010-2541)\n\nNote: All of the issues in this erratum only affect the FreeType 2 font engine.\n\nUsers are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.\n\nFile List", "modified": "2019-01-02T00:00:00", "id": "SL_20100730_FREETYPE_FOR_SL4.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60825", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : freetype for SL4 , SL5", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60825);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/01/02 10:36:43\");\n\n script_cve_id(\"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n\n script_name(english:\"Scientific Linux Security Update : freetype for SL4 , SL5\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An invalid memory management flaw was found in the way the FreeType\nfont engine processed font files. If a user loaded a carefully-crafted\nfont file with an application linked against FreeType, it could cause\nthe application to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2498)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed font files. If a user loaded a carefully-crafted font file\nwith an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the way the FreeType font\nengine processed font files. If a user loaded a carefully-crafted font\nfile with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2499,\nCVE-2010-2519)\n\nSeveral buffer overflow flaws were found in the FreeType demo\napplications. If a user loaded a carefully-crafted font file with a\ndemo application, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2527, CVE-2010-2541)\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\n\nFile List\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1007&L=scientific-linux-errata&T=0&P=3474\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a2ba5fda\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"freetype-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"freetype-debuginfo-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"freetype-demos-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"freetype-devel-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"freetype-utils-2.1.9-14.el4.8\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"freetype-2.2.1-25.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"freetype-debuginfo-2.2.1-25.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"freetype-demos-2.2.1-25.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"freetype-devel-2.2.1-25.el5_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:19:27", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2010:0578 :\n\nUpdated freetype packages that fix various security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\nAn invalid memory management flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2498)\n\nAn integer overflow flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2499, CVE-2010-2519)\n\nSeveral buffer overflow flaws were found in the FreeType demo applications. If a user loaded a carefully-crafted font file with a demo application, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2527, CVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team for the discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499, CVE-2010-2519, and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2 font engine.\n\nUsers are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.", "modified": "2018-07-18T00:00:00", "id": "ORACLELINUX_ELSA-2010-0578.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68075", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 / 5 : freetype (ELSA-2010-0578)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0578 and \n# Oracle Linux Security Advisory ELSA-2010-0578 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68075);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_bugtraq_id(60740, 60750);\n script_xref(name:\"RHSA\", value:\"2010:0578\");\n\n script_name(english:\"Oracle Linux 4 / 5 : freetype (ELSA-2010-0578)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0578 :\n\nUpdated freetype packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. The freetype packages for Red Hat Enterprise Linux\n4 provide both the FreeType 1 and FreeType 2 font engines. The\nfreetype packages for Red Hat Enterprise Linux 5 provide only the\nFreeType 2 font engine.\n\nAn invalid memory management flaw was found in the way the FreeType\nfont engine processed font files. If a user loaded a carefully-crafted\nfont file with an application linked against FreeType, it could cause\nthe application to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2498)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed font files. If a user loaded a carefully-crafted font file\nwith an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the way the FreeType font\nengine processed font files. If a user loaded a carefully-crafted font\nfile with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2499,\nCVE-2010-2519)\n\nSeveral buffer overflow flaws were found in the FreeType demo\napplications. If a user loaded a carefully-crafted font file with a\ndemo application, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2527, CVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team\nfor the discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499,\nCVE-2010-2519, and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-July/001572.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-July/001573.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"freetype-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"freetype-demos-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"freetype-devel-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"freetype-utils-2.1.9-14.el4.8\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"freetype-2.2.1-25.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"freetype-demos-2.2.1-25.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"freetype-devel-2.2.1-25.el5_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-demos / freetype-devel / freetype-utils\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:13:41", "bulletinFamily": "scanner", "description": "Updated freetype packages that fix various security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\nAn invalid memory management flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2498)\n\nAn integer overflow flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2499, CVE-2010-2519)\n\nSeveral buffer overflow flaws were found in the FreeType demo applications. If a user loaded a carefully-crafted font file with a demo application, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2527, CVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team for the discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499, CVE-2010-2519, and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2 font engine.\n\nUsers are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.", "modified": "2018-11-28T00:00:00", "id": "REDHAT-RHSA-2010-0578.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=48212", "published": "2010-08-02T00:00:00", "title": "RHEL 4 / 5 : freetype (RHSA-2010:0578)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0578. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(48212);\n script_version (\"1.20\");\n script_cvs_date(\"Date: 2018/11/28 11:42:04\");\n\n script_cve_id(\"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_bugtraq_id(60740, 60750);\n script_xref(name:\"RHSA\", value:\"2010:0578\");\n\n script_name(english:\"RHEL 4 / 5 : freetype (RHSA-2010:0578)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freetype packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. The freetype packages for Red Hat Enterprise Linux\n4 provide both the FreeType 1 and FreeType 2 font engines. The\nfreetype packages for Red Hat Enterprise Linux 5 provide only the\nFreeType 2 font engine.\n\nAn invalid memory management flaw was found in the way the FreeType\nfont engine processed font files. If a user loaded a carefully-crafted\nfont file with an application linked against FreeType, it could cause\nthe application to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2498)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed font files. If a user loaded a carefully-crafted font file\nwith an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the way the FreeType font\nengine processed font files. If a user loaded a carefully-crafted font\nfile with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2499,\nCVE-2010-2519)\n\nSeveral buffer overflow flaws were found in the FreeType demo\napplications. If a user loaded a carefully-crafted font file with a\ndemo application, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2527, CVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team\nfor the discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499,\nCVE-2010-2519, and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2498\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2499\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2500\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2527\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2541\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0578\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0578\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"freetype-2.1.9-14.el4.8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"freetype-demos-2.1.9-14.el4.8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"freetype-devel-2.1.9-14.el4.8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"freetype-utils-2.1.9-14.el4.8\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"freetype-2.2.1-25.el5_5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"freetype-demos-2.2.1-25.el5_5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"freetype-demos-2.2.1-25.el5_5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"freetype-demos-2.2.1-25.el5_5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"freetype-devel-2.2.1-25.el5_5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-demos / freetype-devel / freetype-utils\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:13:41", "bulletinFamily": "scanner", "description": "Updated freetype packages that fix various security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\nAn invalid memory management flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2498)\n\nAn integer overflow flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2499, CVE-2010-2519)\n\nSeveral buffer overflow flaws were found in the FreeType demo applications. If a user loaded a carefully-crafted font file with a demo application, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2527, CVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team for the discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499, CVE-2010-2519, and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2 font engine.\n\nUsers are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2010-0578.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=48217", "published": "2010-08-03T00:00:00", "title": "CentOS 4 / 5 : freetype (CESA-2010:0578)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0578 and \n# CentOS Errata and Security Advisory 2010:0578 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(48217);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/10 11:49:29\");\n\n script_cve_id(\"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2527\", \"CVE-2010-2541\");\n script_bugtraq_id(60740, 60750);\n script_xref(name:\"RHSA\", value:\"2010:0578\");\n\n script_name(english:\"CentOS 4 / 5 : freetype (CESA-2010:0578)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freetype packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently. The freetype packages for Red Hat Enterprise Linux\n4 provide both the FreeType 1 and FreeType 2 font engines. The\nfreetype packages for Red Hat Enterprise Linux 5 provide only the\nFreeType 2 font engine.\n\nAn invalid memory management flaw was found in the way the FreeType\nfont engine processed font files. If a user loaded a carefully-crafted\nfont file with an application linked against FreeType, it could cause\nthe application to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2498)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed font files. If a user loaded a carefully-crafted font file\nwith an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the way the FreeType font\nengine processed font files. If a user loaded a carefully-crafted font\nfile with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2010-2499,\nCVE-2010-2519)\n\nSeveral buffer overflow flaws were found in the FreeType demo\napplications. If a user loaded a carefully-crafted font file with a\ndemo application, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2527, CVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team\nfor the discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499,\nCVE-2010-2519, and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2\nfont engine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016854.