{"cve": [{"lastseen": "2017-09-29T14:25:50", "bulletinFamily": "NVD", "description": "The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, related to dereferencing a function pointer associated with the type of this font object.", "modified": "2017-09-28T21:30:49", "published": "2008-04-18T11:05:00", "id": "CVE-2008-1693", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1693", "title": "CVE-2008-1693", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:39:09", "bulletinFamily": "unix", "description": "[2.8.2-7.7.2]\n- Add patch for CVE-2008-1693 (#444148).", "modified": "2008-05-08T00:00:00", "published": "2008-05-08T00:00:00", "id": "ELSA-2008-0262", "href": "http://linux.oracle.com/errata/ELSA-2008-0262.html", "title": "gpdf security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:46:39", "bulletinFamily": "unix", "description": "[3.3.1-9]\n- Resolves: #442390, CVE-2008-1693", "modified": "2008-04-17T00:00:00", "published": "2008-04-17T00:00:00", "id": "ELSA-2008-0238", "href": "http://linux.oracle.com/errata/ELSA-2008-0238.html", "title": "kdegraphics security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:39:54", "bulletinFamily": "unix", "description": "[3.00-16.el4]\n- Resolves: #442388, CVE-2008-1693", "modified": "2008-04-17T00:00:00", "published": "2008-04-17T00:00:00", "id": "ELSA-2008-0240", "href": "http://linux.oracle.com/errata/ELSA-2008-0240.html", "title": "xpdf security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:40:25", "bulletinFamily": "unix", "description": "[0.5.4-4.4]\n- Add CVE-2008-1693.patch (#442392).", "modified": "2008-04-17T00:00:00", "published": "2008-04-17T00:00:00", "id": "ELSA-2008-0239", "href": "http://linux.oracle.com/errata/ELSA-2008-0239.html", "title": "poppler security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2017-10-03T18:24:46", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2008:0239\n\n\nPoppler is a PDF rendering library, used by applications such as Evince.\r\n\r\nKees Cook discovered a flaw in the way poppler displayed malformed fonts\r\nembedded in PDF files. An attacker could create a malicious PDF file that\r\nwould cause applications that use poppler -- such as Evince -- to crash,\r\nor, potentially, execute arbitrary code when opened. (CVE-2008-1693)\r\n\r\nUsers are advised to upgrade to these updated packages, which contain\r\nbackported patches to resolve this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-April/014856.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-April/014857.html\n\n**Affected packages:**\npoppler\npoppler-devel\npoppler-utils\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0239.html", "modified": "2008-04-21T15:50:27", "published": "2008-04-21T15:50:27", "href": "http://lists.centos.org/pipermail/centos-announce/2008-April/014856.html", "id": "CESA-2008:0239", "title": "poppler security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-12T14:45:45", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2008:0262\n\n\ngpdf is a GNOME-based viewer for Portable Document Format (PDF) files.\n\nKees Cook discovered a flaw in the way gpdf displayed malformed fonts\nembedded in PDF files. An attacker could create a malicious PDF file that\nwould cause gpdf to crash, or, potentially, execute arbitrary code when\nopened. (CVE-2008-1693)\n\nUsers of gpdf are advised to upgrade to this updated package, which\ncontains a backported patch to resolve this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-May/014884.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-May/014885.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-May/014893.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-May/014897.html\n\n**Affected packages:**\ngpdf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0262.html", "modified": "2008-05-11T09:07:34", "published": "2008-05-08T17:30:54", "href": "http://lists.centos.org/pipermail/centos-announce/2008-May/014884.html", "id": "CESA-2008:0262", "title": "gpdf security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-12T14:44:49", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2008:0238\n\n\nThe kdegraphics packages contain applications for the K Desktop\r\nEnvironment, including kpdf, a PDF file viewer.\r\n\r\nKees Cook discovered a flaw in the way kpdf displayed malformed fonts\r\nembedded in PDF files. An attacker could create a malicious PDF file that\r\nwould cause kpdf to crash, or, potentially, execute arbitrary code when\r\nopened. (CVE-2008-1693)\r\n\r\nAll kdegraphics users are advised to upgrade to these updated packages,\r\nwhich contain backported patches to resolve this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-April/014844.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-April/014845.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-April/014864.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-April/014872.html\n\n**Affected packages:**\nkdegraphics\nkdegraphics-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0238.html", "modified": "2008-04-23T15:18:16", "published": "2008-04-20T14:15:40", "href": "http://lists.centos.org/pipermail/centos-announce/2008-April/014844.html", "id": "CESA-2008:0238", "title": "kdegraphics security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-03T18:25:45", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2008:0240\n\n\nXpdf is an X Window System-based viewer for Portable Document Format (PDF)\r\nfiles.