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b9d2110d\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016855.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eb8b8ddf\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016884.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b78c705f\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016885.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fecd5c92\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"freetype-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"freetype-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"freetype-demos-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"freetype-demos-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"freetype-devel-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"freetype-devel-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"freetype-utils-2.1.9-14.el4.8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"freetype-utils-2.1.9-14.el4.8\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"freetype-2.2.1-25.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"freetype-demos-2.2.1-25.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"freetype-devel-2.2.1-25.el5_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:17:15", "bulletinFamily": "scanner", "description": "This update fixes the following security issues :\n\n - instances of unsafe sprintf() use were found in the Linux kernel Bluetooth implementation. Creating a large number of Bluetooth L2CAP, SCO, or RFCOMM sockets could result in arbitrary memory pages being overwritten. A local, unprivileged user could use this flaw to cause a kernel panic (denial of service) or escalate their privileges. (CVE-2010-1084, Important)\n\n - a flaw was found in the Xen hypervisor implementation when using the Intel Itanium architecture, allowing guests to enter an unsupported state. An unprivileged guest user could trigger this flaw by setting the BE (Big Endian) bit of the Processor Status Register (PSR), leading to the guest crashing (denial of service).\n (CVE-2010-2070, Important)\n\n - a flaw was found in the CIFSSMBWrite() function in the Linux kernel Common Internet File System (CIFS) implementation. A remote attacker could send a specially crafted SMB response packet to a target CIFS client, resulting in a kernel panic (denial of service).\n (CVE-2010-2248, Important)\n\n - buffer overflow flaws were found in the Linux kernel's implementation of the server-side External Data Representation (XDR) for the Network File System (NFS) version 4. An attacker on the local network could send a specially crafted large compound request to the NFSv4 server, which could possibly result in a kernel panic (denial of service) or, potentially, code execution.\n (CVE-2010-2521, Important)\n\n - a flaw was found in the handling of the SWAPEXT IOCTL in the Linux kernel XFS file system implementation. A local user could use this flaw to read write-only files, that they do not own, on an XFS file system. This could lead to unintended information disclosure. (CVE-2010-2226, Moderate)\n\n - a flaw was found in the dns_resolver upcall used by CIFS. A local, unprivileged user could redirect a Microsoft Distributed File System link to another IP address, tricking the client into mounting the share from a server of the user's choosing. (CVE-2010-2524, Moderate)\n\n - a missing check was found in the mext_check_arguments() function in the ext4 file system code. A local user could use this flaw to cause the MOVE_EXT IOCTL to overwrite the contents of an append-only file on an ext4 file system, if they have write permissions for that file. (CVE-2010-2066, Low)\n\nThe system must be rebooted for this update to take effect.", "modified": "2019-01-02T00:00:00", "id": "SL_20100810_KERNEL_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60834", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : kernel on SL5.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60834);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/01/02 10:36:43\");\n\n script_cve_id(\"CVE-2010-1084\", \"CVE-2010-2066\", \"CVE-2010-2070\", \"CVE-2010-2226\", \"CVE-2010-2248\", \"CVE-2010-2521\", \"CVE-2010-2524\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issues :\n\n - instances of unsafe sprintf() use were found in the\n Linux kernel Bluetooth implementation. Creating a large\n number of Bluetooth L2CAP, SCO, or RFCOMM sockets could\n result in arbitrary memory pages being overwritten. A\n local, unprivileged user could use this flaw to cause a\n kernel panic (denial of service) or escalate their\n privileges. (CVE-2010-1084, Important)\n\n - a flaw was found in the Xen hypervisor implementation\n when using the Intel Itanium architecture, allowing\n guests to enter an unsupported state. An unprivileged\n guest user could trigger this flaw by setting the BE\n (Big Endian) bit of the Processor Status Register (PSR),\n leading to the guest crashing (denial of service).\n (CVE-2010-2070, Important)\n\n - a flaw was found in the CIFSSMBWrite() function in the\n Linux kernel Common Internet File System (CIFS)\n implementation. A remote attacker could send a specially\n crafted SMB response packet to a target CIFS client,\n resulting in a kernel panic (denial of service).\n (CVE-2010-2248, Important)\n\n - buffer overflow flaws were found in the Linux kernel's\n implementation of the server-side External Data\n Representation (XDR) for the Network File System (NFS)\n version 4. An attacker on the local network could send a\n specially crafted large compound request to the NFSv4\n server, which could possibly result in a kernel panic\n (denial of service) or, potentially, code execution.\n (CVE-2010-2521, Important)\n\n - a flaw was found in the handling of the SWAPEXT IOCTL in\n the Linux kernel XFS file system implementation. A local\n user could use this flaw to read write-only files, that\n they do not own, on an XFS file system. This could lead\n to unintended information disclosure. (CVE-2010-2226,\n Moderate)\n\n - a flaw was found in the dns_resolver upcall used by\n CIFS. A local, unprivileged user could redirect a\n Microsoft Distributed File System link to another IP\n address, tricking the client into mounting the share\n from a server of the user's choosing. (CVE-2010-2524,\n Moderate)\n\n - a missing check was found in the mext_check_arguments()\n function in the ext4 file system code. A local user\n could use this flaw to cause the MOVE_EXT IOCTL to\n overwrite the contents of an append-only file on an ext4\n file system, if they have write permissions for that\n file. (CVE-2010-2066, Low)\n\nThe system must be rebooted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1008&L=scientific-linux-errata&T=0&P=1311\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3643a0ed\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"kernel-2.6.18-194.11.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-194.11.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-194.11.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debug-2.6.18-194.11.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debug-devel-2.6.18-194.11.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-devel-2.6.18-194.11.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-doc-2.6.18-194.11.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-headers-2.6.18-194.11.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-xen-2.6.18-194.11.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-xen-devel-2.6.18-194.11.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:13:42", "bulletinFamily": "scanner", "description": "Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* instances of unsafe sprintf() use were found in the Linux kernel Bluetooth implementation. Creating a large number of Bluetooth L2CAP, SCO, or RFCOMM sockets could result in arbitrary memory pages being overwritten. A local, unprivileged user could use this flaw to cause a kernel panic (denial of service) or escalate their privileges.\n(CVE-2010-1084, Important)\n\n* a flaw was found in the Xen hypervisor implementation when using the Intel Itanium architecture, allowing guests to enter an unsupported state. An unprivileged guest user could trigger this flaw by setting the BE (Big Endian) bit of the Processor Status Register (PSR), leading to the guest crashing (denial of service). (CVE-2010-2070, Important)\n\n* a flaw was found in the CIFSSMBWrite() function in the Linux kernel Common Internet File System (CIFS) implementation. A remote attacker could send a specially crafted SMB response packet to a target CIFS client, resulting in a kernel panic (denial of service).\n(CVE-2010-2248, Important)\n\n* buffer overflow flaws were found in the Linux kernel's implementation of the server-side External Data Representation (XDR) for the Network File System (NFS) version 4. An attacker on the local network could send a specially crafted large compound request to the NFSv4 server, which could possibly result in a kernel panic (denial of service) or, potentially, code execution. (CVE-2010-2521, Important)\n\n* a flaw was found in the handling of the SWAPEXT IOCTL in the Linux kernel XFS file system implementation. A local user could use this flaw to read write-only files, that they do not own, on an XFS file system. This could lead to unintended information disclosure.\n(CVE-2010-2226, Moderate)\n\n* a flaw was found in the dns_resolver upcall used by CIFS. A local, unprivileged user could redirect a Microsoft Distributed File System link to another IP address, tricking the client into mounting the share from a server of the user's choosing. (CVE-2010-2524, Moderate)\n\n* a missing check was found in the mext_check_arguments() function in the ext4 file system code. A local user could use this flaw to cause the MOVE_EXT IOCTL to overwrite the contents of an append-only file on an ext4 file system, if they have write permissions for that file.\n(CVE-2010-2066, Low)\n\nRed Hat would like to thank Neil Brown for reporting CVE-2010-1084, and Dan Rosenberg for reporting CVE-2010-2226 and CVE-2010-2066.\n\nThis update also fixes several bugs. Documentation for these bug fixes will be available shortly from the Technical Notes document linked to in the References.\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "modified": "2018-12-20T00:00:00", "id": "REDHAT-RHSA-2010-0610.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=48312", "published": "2010-08-12T00:00:00", "title": "RHEL 5 : kernel (RHSA-2010:0610)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0610. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(48312);\n script_version (\"1.19\");\n script_cvs_date(\"Date: 2018/12/20 11:08:45\");\n\n script_cve_id(\"CVE-2010-1084\", \"CVE-2010-2066\", \"CVE-2010-2070\", \"CVE-2010-2226\", \"CVE-2010-2248\", \"CVE-2010-2521\", \"CVE-2010-2524\");\n script_bugtraq_id(38898, 40776, 40920, 41466, 41904, 42242, 42249);\n script_xref(name:\"RHSA\", value:\"2010:0610\");\n\n script_name(english:\"RHEL 5 : kernel (RHSA-2010:0610)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix multiple security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* instances of unsafe sprintf() use were found in the Linux kernel\nBluetooth implementation. Creating a large number of Bluetooth L2CAP,\nSCO, or RFCOMM sockets could result in arbitrary memory pages being\noverwritten. A local, unprivileged user could use this flaw to cause a\nkernel panic (denial of service) or escalate their privileges.\n(CVE-2010-1084, Important)\n\n* a flaw was found in the Xen hypervisor implementation when using the\nIntel Itanium architecture, allowing guests to enter an unsupported\nstate. An unprivileged guest user could trigger this flaw by setting\nthe BE (Big Endian) bit of the Processor Status Register (PSR),\nleading to the guest crashing (denial of service). (CVE-2010-2070,\nImportant)\n\n* a flaw was found in the CIFSSMBWrite() function in the Linux kernel\nCommon Internet File System (CIFS) implementation. A remote attacker\ncould send a specially crafted SMB response packet to a target CIFS\nclient, resulting in a kernel panic (denial of service).\n(CVE-2010-2248, Important)\n\n* buffer overflow flaws were found in the Linux kernel's\nimplementation of the server-side External Data Representation (XDR)\nfor the Network File System (NFS) version 4. An attacker on the local\nnetwork could send a specially crafted large compound request to the\nNFSv4 server, which could possibly result in a kernel panic (denial of\nservice) or, potentially, code execution. (CVE-2010-2521, Important)\n\n* a flaw was found in the handling of the SWAPEXT IOCTL in the Linux\nkernel XFS file system implementation. A local user could use this\nflaw to read write-only files, that they do not own, on an XFS file\nsystem. This could lead to unintended information disclosure.\n(CVE-2010-2226, Moderate)\n\n* a flaw was found in the dns_resolver upcall used by CIFS. A local,\nunprivileged user could redirect a Microsoft Distributed File System\nlink to another IP address, tricking the client into mounting the\nshare from a server of the user's choosing. (CVE-2010-2524, Moderate)\n\n* a missing check was found in the mext_check_arguments() function in\nthe ext4 file system code. A local user could use this flaw to cause\nthe MOVE_EXT IOCTL to overwrite the contents of an append-only file on\nan ext4 file system, if they have write permissions for that file.\n(CVE-2010-2066, Low)\n\nRed Hat would like to thank Neil Brown for reporting CVE-2010-1084,\nand Dan Rosenberg for reporting CVE-2010-2226 and CVE-2010-2066.\n\nThis update also fixes several bugs. Documentation for these bug fixes\nwill be available shortly from the Technical Notes document linked to\nin the References.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2226\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2248\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2521\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2524\"\n );\n # http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?056c0c27\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0610\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0610\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-devel-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-devel-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-devel-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"kernel-doc-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"kernel-headers-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-headers-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-devel-2.6.18-194.11.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.18-194.11.1.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:13:42", "bulletinFamily": "scanner", "description": "Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* instances of unsafe sprintf() use were found in the Linux kernel Bluetooth implementation. Creating a large number of Bluetooth L2CAP, SCO, or RFCOMM sockets could result in arbitrary memory pages being overwritten. A local, unprivileged user could use this flaw to cause a kernel panic (denial of service) or escalate their privileges.\n(CVE-2010-1084, Important)\n\n* a flaw was found in the Xen hypervisor implementation when using the Intel Itanium architecture, allowing guests to enter an unsupported state. An unprivileged guest user could trigger this flaw by setting the BE (Big Endian) bit of the Processor Status Register (PSR), leading to the guest crashing (denial of service). (CVE-2010-2070, Important)\n\n* a flaw was found in the CIFSSMBWrite() function in the Linux kernel Common Internet File System (CIFS) implementation. A remote attacker could send a specially crafted SMB response packet to a target CIFS client, resulting in a kernel panic (denial of service).\n(CVE-2010-2248, Important)\n\n* buffer overflow flaws were found in the Linux kernel's implementation of the server-side External Data Representation (XDR) for the Network File System (NFS) version 4. An attacker on the local network could send a specially crafted large compound request to the NFSv4 server, which could possibly result in a kernel panic (denial of service) or, potentially, code execution. (CVE-2010-2521, Important)\n\n* a flaw was found in the handling of the SWAPEXT IOCTL in the Linux kernel XFS file system implementation. A local user could use this flaw to read write-only files, that they do not own, on an XFS file system. This could lead to unintended information disclosure.\n(CVE-2010-2226, Moderate)\n\n* a flaw was found in the dns_resolver upcall used by CIFS. A local, unprivileged user could redirect a Microsoft Distributed File System link to another IP address, tricking the client into mounting the share from a server of the user's choosing. (CVE-2010-2524, Moderate)\n\n* a missing check was found in the mext_check_arguments() function in the ext4 file system code. A local user could use this flaw to cause the MOVE_EXT IOCTL to overwrite the contents of an append-only file on an ext4 file system, if they have write permissions for that file.\n(CVE-2010-2066, Low)\n\nRed Hat would like to thank Neil Brown for reporting CVE-2010-1084, and Dan Rosenberg for reporting CVE-2010-2226 and CVE-2010-2066.\n\nThis update also fixes several bugs. Documentation for these bug fixes will be available shortly from the Technical Notes document linked to in the References.\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2010-0610.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=48301", "published": "2010-08-12T00:00:00", "title": "CentOS 5 : kernel (CESA-2010:0610)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0610 and \n# CentOS Errata and Security Advisory 2010:0610 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(48301);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/10 11:49:29\");\n\n script_cve_id(\"CVE-2010-1084\", \"CVE-2010-2066\", \"CVE-2010-2070\", \"CVE-2010-2226\", \"CVE-2010-2248\", \"CVE-2010-2521\", \"CVE-2010-2524\");\n script_bugtraq_id(38898, 40776, 40920, 41466, 41904, 42242, 42249);\n script_xref(name:\"RHSA\", value:\"2010:0610\");\n\n script_name(english:\"CentOS 5 : kernel (CESA-2010:0610)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix multiple security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* instances of unsafe sprintf() use were found in the Linux kernel\nBluetooth implementation. Creating a large number of Bluetooth L2CAP,\nSCO, or RFCOMM sockets could result in arbitrary memory pages being\noverwritten. A local, unprivileged user could use this flaw to cause a\nkernel panic (denial of service) or escalate their privileges.\n(CVE-2010-1084, Important)\n\n* a flaw was found in the Xen hypervisor implementation when using the\nIntel Itanium architecture, allowing guests to enter an unsupported\nstate. An unprivileged guest user could trigger this flaw by setting\nthe BE (Big Endian) bit of the Processor Status Register (PSR),\nleading to the guest crashing (denial of service). (CVE-2010-2070,\nImportant)\n\n* a flaw was found in the CIFSSMBWrite() function in the Linux kernel\nCommon Internet File System (CIFS) implementation. A remote attacker\ncould send a specially crafted SMB response packet to a target CIFS\nclient, resulting in a kernel panic (denial of service).\n(CVE-2010-2248, Important)\n\n* buffer overflow flaws were found in the Linux kernel's\nimplementation of the server-side External Data Representation (XDR)\nfor the Network File System (NFS) version 4. An attacker on the local\nnetwork could send a specially crafted large compound request to the\nNFSv4 server, which could possibly result in a kernel panic (denial of\nservice) or, potentially, code execution. (CVE-2010-2521, Important)\n\n* a flaw was found in the handling of the SWAPEXT IOCTL in the Linux\nkernel XFS file system implementation. A local user could use this\nflaw to read write-only files, that they do not own, on an XFS file\nsystem. This could lead to unintended information disclosure.\n(CVE-2010-2226, Moderate)\n\n* a flaw was found in the dns_resolver upcall used by CIFS. A local,\nunprivileged user could redirect a Microsoft Distributed File System\nlink to another IP address, tricking the client into mounting the\nshare from a server of the user's choosing. (CVE-2010-2524, Moderate)\n\n* a missing check was found in the mext_check_arguments() function in\nthe ext4 file system code. A local user could use this flaw to cause\nthe MOVE_EXT IOCTL to overwrite the contents of an append-only file on\nan ext4 file system, if they have write permissions for that file.\n(CVE-2010-2066, Low)\n\nRed Hat would like to thank Neil Brown for reporting CVE-2010-1084,\nand Dan Rosenberg for reporting CVE-2010-2226 and CVE-2010-2066.\n\nThis update also fixes several bugs. Documentation for these bug fixes\nwill be available shortly from the Technical Notes document linked to\nin the References.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016890.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?74c9c2bd\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016891.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?52607eba\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-2.6.18-194.11.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-194.11.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-194.11.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-debug-2.6.18-194.11.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-debug-devel-2.6.18-194.11.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-devel-2.6.18-194.11.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-doc-2.6.18-194.11.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-headers-2.6.18-194.11.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-xen-2.6.18-194.11.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-xen-devel-2.6.18-194.11.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:19:27", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2010:0610 :\n\nUpdated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* instances of unsafe sprintf() use were found in the Linux kernel Bluetooth implementation. Creating a large number of Bluetooth L2CAP, SCO, or RFCOMM sockets could result in arbitrary memory pages being overwritten. A local, unprivileged user could use this flaw to cause a kernel panic (denial of service) or escalate their privileges.\n(CVE-2010-1084, Important)\n\n* a flaw was found in the Xen hypervisor implementation when using the Intel Itanium architecture, allowing guests to enter an unsupported state. An unprivileged guest user could trigger this flaw by setting the BE (Big Endian) bit of the Processor Status Register (PSR), leading to the guest crashing (denial of service). (CVE-2010-2070, Important)\n\n* a flaw was found in the CIFSSMBWrite() function in the Linux kernel Common Internet File System (CIFS) implementation. A remote attacker could send a specially crafted SMB response packet to a target CIFS client, resulting in a kernel panic (denial of service).\n(CVE-2010-2248, Important)\n\n* buffer overflow flaws were found in the Linux kernel's implementation of the server-side External Data Representation (XDR) for the Network File System (NFS) version 4. An attacker on the local network could send a specially crafted large compound request to the NFSv4 server, which could possibly result in a kernel panic (denial of service) or, potentially, code execution. (CVE-2010-2521, Important)\n\n* a flaw was found in the handling of the SWAPEXT IOCTL in the Linux kernel XFS file system implementation. A local user could use this flaw to read write-only files, that they do not own, on an XFS file system. This could lead to unintended information disclosure.\n(CVE-2010-2226, Moderate)\n\n* a flaw was found in the dns_resolver upcall used by CIFS. A local, unprivileged user could redirect a Microsoft Distributed File System link to another IP address, tricking the client into mounting the share from a server of the user's choosing. (CVE-2010-2524, Moderate)\n\n* a missing check was found in the mext_check_arguments() function in the ext4 file system code. A local user could use this flaw to cause the MOVE_EXT IOCTL to overwrite the contents of an append-only file on an ext4 file system, if they have write permissions for that file.\n(CVE-2010-2066, Low)\n\nRed Hat would like to thank Neil Brown for reporting CVE-2010-1084, and Dan Rosenberg for reporting CVE-2010-2226 and CVE-2010-2066.\n\nThis update also fixes several bugs. Documentation for these bug fixes will be available shortly from the Technical Notes document linked to in the References.\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "modified": "2018-07-18T00:00:00", "id": "ORACLELINUX_ELSA-2010-0610.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68081", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 : kernel (ELSA-2010-0610)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0610 and \n# Oracle Linux Security Advisory ELSA-2010-0610 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68081);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2010-1084\", \"CVE-2010-2066\", \"CVE-2010-2070\", \"CVE-2010-2226\", \"CVE-2010-2248\", \"CVE-2010-2521\", \"CVE-2010-2524\");\n script_bugtraq_id(38898, 40776, 40920, 41466, 41904, 42242, 42249);\n script_xref(name:\"RHSA\", value:\"2010:0610\");\n\n script_name(english:\"Oracle Linux 5 : kernel (ELSA-2010-0610)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0610 :\n\nUpdated kernel packages that fix multiple security issues and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* instances of unsafe sprintf() use were found in the Linux kernel\nBluetooth implementation. Creating a large number of Bluetooth L2CAP,\nSCO, or RFCOMM sockets could result in arbitrary memory pages being\noverwritten. A local, unprivileged user could use this flaw to cause a\nkernel panic (denial of service) or escalate their privileges.\n(CVE-2010-1084, Important)\n\n* a flaw was found in the Xen hypervisor implementation when using the\nIntel Itanium architecture, allowing guests to enter an unsupported\nstate. An unprivileged guest user could trigger this flaw by setting\nthe BE (Big Endian) bit of the Processor Status Register (PSR),\nleading to the guest crashing (denial of service). (CVE-2010-2070,\nImportant)\n\n* a flaw was found in the CIFSSMBWrite() function in the Linux kernel\nCommon Internet File System (CIFS) implementation. A remote attacker\ncould send a specially crafted SMB response packet to a target CIFS\nclient, resulting in a kernel panic (denial of service).\n(CVE-2010-2248, Important)\n\n* buffer overflow flaws were found in the Linux kernel's\nimplementation of the server-side External Data Representation (XDR)\nfor the Network File System (NFS) version 4. An attacker on the local\nnetwork could send a specially crafted large compound request to the\nNFSv4 server, which could possibly result in a kernel panic (denial of\nservice) or, potentially, code execution. (CVE-2010-2521, Important)\n\n* a flaw was found in the handling of the SWAPEXT IOCTL in the Linux\nkernel XFS file system implementation. A local user could use this\nflaw to read write-only files, that they do not own, on an XFS file\nsystem. This could lead to unintended information disclosure.\n(CVE-2010-2226, Moderate)\n\n* a flaw was found in the dns_resolver upcall used by CIFS. A local,\nunprivileged user could redirect a Microsoft Distributed File System\nlink to another IP address, tricking the client into mounting the\nshare from a server of the user's choosing. (CVE-2010-2524, Moderate)\n\n* a missing check was found in the mext_check_arguments() function in\nthe ext4 file system code. A local user could use this flaw to cause\nthe MOVE_EXT IOCTL to overwrite the contents of an append-only file on\nan ext4 file system, if they have write permissions for that file.\n(CVE-2010-2066, Low)\n\nRed Hat would like to thank Neil Brown for reporting CVE-2010-1084,\nand Dan Rosenberg for reporting CVE-2010-2226 and CVE-2010-2066.\n\nThis update also fixes several bugs. Documentation for these bug fixes\nwill be available shortly from the Technical Notes document linked to\nin the References.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-August/001596.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-2.6.18-194.11.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-PAE-2.6.18\") && rpm_check(release:\"EL5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-194.11.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-PAE-devel-2.6.18\") && rpm_check(release:\"EL5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-194.11.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-debug-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-debug-2.6.18-194.11.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-debug-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-debug-devel-2.6.18-194.11.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-devel-2.6.18-194.11.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-doc-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-doc-2.6.18-194.11.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-headers-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-headers-2.6.18-194.11.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-xen-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-xen-2.6.18-194.11.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-xen-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-xen-devel-2.6.18-194.11.1.0.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:22:49", "bulletinFamily": "scanner", "description": "Updated rhev-hypervisor packages that fix multiple security issues and two bugs are now available.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe rhev-hypervisor package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions.\n\nIt was found that the libspice component of QEMU-KVM on the host did not validate all pointers provided from a guest system's QXL graphics card driver. A privileged guest user could use this flaw to cause the host to dereference an invalid pointer, causing the guest to crash (denial of service) or, possibly, resulting in the privileged guest user escalating their privileges on the host. (CVE-2010-0428)\n\nIt was found that the libspice component of QEMU-KVM on the host could be forced to perform certain memory management operations on memory addresses controlled by a guest. A privileged guest user could use this flaw to crash the guest (denial of service) or, possibly, escalate their privileges on the host. (CVE-2010-0429)\n\nIt was found that QEMU-KVM on the host did not validate all pointers provided from a guest system's QXL graphics card driver. A privileged guest user could use this flaw to cause the host to dereference an invalid pointer, causing the guest to crash (denial of service) or, possibly, resulting in the privileged guest user escalating their privileges on the host. (CVE-2010-0431)\n\nA flaw was found in QEMU-KVM, allowing the guest some control over the index used to access the callback array during sub-page MMIO initialization. A privileged guest user could use this flaw to crash the guest (denial of service) or, possibly, escalate their privileges on the host. (CVE-2010-2784)\n\nA NULL pointer dereference flaw was found when Red Hat Enterprise Virtualization Hypervisor was run on a system that has a processor with the Intel VT-x extension enabled. A privileged guest user could use this flaw to trick the host into emulating a certain instruction, which could crash the host (denial of service). (CVE-2010-0435)\n\nA flaw was found in the way VDSM accepted SSL connections. An attacker could trigger this flaw by creating a crafted SSL connection to VDSM, preventing VDSM from accepting SSL connections from other users.\n(CVE-2010-2811)\n\nThese updated packages provide updated components that include fixes for security issues; however, these issues have no security impact for Red Hat Enterprise Virtualization Hypervisor. These fixes are for avahi issues CVE-2009-0758 and CVE-2010-2244; freetype issues CVE-2010-1797, CVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519, CVE-2010-2527, and CVE-2010-2541; kernel issues CVE-2010-1084, CVE-2010-2066, CVE-2010-2070, CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, and CVE-2010-2524; and openldap issues CVE-2010-0211 and CVE-2010-0212.\n\nThese updated rhev-hypervisor packages also fix two bugs.\nDocumentation for these bug fixes will be available shortly from http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization_fo r_Servers /2.2/html/Technical_Notes/index.html\n\nAs Red Hat Enterprise Virtualization Hypervisor is based on KVM, the bug fixes from the KVM update RHSA-2010:0627 have been included in this update. Also included are the bug fixes from the VDSM update RHSA-2010:0628.\n\nKVM: https://rhn.redhat.com/errata/RHSA-2010-0627.html VDSM:\nhttps://rhn.redhat.com/errata/RHSA-2010-0628.html\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to these updated rhev-hypervisor packages, which resolve these issues.", "modified": "2018-12-20T00:00:00", "id": "REDHAT-RHSA-2010-0622.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79276", "published": "2014-11-17T00:00:00", "title": "RHEL 5 : rhev-hypervisor (RHSA-2010:0622)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0622. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79276);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/12/20 11:08:45\");\n\n script_cve_id(\"CVE-2010-0428\", \"CVE-2010-0429\", \"CVE-2010-0431\", \"CVE-2010-0435\", \"CVE-2010-2784\", \"CVE-2010-2811\");\n script_bugtraq_id(42580);\n script_xref(name:\"RHSA\", value:\"2010:0622\");\n\n script_name(english:\"RHEL 5 : rhev-hypervisor (RHSA-2010:0622)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated rhev-hypervisor packages that fix multiple security issues and\ntwo bugs are now available.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe rhev-hypervisor package provides a Red Hat Enterprise\nVirtualization Hypervisor ISO disk image. The Red Hat Enterprise\nVirtualization Hypervisor is a dedicated Kernel-based Virtual Machine\n(KVM) hypervisor. It includes everything necessary to run and manage\nvirtual machines: A subset of the Red Hat Enterprise Linux operating\nenvironment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available\nfor the Intel 64 and AMD64 architectures with virtualization\nextensions.\n\nIt was found that the libspice component of QEMU-KVM on the host did\nnot validate all pointers provided from a guest system's QXL graphics\ncard driver. A privileged guest user could use this flaw to cause the\nhost to dereference an invalid pointer, causing the guest to crash\n(denial of service) or, possibly, resulting in the privileged guest\nuser escalating their privileges on the host. (CVE-2010-0428)\n\nIt was found that the libspice component of QEMU-KVM on the host could\nbe forced to perform certain memory management operations on memory\naddresses controlled by a guest. A privileged guest user could use\nthis flaw to crash the guest (denial of service) or, possibly,\nescalate their privileges on the host. (CVE-2010-0429)\n\nIt was found that QEMU-KVM on the host did not validate all pointers\nprovided from a guest system's QXL graphics card driver. A privileged\nguest user could use this flaw to cause the host to dereference an\ninvalid pointer, causing the guest to crash (denial of service) or,\npossibly, resulting in the privileged guest user escalating their\nprivileges on the host. (CVE-2010-0431)\n\nA flaw was found in QEMU-KVM, allowing the guest some control over the\nindex used to access the callback array during sub-page MMIO\ninitialization. A privileged guest user could use this flaw to crash\nthe guest (denial of service) or, possibly, escalate their privileges\non the host. (CVE-2010-2784)\n\nA NULL pointer dereference flaw was found when Red Hat Enterprise\nVirtualization Hypervisor was run on a system that has a processor\nwith the Intel VT-x extension enabled. A privileged guest user could\nuse this flaw to trick the host into emulating a certain instruction,\nwhich could crash the host (denial of service). (CVE-2010-0435)\n\nA flaw was found in the way VDSM accepted SSL connections. An attacker\ncould trigger this flaw by creating a crafted SSL connection to VDSM,\npreventing VDSM from accepting SSL connections from other users.\n(CVE-2010-2811)\n\nThese updated packages provide updated components that include fixes\nfor security issues; however, these issues have no security impact for\nRed Hat Enterprise Virtualization Hypervisor. These fixes are for\navahi issues CVE-2009-0758 and CVE-2010-2244; freetype issues\nCVE-2010-1797, CVE-2010-2498, CVE-2010-2499, CVE-2010-2500,\nCVE-2010-2519, CVE-2010-2527, and CVE-2010-2541; kernel issues\nCVE-2010-1084, CVE-2010-2066, CVE-2010-2070, CVE-2010-2226,\nCVE-2010-2248, CVE-2010-2521, and CVE-2010-2524; and openldap issues\nCVE-2010-0211 and CVE-2010-0212.\n\nThese updated rhev-hypervisor packages also fix two bugs.\nDocumentation for these bug fixes will be available shortly from\nhttp://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization_fo\nr_Servers /2.2/html/Technical_Notes/index.html\n\nAs Red Hat Enterprise Virtualization Hypervisor is based on KVM, the\nbug fixes from the KVM update RHSA-2010:0627 have been included in\nthis update. Also included are the bug fixes from the VDSM update\nRHSA-2010:0628.\n\nKVM: https://rhn.redhat.com/errata/RHSA-2010-0627.html VDSM:\nhttps://rhn.redhat.com/errata/RHSA-2010-0628.html\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to these updated rhev-hypervisor packages, which resolve these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0431\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0435\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2784\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2811\"\n );\n # http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization_for_Servers\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cb2e5a4a\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0622\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected rhev-hypervisor and / or rhev-hypervisor-pxe\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor-pxe\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0622\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"rhev-hypervisor-5.5-2.2.6.1.el5_5rhev2_2\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhev-hypervisor-pxe-5.5-2.2.6.1.el5_5rhev2_2\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rhev-hypervisor / rhev-hypervisor-pxe\");\n }\n}\n", "cvss": {"score": 6.6, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:13:37", "bulletinFamily": "scanner", "description": "Robert Swiecki discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could execute arbitrary code with user privileges.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-28T00:00:00", "id": "UBUNTU_USN-963-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47778", "published": "2010-07-21T00:00:00", "title": "Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : freetype vulnerabilities (USN-963-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-963-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47778);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/11/28 22:47:45\");\n\n script_cve_id(\"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\", \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2527\");\n script_bugtraq_id(41663, 60750);\n script_xref(name:\"USN\", value:\"963-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : freetype vulnerabilities (USN-963-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Robert Swiecki discovered that FreeType did not correctly handle\ncertain malformed font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could execute arbitrary\ncode with user privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/963-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected freetype2-demos, libfreetype6 and / or\nlibfreetype6-dev packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:freetype2-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libfreetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libfreetype6-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2018 Canonical, Inc. / NASL script (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|8\\.04|9\\.04|9\\.10|10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 8.04 / 9.04 / 9.10 / 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"freetype2-demos\", pkgver:\"2.1.10-1ubuntu2.7\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libfreetype6\", pkgver:\"2.1.10-1ubuntu2.7\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libfreetype6-dev\", pkgver:\"2.1.10-1ubuntu2.7\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"freetype2-demos\", pkgver:\"2.3.5-1ubuntu4.8.04.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libfreetype6\", pkgver:\"2.3.5-1ubuntu4.8.04.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libfreetype6-dev\", pkgver:\"2.3.5-1ubuntu4.8.04.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"freetype2-demos\", pkgver:\"2.3.9-4ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libfreetype6\", pkgver:\"2.3.9-4ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libfreetype6-dev\", pkgver:\"2.3.9-4ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"freetype2-demos\", pkgver:\"2.3.9-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libfreetype6\", pkgver:\"2.3.9-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libfreetype6-dev\", pkgver:\"2.3.9-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"freetype2-demos\", pkgver:\"2.3.11-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libfreetype6\", pkgver:\"2.3.11-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libfreetype6-dev\", pkgver:\"2.3.11-1ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype2-demos / libfreetype6 / libfreetype6-dev\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:46", "bulletinFamily": "unix", "description": "[2.2.1-25]\n- Add freetype-2.2.1-axis-name-overflow.patch\n (Avoid overflow when dealing with names of axes)\n- Resolves: #614012\n[2.2.1-24]\n- Modify freetype-2.2.1-CVE-2010-2519.patch (additional fix)\n (If the type of the POST fragment is 0, the segment is completely ignored)\n- Resolves: #614012\n[2.2.1-23]\n- Add freetype-2.2.1-CVE-2010-2527.patch\n (Use precision for '%s' where appropriate to avoid buffer overflows)\n- Resolves: #614012\n[2.2.1-22]\n- Add freetype-2.2.1-CVE-2010-2498.patch\n (Assure that 'end_point' is not larger than 'glyph->num_points')\n- Add freetype-2.2.1-CVE-2010-2499.patch\n (Check the buffer size during gathering PFB fragments)\n- Add freetype-2.2.1-CVE-2010-2500.patch\n (Use smaller threshold values for 'width' and 'height')\n- Add freetype-2.2.1-CVE-2010-2519.patch\n (Check 'rlen' the length of fragment declared in the POST fragment header)\n- Resolves: #614012 ", "modified": "2010-07-30T00:00:00", "published": "2010-07-30T00:00:00", "id": "ELSA-2010-0578", "href": "http://linux.oracle.com/errata/ELSA-2010-0578.html", "title": "freetype security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:27", "bulletinFamily": "unix", "description": "[2.6.18-194.11.1.0.1.el5]\n- [xen] check to see if hypervisor supports memory reservation change\n (Chuck Anderson) [orabug 7556514]\n- Add entropy support to igb (John Sobecki) [orabug 7607479]\n- [nfs] convert ENETUNREACH to ENOTCONN [orabug 7689332]\n- [NET] Add xen pv/bonding netconsole support (Tina Yang) [orabug 6993043]\n [bz 7258]\n- [mm] shrink_zone patch (John Sobecki,Chris Mason) [orabug 6086839]\n- fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042]\n- [nfsd] fix failure of file creation from hpux client (Wen gang Wang)\n [orabug 7579314]\n- [qla] fix qla not to query hccr (Guru Anbalagane) [Orabug 8746702]\n- [net] bonding: fix xen+bonding+netconsole panic issue (Joe Jin) [orabug 9504524]\n- [rds] Patch rds to 1.4.2-14 (Andy Grover) [orabug 9471572, 9344105]\n RDS: Fix BUG_ONs to not fire when in a tasklet\n ipoib: Fix lockup of the tx queue\n RDS: Do not call set_page_dirty() with irqs off (Sherman Pun)\n RDS: Properly unmap when getting a remote access error (Tina Yang)\n RDS: Fix locking in rds_send_drop_to()\n- [mm] Enhance shrink_zone patch allow full swap utilization, and also be\n NUMA-aware (John Sobecki, Chris Mason, Herbert van den Bergh)\n [orabug 9245919]\n- [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) \n [orabug 9107465]\n- [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) \n [orabug 9764220]\n- Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615]\n- fix overcommit memory to use percpu_counter for el5 (KOSAKI Motohiro, \n Guru Anbalagane) [orabug 6124033]\n[2.6.18-194.11.1.el5]\n- [scsi] qla2xxx: update firmware to version 5.03.02 (Chad Dupuis) [613688 598946]\n[2.6.18-194.10.1.el5]\n- [fs] xfs: don't let swapext operate on write-only files (Jiri Pirko) [605160 605161] {CVE-2010-2226}\n- [fs] nfs: fix bug in nfsd4 read_buf (Jiri Olsa) [612034 612035] {CVE-2010-2521}\n- [fs] cifs: reject DNS upcall add_key req from userspace (Jeff Layton) [612170 612171] {CVE-2010-2524}\n- [security] keys: new key flag for add_key from userspace (Jeff Layton) [612170 612171] {CVE-2010-2524}\n- [message] mptsas: fix disk add failing due to timeout (Rob Evers) [612539 542892]\n- [block] cfq-iosched: fix bad locking in changed_ioprio (Jeff Moyer) [607483 582435]\n- [block] cfq-iosched: kill cfq_exit_lock (Jeff Moyer) [607483 582435]\n- [fs] cifs: fix kernel BUG with remote OS/2 server (Jeff Layton) [608587 608588] {CVE-2010-2248}\n- [net] bluetooth: fix possible bad memory access via sysfs (Mauro Carvalho Chehab) [576020 576021] {CVE-2010-1084}\n- [net] tcp: fix rcv mss estimate for lro (Stanislaw Gruszka) [613900 593801]\n- [net] cnic: fix panic when nl msg rcvd when device down (Stanislaw Gruszka) [615260 595862]\n[2.6.18-194.9.1.el5]\n- [xen] ia64: unset be from the task psr (Andrew Jones) [587475 587477] {CVE-2010-2070}\n- [fs] ext4: MOVE_EXT can't overwrite append-only files (Eric Sandeen) [601007 601008] {CVE-2010-2066}\n- [pci] acpiphp: fix missing acpiphp_glue_exit (Prarit Bhargava) [607486 515556]", "modified": "2010-08-10T00:00:00", "published": "2010-08-10T00:00:00", "id": "ELSA-2010-0610", "href": "http://linux.oracle.com/errata/ELSA-2010-0610.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:30", "bulletinFamily": "unix", "description": "[kvm-83-164.0.1.el5_5.21]\n- Added kvm-add-oracle-workaround-for-libvirt-bug.patch\n- Added kvm-Introduce-oel-machine-type.patch\n[kvm-83-164.el5_5.21]\n- kvm-Fix-segfault-in-mmio-subpage-handling-code.patch [bz#619412]\n- Resolves: bz#619412\n (CVE-2010-2784 qemu: insufficient constraints checking in exec.c:subpage_register() [rhel-5.5.z])\n[kvm-83-164.el5_5.20]\n- kvm-virtio-net-correct-packet-length-checks.patch [bz#610343]\n- Resolves: bz#610343\n (Virtio: Transfer file caused guest in same vlan abnormally quit)\n[kvm-83-164.el5_5.19]\n- kvm-qcow2-Fix-qemu-img-check-segfault-on-corrupted-image.patch [bz#610342]\n- kvm-qcow2-Don-t-try-to-check-tables-that-couldn-t-be-loa.patch [bz#610342]\n- kvm-qemu-img-check-Distinguish-different-kinds-of-errors.patch [bz#618206]\n- kvm-qcow2-Change-check-to-distinguish-error-cases.patch [bz#618206]\n- Resolves: bz#610342\n ([kvm] segmentation fault when running qemu-img check on faulty image)\n- Resolves: bz#618206\n ([kvm] qemu image check returns cluster errors when using virtIO block (thinly provisioned) during e_no_space events (along with EIO errors))\n[kvm-83-164.el5_5.18]\n- kvm-New-slots-need-dirty-tracking-enabled-when-migrating.patch [bz#618205]\n- Resolves: bz#618205\n (SPICE - race in KVM/Spice would cause migration to fail (slots are not registered properly?))\n[kvm-83-164.el5_5.17]\n- kvm-kernel-KVM-MMU-fix-conflict-access-permissions-in-direct-sp.patch [bz#616796]\n- Resolves: bz#616796\n (KVM uses wrong permissions for large guest pages)\n[kvm-83-164.el5_5.16]\n- kvm-kernel-fix-null-pointer-dereference.patch [bz#570531]\n - Resolves: bz#570531\n - CVE: CVE-2010-0435\n- kvm-qemu-fix-unsafe-ring-handling.patch [bz#568816]\n - Resolves: bz#568816\n - CVE: CVE-2010-0431 ", "modified": "2010-08-19T00:00:00", "published": "2010-08-19T00:00:00", "id": "ELSA-2010-0627", "href": "http://linux.oracle.com/errata/ELSA-2010-0627.html", "title": "kvm security and bug fix update", "type": "oraclelinux", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:48", "bulletinFamily": "unix", "description": "[2.1.4-15.el3]\n- Add freetype-2.1.4-axis-name-overflow.patch\n (Avoid overflow when dealing with names of axes)\n- Resolves: #614014\n[2.1.4-14.el3]\n- Add freetype-2.1.4-CVE-2010-2527.patch\n (Use precision for '%s' where appropriate to avoid buffer overflows)\n- Resolves: #614014\n[2.1.4-13.el3]\n- Add freetype-2.1.4-CVE-2010-2500.patch\n (Use smaller threshold values for 'width' and 'height')\n- Resolves: #614014", "modified": "2010-07-30T00:00:00", "published": "2010-07-30T00:00:00", "id": "ELSA-2010-0577", "href": "http://linux.oracle.com/errata/ELSA-2010-0577.html", "title": "freetype security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-07-07T12:43:44", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2010:0578\n\n\nFreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently. The freetype packages for Red Hat Enterprise Linux 4 provide\nboth the FreeType 1 and FreeType 2 font engines. The freetype packages for\nRed Hat Enterprise Linux 5 provide only the FreeType 2 font engine.\n\nAn invalid memory management flaw was found in the way the FreeType font\nengine processed font files. If a user loaded a carefully-crafted font file\nwith an application linked against FreeType, it could cause the application\nto crash or, possibly, execute arbitrary code with the privileges of the\nuser running the application. (CVE-2010-2498)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed font files. If a user loaded a carefully-crafted font file with\nan application linked against FreeType, it could cause the application to\ncrash or, possibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the way the FreeType font\nengine processed font files. If a user loaded a carefully-crafted font file\nwith an application linked against FreeType, it could cause the application\nto crash or, possibly, execute arbitrary code with the privileges of the\nuser running the application. (CVE-2010-2499, CVE-2010-2519)\n\nSeveral buffer overflow flaws were found in the FreeType demo applications.\nIf a user loaded a carefully-crafted font file with a demo application, it\ncould cause the application to crash or, possibly, execute arbitrary code\nwith the privileges of the user running the application. (CVE-2010-2527,\nCVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team for\nthe discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499,\nCVE-2010-2519, and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2 font\nengine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/016854.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/016855.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/016884.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/016885.html\n\n**Affected packages:**\nfreetype\nfreetype-demos\nfreetype-devel\nfreetype-utils\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0578.html", "modified": "2010-08-06T19:26:41", "published": "2010-08-02T20:36:19", "href": "http://lists.centos.org/pipermail/centos-announce/2010-August/016854.html", "id": "CESA-2010:0578", "title": "freetype security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:22", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2010:0610\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* instances of unsafe sprintf() use were found in the Linux kernel\nBluetooth implementation. Creating a large number of Bluetooth L2CAP, SCO,\nor RFCOMM sockets could result in arbitrary memory pages being overwritten.\nA local, unprivileged user could use this flaw to cause a kernel panic\n(denial of service) or escalate their privileges. (CVE-2010-1084,\nImportant)\n\n* a flaw was found in the Xen hypervisor implementation when using the\nIntel Itanium architecture, allowing guests to enter an unsupported state.\nAn unprivileged guest user could trigger this flaw by setting the BE (Big\nEndian) bit of the Processor Status Register (PSR), leading to the guest\ncrashing (denial of service). (CVE-2010-2070, Important)\n\n* a flaw was found in the CIFSSMBWrite() function in the Linux kernel\nCommon Internet File System (CIFS) implementation. A remote attacker could\nsend a specially-crafted SMB response packet to a target CIFS client,\nresulting in a kernel panic (denial of service). (CVE-2010-2248, Important)\n\n* buffer overflow flaws were found in the Linux kernel's implementation of\nthe server-side External Data Representation (XDR) for the Network File\nSystem (NFS) version 4. An attacker on the local network could send a\nspecially-crafted large compound request to the NFSv4 server, which could\npossibly result in a kernel panic (denial of service) or, potentially, code\nexecution. (CVE-2010-2521, Important)\n\n* a flaw was found in the handling of the SWAPEXT IOCTL in the Linux kernel\nXFS file system implementation. A local user could use this flaw to read\nwrite-only files, that they do not own, on an XFS file system. This could\nlead to unintended information disclosure. (CVE-2010-2226, Moderate)\n\n* a flaw was found in the dns_resolver upcall used by CIFS. A local,\nunprivileged user could redirect a Microsoft Distributed File System link\nto another IP address, tricking the client into mounting the share from a\nserver of the user's choosing. (CVE-2010-2524, Moderate)\n\n* a missing check was found in the mext_check_arguments() function in the\next4 file system code. A local user could use this flaw to cause the\nMOVE_EXT IOCTL to overwrite the contents of an append-only file on an ext4\nfile system, if they have write permissions for that file. (CVE-2010-2066,\nLow)\n\nRed Hat would like to thank Neil Brown for reporting CVE-2010-1084, and Dan\nRosenberg for reporting CVE-2010-2226 and CVE-2010-2066.\n\nThis update also fixes several bugs. Documentation for these bug fixes will\nbe available shortly from the Technical Notes document linked to in the\nReferences.\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. The system must be rebooted for this\nupdate to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/016890.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/016891.html\n\n**Affected packages:**\nkernel\nkernel-PAE\nkernel-PAE-devel\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-xen\nkernel-xen-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0610.html", "modified": "2010-08-11T08:16:14", "published": "2010-08-11T08:16:13", "href": "http://lists.centos.org/pipermail/centos-announce/2010-August/016890.html", "id": "CESA-2010:0610", "title": "kernel security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:29", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2010:0577\n\n\nFreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently. These packages provide both the FreeType 1 and FreeType 2 font\nengines.\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed font files. If a user loaded a carefully-crafted font file with\nan application linked against FreeType, it could cause the application to\ncrash or, possibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-2500)\n\nSeveral buffer overflow flaws were found in the FreeType demo applications.\nIf a user loaded a carefully-crafted font file with a demo application, it\ncould cause the application to crash or, possibly, execute arbitrary code\nwith the privileges of the user running the application. (CVE-2010-2527,\nCVE-2010-2541)\n\nRed Hat would like to thank Robert Swiecki of the Google Security Team for\nthe discovery of the CVE-2010-2500 and CVE-2010-2527 issues.\n\nNote: All of the issues in this erratum only affect the FreeType 2 font\nengine.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/016920.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/016921.html\n\n**Affected packages:**\nfreetype\nfreetype-demos\nfreetype-devel\nfreetype-utils\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0577.html", "modified": "2010-08-16T17:21:24", "published": "2010-08-16T17:19:51", "href": "http://lists.centos.org/pipermail/centos-announce/2010-August/016920.html", "id": "CESA-2010:0577", "title": "freetype security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:01", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2010:0627\n\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for\nthe standard Red Hat Enterprise Linux kernel.\n\nIt was found that QEMU-KVM on the host did not validate all pointers\nprovided from a guest system's QXL graphics card driver. A privileged guest\nuser could use this flaw to cause the host to dereference an invalid\npointer, causing the guest to crash (denial of service) or, possibly,\nresulting in the privileged guest user escalating their privileges on the\nhost. (CVE-2010-0431)\n\nA flaw was found in QEMU-KVM, allowing the guest some control over the\nindex used to access the callback array during sub-page MMIO\ninitialization. A privileged guest user could use this flaw to crash the\nguest (denial of service) or, possibly, escalate their privileges on the\nhost. (CVE-2010-2784)\n\nA NULL pointer dereference flaw was found when the host system had a\nprocessor with the Intel VT-x extension enabled. A privileged guest user\ncould use this flaw to trick the host into emulating a certain instruction,\nwhich could crash the host (denial of service). (CVE-2010-0435)\n\nThis update also fixes the following bugs:\n\n* running a \"qemu-img\" check on a faulty virtual machine image ended with a\nsegmentation fault. With this update, the segmentation fault no longer\noccurs when running the \"qemu-img\" check. (BZ#610342)\n\n* when attempting to transfer a file between two guests that were joined in\nthe same virtual LAN (VLAN), the receiving guest unexpectedly quit. With\nthis update, the transfer completes successfully. (BZ#610343)\n\n* installation of a system was occasionally failing in KVM. This was caused\nby KVM using wrong permissions for large guest pages. With this update, the\ninstallation completes successfully. (BZ#616796)\n\n* previously, the migration process would fail for a virtual machine\nbecause the virtual machine could not map all the memory. This was caused\nby a conflict that was initiated when a virtual machine was initially run\nand then migrated right away. With this update, the conflict no longer\noccurs and the migration process no longer fails. (BZ#618205)\n\n* using a thinly provisioned VirtIO disk on iSCSI storage and performing a\n\"qemu-img\" check during an \"e_no_space\" event returned cluster errors. With\nthis update, the errors no longer appear. (BZ#618206)\n\nAll KVM users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. Note: The procedure in the\nSolution section must be performed before this update will take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/016954.html\n\n**Affected packages:**\nkmod-kvm\nkvm\nkvm-qemu-img\nkvm-tools\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0627.html", "modified": "2010-08-27T11:11:15", "published": "2010-08-27T11:11:15", "href": "http://lists.centos.org/pipermail/centos-announce/2010-August/016954.html", "id": "CESA-2010:0627", "title": "kmod, kvm security update", "type": "centos", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2019-05-29T17:22:16", "bulletinFamily": "unix", "description": "Robert \u015awi\u0119cki discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could execute arbitrary code with user privileges.", "modified": "2010-07-20T00:00:00", "published": "2010-07-20T00:00:00", "id": "USN-963-1", "href": "https://usn.ubuntu.com/963-1/", "title": "FreeType vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2019-05-29T18:10:28", "bulletinFamily": "NVD", "description": "The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNS packet with an invalid checksum followed by a DNS packet with a valid checksum, a different vulnerability than CVE-2008-5081.", "modified": "2011-03-07T05:00:00", "id": "CVE-2010-2244", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2244", "published": "2010-07-08T12:54:00", "title": "CVE-2010-2244", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:10:28", "bulletinFamily": "NVD", "description": "arch/ia64/xen/faults.c in Xen 3.4 and 4.0 in Linux kernel 2.6.18, and possibly other kernel versions, when running on IA-64 architectures, allows local users to cause a denial of service and \"turn on BE by modifying the user mask of the PSR,\" as demonstrated via exploitation of CVE-2006-0742.", "modified": "2018-10-10T19:58:00", "id": "CVE-2010-2070", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2070", "published": "2010-06-16T20:30:00", "title": "CVE-2010-2070", "type": "cve", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:10:28", "bulletinFamily": "NVD", "description": "Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LaserWriter PS font file with an embedded PFB fragment.", "modified": "2012-12-19T04:28:00", "id": "CVE-2010-2499", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2499", "published": "2010-08-19T18:00:00", "title": "CVE-2010-2499", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:10:28", "bulletinFamily": "NVD", "description": "The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write access and obtain read access by swapping one file into another file.", "modified": "2018-10-10T19:59:00", "id": "CVE-2010-2226", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2226", "published": "2010-09-03T20:00:00", "title": "CVE-2010-2226", "type": "cve", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:10:28", "bulletinFamily": "NVD", "description": "The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted font file that triggers an invalid free operation.", "modified": "2012-12-19T04:28:00", "id": "CVE-2010-2498", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2498", "published": "2010-08-19T18:00:00", "title": "CVE-2010-2498", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:10:28", "bulletinFamily": "NVD", "description": "Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.", "modified": "2012-12-19T04:28:00", "id": "CVE-2010-2500", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2500", "published": "2010-08-19T18:00:00", "title": "CVE-2010-2500", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:10:29", "bulletinFamily": "NVD", "description": "Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization (RHEV) 2.2 does not properly accept TCP connections for SSL sessions, which allows remote attackers to cause a denial of service (daemon outage) via crafted SSL traffic.", "modified": "2010-08-25T04:00:00", "id": "CVE-2010-2811", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2811", "published": "2010-08-24T18:00:00", "title": "CVE-2010-2811", "type": "cve", "cvss": {"score": 5.7, "vector": "AV:A/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:10:28", "bulletinFamily": "NVD", "description": "Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.", "modified": "2012-12-19T04:28:00", "id": "CVE-2010-2541", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2541", "published": "2010-08-19T18:00:00", "title": "CVE-2010-2541", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:10:28", "bulletinFamily": "NVD", "description": "The mext_check_arguments function in fs/ext4/move_extent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a MOVE_EXT ioctl call that specifies this file as a donor.", "modified": "2018-10-10T19:58:00", "id": "CVE-2010-2066", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2066", "published": "2010-09-08T20:00:00", "title": "CVE-2010-2066", "type": "cve", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:10:28", "bulletinFamily": "NVD", "description": "fs/cifs/cifssmb.c in the CIFS implementation in the Linux kernel before 2.6.34-rc4 allows remote attackers to cause a denial of service (panic) via an SMB response packet with an invalid CountHigh value, as demonstrated by a response from an OS/2 server, related to the CIFSSMBWrite and CIFSSMBWrite2 functions.", "modified": "2018-10-10T19:59:00", "id": "CVE-2010-2248", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2248", "published": "2010-09-07T17:00:00", "title": "CVE-2010-2248", "type": "cve", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "f5": [{"lastseen": "2016-03-19T09:01:54", "bulletinFamily": "software", "description": "**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nRecommended Action\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2015-07-23T00:00:00", "published": "2015-04-22T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/400/sol16477.html", "id": "SOL16477", "title": "SOL16477 - Linux kernel vulnerability CVE-2010-2524", "type": "f5", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:35", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2070-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nJuly 14, 2010 http://www.debian.org/security/faq\r\n- ------------------------------------------------------------------------\r\n\r\nPackage : freetype\r\nVulnerability : several\r\nProblem type : local&#40;remote&#41;\r\nDebian-specific: no\r\nCVE Id&#40;s&#41; : CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 CVE-2010-2520 CVE-2010-2527\r\n\r\nRobert Swiecki discovered several vulnerabilities in the FreeType font \r\nlibrary, which could lead to the execution of arbitrary code if a\r\nmalformed font file is processed.\r\n\r\nAlso, several buffer overflows were found in the included demo programs.\r\n\r\n\r\nFor the stable distribution &#40;lenny&#41;, these problems have been fixed in\r\nversion 2.3.7-2+lenny2.\r\n\r\nFor the unstable distribution &#40;sid&#41;, these problems have been fixed in\r\nversion 2.4.0-1.\r\n\r\nWe recommend that you upgrade your freetype packages.\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 5.0 alias lenny\r\n- --------------------------------\r\n\r\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny2.dsc\r\n Size/MD5 checksum: 1219 a5930e5dfa3757bed045a67b7ef0e3e2\r\n http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7.orig.tar.gz\r\n Size/MD5 checksum: 1567540 c1a9f44fde316470176fd6d66af3a0e8\r\n http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny2.diff.gz\r\n Size/MD5 checksum: 36156 f1cb13247588b40f8f6c9d232df7efde\r\n\r\nalpha architecture &#40;DEC Alpha&#41;\r\n\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_alpha.deb\r\n Size/MD5 checksum: 775180 d9d1a2680550113aab5a5aa23998458e\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_alpha.deb\r\n Size/MD5 checksum: 411954 63d800f83bd77f18b9307cd77b5cfd1d\r\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_alpha.deb\r\n Size/MD5 checksum: 253784 b95be0af80d58e4e0818dd9b66447d9e\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_alpha.udeb\r\n Size/MD5 checksum: 296564 6e080492ee03692588c5953b36bade6d\r\n\r\namd64 architecture &#40;AMD x86_64 &#40;AMD64&#41;&#41;\r\n\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_amd64.udeb\r\n Size/MD5 checksum: 269680 4c9e6efc6c36f0867c74dde033b97ac8\r\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_amd64.deb\r\n Size/MD5 checksum: 223010 5b9c55fc8ef35251ccdc3c1d22b13edd\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_amd64.deb\r\n Size/MD5 checksum: 713084 b5933f78399f7d690f786fb7f04d1eca\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_amd64.deb\r\n Size/MD5 checksum: 385600 741877f101eef1dd6f77aead47ddbba1\r\n\r\narm architecture &#40;ARM&#41;\r\n\r\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_arm.deb\r\n Size/MD5 checksum: 205134 624b8b38b6cea2d569c70a18a5f78934\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_arm.udeb\r\n Size/MD5 checksum: 242180 d7c5020f9cb5417378b80571bc2eccd4\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_arm.deb\r\n Size/MD5 checksum: 686080 a12f9cb0b5f76071ed204cfdcc571cd5\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_arm.deb\r\n Size/MD5 checksum: 356996 ff79207089cce445fa6d0514156f12cf\r\n\r\narmel architecture &#40;ARM EABI&#41;\r\n\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_armel.deb\r\n Size/MD5 checksum: 684278 7654ae1ba45138f11c53da2acce6055c\r\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_armel.deb\r\n Size/MD5 checksum: 210040 2d05fa53273572a89c81c9085a291fee\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_armel.udeb\r\n Size/MD5 checksum: 236524 727d731977efad369b51fdc28d42bade\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_armel.deb\r\n Size/MD5 checksum: 353412 0bd84857e81e20c777cfaa5cf75532f2\r\n\r\nhppa architecture &#40;HP PA RISC&#41;\r\n\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_hppa.deb\r\n Size/MD5 checksum: 390130 633e25d7f8c8c618d9bae093ccb82ce3\r\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_hppa.deb\r\n Size/MD5 checksum: 226818 cddac3930a33e08d60652f33c9a74951\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_hppa.deb\r\n Size/MD5 checksum: 724826 9b77d359086e5379ded04c10e2acd20e\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_hppa.udeb\r\n Size/MD5 checksum: 273756 4e144120db5dcbf29368b95a783e55ca\r\n\r\ni386 architecture &#40;Intel ia32&#41;\r\n\r\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_i386.deb\r\n Size/MD5 checksum: 198154 db88552ea82caf3939e7b0cf50aaacd6\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_i386.deb\r\n Size/MD5 checksum: 369100 303fa098f2a6ae9b96dda6911f0bd7fb\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_i386.deb\r\n Size/MD5 checksum: 681856 df21b1a3835e262d844f60f9da27b279\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_i386.udeb\r\n Size/MD5 checksum: 254120 bfb155340e5d588d06f09901b508661b\r\n\r\nia64 architecture &#40;Intel ia64&#41;\r\n\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_ia64.deb\r\n Size/MD5 checksum: 530172 3eb3af7df07000f3f77046c21476d336\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_ia64.udeb\r\n Size/MD5 checksum: 415500 a7790020bc8e89e29d22ba21de275386\r\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_ia64.deb\r\n Size/MD5 checksum: 331586 c0c579a4f47c6239c33cf1b139850d1c\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_ia64.deb\r\n Size/MD5 checksum: 876158 52006540c63793635d2dcac9f8179dbf\r\n\r\nmips architecture &#40;MIPS &#40;Big Endian&#41;&#41;\r\n\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_mips.deb\r\n Size/MD5 checksum: 716244 e62cde7460caa83b189326abbe6a5347\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_mips.deb\r\n Size/MD5 checksum: 370118 606f0b24f3694f40eb5331e8d74c4f3b\r\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_mips.deb\r\n Size/MD5 checksum: 215180 33b08b6b36a20501276e657c3613701e\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_mips.udeb\r\n Size/MD5 checksum: 253874 fe4977d926f17b3cbc338ea9926fec40\r\n\r\nmipsel architecture &#40;MIPS &#40;Little Endian&#41;&#41;\r\n\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_mipsel.udeb\r\n Size/MD5 checksum: 254212 58be71c203785b01889176e8b028afac\r\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_mipsel.deb\r\n Size/MD5 checksum: 215322 f376b04c5b8450a03b7299a86cc4a586\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_mipsel.deb\r\n Size/MD5 checksum: 369756 412a79e35817f664f76dcaab0df63a59\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_mipsel.deb\r\n Size/MD5 checksum: 716552 3bc89b0f776eaaf3fcd5ec8f6373b599\r\n\r\npowerpc architecture &#40;PowerPC&#41;\r\n\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_powerpc.deb\r\n Size/MD5 checksum: 379634 a6f5c6e8ff755639559e55973ec1074d\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_powerpc.deb\r\n Size/MD5 checksum: 708420 6596bcb33887463503ad0507b216e4ed\r\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_powerpc.deb\r\n Size/MD5 checksum: 233050 40ee5ec08547be283b808d3afd5f97ba\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_powerpc.udeb\r\n Size/MD5 checksum: 262690 ed1fff07f9e2f763ca481b2f8599e4af\r\n\r\ns390 architecture &#40;IBM S/390&#41;\r\n\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_s390.deb\r\n Size/MD5 checksum: 383824 3fbd3dc038b0ac35b961a964cb1147e6\r\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_s390.deb\r\n Size/MD5 checksum: 225144 04291aff7589607427d175721aafe8c3\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_s390.udeb\r\n Size/MD5 checksum: 268070 d565627ddbf45d36920a27b8f42c1f55\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_s390.deb\r\n Size/MD5 checksum: 698596 f161a20932cbdbb2ccf4d3a30a555231\r\n\r\nsparc architecture &#40;Sun SPARC/UltraSPARC&#41;\r\n\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_sparc.deb\r\n Size/MD5 checksum: 351162 9f308ff70921739fffbbfe9fca486a87\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_sparc.deb\r\n Size/MD5 checksum: 679330 4bee549927cdfc3b52fc62a5f16b3d49\r\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_sparc.udeb\r\n Size/MD5 checksum: 235344 ed806b039d7d8868ae9f7c89fe794629\r\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_sparc.deb\r\n Size/MD5 checksum: 200794 49a26fa64c57498279481a4786919055\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: &#96;apt-cache show &lt;pkg&gt;&#39; and http://packages.debian.org/&lt;pkg&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 &#40;GNU/Linux&#41;\r\n\r\niEYEARECAAYFAkw+GCUACgkQXm3vHE4uylrkywCgy9GpS2XDmy5Y+pj3JOVAwpFs\r\nmWwAn1lQsDqPntOyBssbJ901IHmL8FW/\r\n=Y+AX\r\n-----END PGP SIGNATURE-----", "modified": "2010-07-16T00:00:00", "published": "2010-07-16T00:00:00", "id": "SECURITYVULNS:DOC:24241", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24241", "title": "[SECURITY] [DSA 2070-1] New freetype packages fix several vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2019-05-30T02:23:08", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2070-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJuly 14, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : freetype\nVulnerability : several\nProblem type : local(remote)\nDebian-specific: no\nCVE Id(s) : CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 CVE-2010-2520 CVE-2010-2527\n\nRobert Swiecki discovered several vulnerabilities in the FreeType font \nlibrary, which could lead to the execution of arbitrary code if a\nmalformed font file is processed.\n\nAlso, several buffer overflows were found in the included demo programs.\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.3.7-2+lenny2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.4.0-1.\n\nWe recommend that you upgrade your freetype packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny2.dsc\n Size/MD5 checksum: 1219 a5930e5dfa3757bed045a67b7ef0e3e2\n http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7.orig.tar.gz\n Size/MD5 checksum: 1567540 c1a9f44fde316470176fd6d66af3a0e8\n http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny2.diff.gz\n Size/MD5 checksum: 36156 f1cb13247588b40f8f6c9d232df7efde\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_alpha.deb\n Size/MD5 checksum: 775180 d9d1a2680550113aab5a5aa23998458e\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_alpha.deb\n Size/MD5 checksum: 411954 63d800f83bd77f18b9307cd77b5cfd1d\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_alpha.deb\n Size/MD5 checksum: 253784 b95be0af80d58e4e0818dd9b66447d9e\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_alpha.udeb\n Size/MD5 checksum: 296564 6e080492ee03692588c5953b36bade6d\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_amd64.udeb\n Size/MD5 checksum: 269680 4c9e6efc6c36f0867c74dde033b97ac8\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_amd64.deb\n Size/MD5 checksum: 223010 5b9c55fc8ef35251ccdc3c1d22b13edd\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_amd64.deb\n Size/MD5 checksum: 713084 b5933f78399f7d690f786fb7f04d1eca\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_amd64.deb\n Size/MD5 checksum: 385600 741877f101eef1dd6f77aead47ddbba1\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_arm.deb\n Size/MD5 checksum: 205134 624b8b38b6cea2d569c70a18a5f78934\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_arm.udeb\n Size/MD5 checksum: 242180 d7c5020f9cb5417378b80571bc2eccd4\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_arm.deb\n Size/MD5 checksum: 686080 a12f9cb0b5f76071ed204cfdcc571cd5\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_arm.deb\n Size/MD5 checksum: 356996 ff79207089cce445fa6d0514156f12cf\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_armel.deb\n Size/MD5 checksum: 684278 7654ae1ba45138f11c53da2acce6055c\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_armel.deb\n Size/MD5 checksum: 210040 2d05fa53273572a89c81c9085a291fee\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_armel.udeb\n Size/MD5 checksum: 236524 727d731977efad369b51fdc28d42bade\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_armel.deb\n Size/MD5 checksum: 353412 0bd84857e81e20c777cfaa5cf75532f2\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_hppa.deb\n Size/MD5 checksum: 390130 633e25d7f8c8c618d9bae093ccb82ce3\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_hppa.deb\n Size/MD5 checksum: 226818 cddac3930a33e08d60652f33c9a74951\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_hppa.deb\n Size/MD5 checksum: 724826 9b77d359086e5379ded04c10e2acd20e\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_hppa.udeb\n Size/MD5 checksum: 273756 4e144120db5dcbf29368b95a783e55ca\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_i386.deb\n Size/MD5 checksum: 198154 db88552ea82caf3939e7b0cf50aaacd6\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_i386.deb\n Size/MD5 checksum: 369100 303fa098f2a6ae9b96dda6911f0bd7fb\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_i386.deb\n Size/MD5 checksum: 681856 df21b1a3835e262d844f60f9da27b279\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_i386.udeb\n Size/MD5 checksum: 254120 bfb155340e5d588d06f09901b508661b\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_ia64.deb\n Size/MD5 checksum: 530172 3eb3af7df07000f3f77046c21476d336\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_ia64.udeb\n Size/MD5 checksum: 415500 a7790020bc8e89e29d22ba21de275386\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_ia64.deb\n Size/MD5 checksum: 331586 c0c579a4f47c6239c33cf1b139850d1c\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_ia64.deb\n Size/MD5 checksum: 876158 52006540c63793635d2dcac9f8179dbf\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_mips.deb\n Size/MD5 checksum: 716244 e62cde7460caa83b189326abbe6a5347\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_mips.deb\n Size/MD5 checksum: 370118 606f0b24f3694f40eb5331e8d74c4f3b\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_mips.deb\n Size/MD5 checksum: 215180 33b08b6b36a20501276e657c3613701e\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_mips.udeb\n Size/MD5 checksum: 253874 fe4977d926f17b3cbc338ea9926fec40\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_mipsel.udeb\n Size/MD5 checksum: 254212 58be71c203785b01889176e8b028afac\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_mipsel.deb\n Size/MD5 checksum: 215322 f376b04c5b8450a03b7299a86cc4a586\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_mipsel.deb\n Size/MD5 checksum: 369756 412a79e35817f664f76dcaab0df63a59\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_mipsel.deb\n Size/MD5 checksum: 716552 3bc89b0f776eaaf3fcd5ec8f6373b599\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_powerpc.deb\n Size/MD5 checksum: 379634 a6f5c6e8ff755639559e55973ec1074d\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_powerpc.deb\n Size/MD5 checksum: 708420 6596bcb33887463503ad0507b216e4ed\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_powerpc.deb\n Size/MD5 checksum: 233050 40ee5ec08547be283b808d3afd5f97ba\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_powerpc.udeb\n Size/MD5 checksum: 262690 ed1fff07f9e2f763ca481b2f8599e4af\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_s390.deb\n Size/MD5 checksum: 383824 3fbd3dc038b0ac35b961a964cb1147e6\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_s390.deb\n Size/MD5 checksum: 225144 04291aff7589607427d175721aafe8c3\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_s390.udeb\n Size/MD5 checksum: 268070 d565627ddbf45d36920a27b8f42c1f55\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_s390.deb\n Size/MD5 checksum: 698596 f161a20932cbdbb2ccf4d3a30a555231\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_sparc.deb\n Size/MD5 checksum: 351162 9f308ff70921739fffbbfe9fca486a87\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_sparc.deb\n Size/MD5 checksum: 679330 4bee549927cdfc3b52fc62a5f16b3d49\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_sparc.udeb\n Size/MD5 checksum: 235344 ed806b039d7d8868ae9f7c89fe794629\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_sparc.deb\n Size/MD5 checksum: 200794 49a26fa64c57498279481a4786919055\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "modified": "2010-07-14T20:05:08", "published": "2010-07-14T20:05:08", "id": "DEBIAN:DSA-2070-1:50712", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00115.html", "title": "[SECURITY] [DSA 2070-1] New freetype packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "n0where": [{"lastseen": "2019-05-29T18:37:11", "bulletinFamily": "tools", "description": "Honggfuzz is a general-purpose fuzzing tool. Given a starting corpus of test files, Hongfuzz supplies and modifies input to a test program and utilize the ** ptrace() API ** / ** POSIX signal interface ** to detect and log crashes. \n\n\n\n## Features \n\n * ** Easy setup ** : No complicated configuration files or setup necessary \u2014 Hongfuzz can be run directly from the command line. \n * ** Fast ** : Multiple Hongfuzz instances can be run simultaneously for more efficient fuzzing. \n * ** Powerful analysis capabilities ** : Hongfuzz will use the most powerful process state analysis (e.g. ptrace) interface under a given OS. \n\n## Requirements \n\n * A POSIX compilant operating system \n * (under Linux) \u2013 BFD library (libbfd-dev) and LibUnwind (libunwind-dev/libunwind8-dev) \n * (under FreeBSD) \u2013 gmake \n * The [ capstone ](<https://github.com/google/honggfuzz/blob/master/docs/capstone.md>) library (wth x86/amd64 Linux boxes) \n * A corpus of input files. Honggfuzz expects a set of files to use and modify as input to the application you\u2019re fuzzing. How you get or create these files is up to you, but you might be interested in the following sources: \n * Image formats: Tavis Ormandy\u2019s [ Image Testuite ](<http://code.google.com/p/imagetestsuite/>) has been effective at finding vulnerabilities in various graphics libraries. \n * PDF: Adobe provides some [ test PDF files ](<http://acroeng.adobe.com/>) . \n\n## Description \n\n * A general-purpose, easy-to-use fuzzer with interesting analysis options. \n * Supports hardware-based [ feedback-driven fuzzing ](<https://github.com/google/honggfuzz/blob/master/docs/FeedbackDrivenFuzzing.md>) (requires Linux and a supported CPU model) \n * It works, at least, under GNU/Linux and FreeBSD (possibly under Mac OS X as well) \n * [ Can fuzz long-lasting processes ](<https://github.com/google/honggfuzz/blob/master/docs/AttachingToPid.md>) (e.g. network servers like Apache\u2019s httpd and ISC\u2019s bind) \n * It\u2019s been used to find a few interesting security problems in major software; examples: \n * FreeType 2 project: [ CVE-2010-2497 ](<https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2497>) , [ CVE-2010-2498 ](<https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2498>) , [ CVE-2010-2499 ](<https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2499>) , [ CVE-2010-2500 ](<https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2500>) , [ CVE-2010-2519 ](<https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2519>) , [ CVE-2010-2520 ](<https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2520>) , [ CVE-2010-2527 ](<https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2527>)\n * [ Multiple bugs in the libtiff library ](<http://bugzilla.maptools.org/buglist.cgi?query_format=advanced;emailreporter1=1;email1=robert@swiecki.net;product=libtiff;emailtype1=substring>)\n * [ Multiple bugs in the librsvg library ](<https://bugzilla.gnome.org/buglist.cgi?query_format=advanced;emailreporter1=1;email1=robert%40swiecki.net;product=librsvg;emailtype1=substring>)\n * [ Multiple bugs in the poppler library ](<http://lists.freedesktop.org/archives/poppler/2010-November/006726.html>)\n * [ Multiple exploitable bugs in IDA-Pro ](<https://www.hex-rays.com/bugbounty.shtml>)\n\nThis is NOT an official Google product. \n\n## Compatibility list \n\nIt should work under the following operating systems: \n\n** OS ** | ** Status ** | ** Notes ** \n---|---|--- \n** GNU/Linux ** | Works | ptrace() API (x86, x86-64 disassembly support) \n** FreeBSD ** | Works | POSIX signal interface \n** Mac OS X ** | Works | POSIX signal interface/Mac OS X crash reports (x86-64/x86 disassembly support) \n** MS Windows ** | Doesn\u2019t work | The POSIX signal implementation provided by the Cygwin project is not sufficient \n** Other Unices ** | Depends ` * ` | POSIX signal interface \n \n_ ` * ` ) It might work provided that a given operating system implements ** wait3() ** call _\n\n## Usage \n \n \n $ ./honggfuzz \r\n honggfuzz version 0.3 Robert Swiecki <swiecki@google.com>, Copyright 2010 by Google Inc. All Rights Reserved.\r\n <-f val>: input file (or input dir)\r\n [-h]: this help\r\n [-q]: null-ify children's stdin, stdout, stderr; make them quiet\r\n [-s]: standard input fuzz, instead of providing a file argument\r\n [-u]: save unique test-cases only, otherwise (if not used) append\r\n current timestamp to the output filenames\r\n [-d val]: debug level (0 - FATAL ... 4 - DEBUG), default: '3' (INFO)\r\n [-e val]: file extension (e.g swf), default: 'fuzz'\r\n [-r val]: flip rate, default: '0.001'\r\n [-m val]: flip mode (-mB - byte, -mb - bit), default: '-mB'\r\n [-c val]: command modifying input files externally (instead of -r/-m)\r\n [-t val]: timeout (in secs), default: '3' (0 - no timeout)\r\n [-a val]: address limit (from si.si_addr) below which crashes\r\n are not reported, default: '0' (suggested: 65535)\r\n [-n val]: number of concurrent fuzzing processes, default: '5'\r\n [-l val]: per process memory limit in MiB, default: '0' (no limit)\r\n [-p val]: attach to a pid (a group thread), instead of monitoring\r\n previously created process, default: '0' (none) (ptrace only)\r\n usage: honggfuzz -f input_dir -- /usr/bin/tiffinfo -D ___FILE___\r\n \n\nHonggfuzz offers simple file mutation algorithm only (bits/bytes). This [ document ](<https://github.com/google/honggfuzz/blob/master/docs/ExternalFuzzerUsage.md>) explains how to use an external command to create fuzzing input. \n\n## Output Files \n\n** Mode ** | ** Output file ** \n---|--- \nUnique mode ( ** -u ** ) | ** SIGSEGV.PC.0x7ffff78c8f70.CODE.1.ADDR.0x6c9000.INSTR.mov ` _ ` ` [ ` rdi+0x10 ` ] ` , ` _ ` [ r9 ](<https://code.google.com/p/honggfuzz/source/detail?r=9>) .ttf ** \nNon-unique mode | ** SIGSEGV.PC.0x8056ad7.CODE.1.ADDR.0x30333037.INSTR.movsx_eax, ` _ ` ` [ ` eax ` ] ` .TIME.2010-06-07.02.25.04.PID.10097.ttf ** \nPOSIX signal interface | ** SIGSEGV.22758.2010-07-01.17.24.41.tif ** \n \n## [ ](<https://github.com/google/honggfuzz/blob/master/docs/USAGE.md#description>) Description \n\n * ** SIGSEGV ** , ** SIGILL ** , ** SIGBUS ** , ** SIGABRT ** , ** SIGFPE ** \u2013 Description of the signal which terminated the process (when using ptrace() API, it\u2019s a signal which was delivered to the process, even if silently discarded) \n * ** PC.0x8056ad7 ** \u2013 Program Counter (PC) value (ptrace() API only), for x86 it\u2019s a value of the EIP register (RIP for x86-64) \n * ** CODE.1 ** \u2013 Value of the _ siginfo` _ ` t.si ` _ `code _ field (see _ man 2 signaction _ for more details), valid for some signals (e.g. SIGSEGV) only \n * ** ADDR.0x30333037 ** \u2013 Value of the _ siginfo` _ ` t.si ` _ `addr _ (see _ man 2 signaction _ for more details) (most likely meaningless for SIGABRT) \n * ** INSTR.movsx_eax, ` _ ` ` [ ` eax ` ] ` ** \u2013 Disassembled instruction which was found under the last known PC (Program Counter) (x86, x86-64 architectures only, meaningless for SIGABRT) \n * ** TIME.2010-06-07.02.25.04 ** \u2013 Local time when the signal was delivered \n * ** PID.10097 ** \u2013 Fuzzing process\u2019 id (PID) (See [ AttachingToPid ](<https://github.com/google/honggfuzz/blob/master/docs/AttachingToPid.md>) for more) \n\n[  ](<https://github.com/google/honggfuzz>)\n", "modified": "2015-06-05T15:50:13", "published": "2015-06-05T15:50:13", "id": "N0WHERE:31614", "href": "https://n0where.net/general-purpose-fuzzing-honggfuzz", "title": "General Purpose Fuzzing: Honggfuzz", "type": "n0where", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}