\r\n\r\nKees Cook discovered a flaw in the way xpdf displayed malformed fonts\r\nembedded in PDF files. An attacker could create a malicious PDF file that\r\nwould cause xpdf to crash, or, potentially, execute arbitrary code when\r\nopened. (CVE-2008-1693)\r\n\r\nUsers are advised to upgrade to these updated packages, which contain\r\nbackported patches to resolve this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-April/014846.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-April/014847.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-April/014865.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-April/014873.html\n\n**Affected packages:**\nxpdf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0240.html", "modified": "2008-04-23T15:19:01", "published": "2008-04-20T14:17:25", "href": "http://lists.centos.org/pipermail/centos-announce/2008-April/014846.html", "id": "CESA-2008:0240", "title": "xpdf security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-16T22:13:54", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1548-1 security@debian.org\nhttp://www.debian.org/security/ Devin Carraway\nApril 17, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : xpdf\nVulnerability : multiple\nProblem type : local (remote)\nDebian-specific: no\nCVE Id(s) : CVE-2008-1693\n\nKees Cook discovered a vulnerability in xpdf, set set of tools for\ndisplay and conversion of Portable Document Format (PDF) files. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblem:\n\nCVE-2008-1693\n\n Xpdf's handling of embedded fonts lacks sufficient validation\n and type checking. If a maliciously-crafted PDF file is opened, \n the vulnerability may allow the execution of arbitrary code with\n the privileges of the user running xpdf.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 3.01-9.1+etch3.\n\nFor the unstable distribution (sid), these problems were fixed in\nversion 3.02-1.2.\n\nWe recommend that you upgrade your xpdf package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, powerpc, s390.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9.1+etch4.dsc\n Size/MD5 checksum: 974 b5ae1ed7abc02a808b97f9e8b1c08e6d\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9.1+etch4.diff.gz\n Size/MD5 checksum: 39829 8b0fe2c7568c3f82d6b3d5d4742b52d9\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01.orig.tar.gz\n Size/MD5 checksum: 599778 e004c69c7dddef165d768b1362b44268\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9.1+etch4_all.deb\n Size/MD5 checksum: 1274 e7fcf339747f547b7519cbd1df2f9338\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_3.01-9.1+etch4_all.deb\n Size/MD5 checksum: 61358 7a76c4dc0a5eeb0b71fbc2807fc8ad21\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch4_alpha.deb\n Size/MD5 checksum: 915780 40c67cd9c1b54b2f61e783df57b9f1b0\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch4_alpha.deb\n Size/MD5 checksum: 1675464 0ec4308b0a7a6a9281b436b536c2b4a4\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch4_amd64.deb\n Size/MD5 checksum: 1480468 cc550f3994bdab8fd1534d0c00111723\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch4_amd64.deb\n Size/MD5 checksum: 804240 cca7233b1fe75ed2772af5d2f8e6d49d\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch4_arm.deb\n Size/MD5 checksum: 1458046 46b5a1a1503ad522b310ecbb8ce64bcc\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch4_arm.deb\n Size/MD5 checksum: 799814 97e080dec03c0393d8fee63e1a005f1d\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch4_hppa.deb\n Size/MD5 checksum: 1765316 5c465e20d6a5b285da773eda66c7497c\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch4_hppa.deb\n Size/MD5 checksum: 959886 5a5192fc84768372b5370464d646bc64\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch4_i386.deb\n Size/MD5 checksum: 793560 5c6a968f356623a7db8c1b88e8ef40c4\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch4_i386.deb\n Size/MD5 checksum: 1450746 701944ba02dbe4dd852bd22bb0ca3ab2\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch4_ia64.deb\n Size/MD5 checksum: 1212440 256c451d95495fa2689d1cca4c98e7e5\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch4_ia64.deb\n Size/MD5 checksum: 2203266 f73f1d87341e34c9f405c2c75b6f459d\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch4_mips.deb\n Size/MD5 checksum: 1730844 fbc5b43b2558c59e6a2d6630d1371a88\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch4_mips.deb\n Size/MD5 checksum: 954942 e0decffa31ae494958afecb231abee9f\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch4_powerpc.deb\n Size/MD5 checksum: 845404 543e7f16a393736880f2d3eafae8c26f\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch4_powerpc.deb\n Size/MD5 checksum: 1546580 61e23c448d7a81c80ee9f75bff993e80\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch4_s390.deb\n Size/MD5 checksum: 1390938 0823e7675a54c9991880b5e057d079da\n http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch4_s390.deb\n Size/MD5 checksum: 763906 0c891488a3bf7595c20a8063cdc9feca\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2008-04-17T17:08:50", "published": "2008-04-17T17:08:50", "id": "DEBIAN:DSA-1548-1:7E7DE", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00119.html", "title": "[SECURITY] [DSA 1548-1] New xpdf packages fix arbitrary code exitution", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-04-06T11:39:17", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n cups\n cups-client\n cups-devel\n cups-libs\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-13T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065811", "id": "OPENVAS:136141256231065811", "type": "openvas", "title": "SLES10: Security update for CUPS", "sourceData": "#\n#VID slesp2-cups-5296\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for CUPS\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n cups\n cups-client\n cups-devel\n cups-libs\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65811\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-1693\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES10: Security update for CUPS\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.1.23~40.44\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-client\", rpm:\"cups-client~1.1.23~40.44\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.1.23~40.44\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.1.23~40.44\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:49", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n poppler\n poppler-glib\n poppler-qt\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-13T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=65997", "id": "OPENVAS:65997", "title": "SLES10: Security update for poppler", "type": "openvas", "sourceData": "#\n#VID slesp1-poppler-5186\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for poppler\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n poppler\n poppler-glib\n poppler-qt\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65997);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-1693\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES10: Security update for poppler\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.4.4~19.18\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-glib\", rpm:\"poppler-glib~0.4.4~19.18\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-qt\", rpm:\"poppler-qt~0.4.4~19.18\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:43", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n cups\n cups-client\n cups-devel\n cups-libs\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5027742 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=65443", "id": "OPENVAS:65443", "title": "SLES9: Security update for cups", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5027742.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for cups\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n cups\n cups-client\n cups-devel\n cups-libs\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5027742 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65443);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-1693\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES9: Security update for cups\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.1.20~108.52\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:40:24", "bulletinFamily": "scanner", "description": "Check for the Version of koffice", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830514", "id": "OPENVAS:1361412562310830514", "type": "openvas", "title": "Mandriva Update for koffice MDVSA-2008:197-1 (koffice)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for koffice MDVSA-2008:197-1 (koffice)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Kees Cook of Ubuntu security found a flaw in how poppler prior\n to version 0.6 displayed malformed fonts embedded in PDF files.\n An attacker could create a malicious PDF file that would cause\n applications using poppler to crash, or possibly execute arbitrary\n code when opened (CVE-2008-1693).\n\n This vulnerability also affected KOffice, so the updated packages\n have been patched to correct this issue.\n \n Update:\n \n A file conflicts existed between one of the library packages and\n the koffice-devel package which prevented successful upgrades if\n koffice-devel was previously installed. This update removes the\n conflicting file from koffice-devel.\";\n\ntag_affected = \"koffice on Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-09/msg00025.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830514\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2008:197-1\");\n script_cve_id(\"CVE-2008-1693\");\n script_name( \"Mandriva Update for koffice MDVSA-2008:197-1 (koffice)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of koffice\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"koffice\", rpm:\"koffice~1.6.3~19.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"koffice-common\", rpm:\"koffice-common~1.6.3~19.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"koffice-devel\", rpm:\"koffice-devel~1.6.3~19.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"koffice-karbon\", rpm:\"koffice-karbon~1.6.3~19.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"koffice-kchart\", rpm:\"koffice-kchart~1.6.3~19.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"koffice-kexi\", rpm:\"koffice-kexi~1.6.3~19.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"koffice-kformula\", rpm:\"koffice-kformula~1.6.3~19.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"koffice-kivio\", rpm:\"koffice-kivio~1.6.3~19.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"koffice-koshell\", rpm:\"koffice-koshell~1.6.3~19.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"koffice-kplato\", rpm:\"koffice-kplato~1.6.3~19.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"koffice-kpresenter\", rpm:\"koffice-kpresenter~1.6.3~19.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"koffice-krita\", rpm:\"koffice-krita~1.6.3~19.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"koffice-kspread\", rpm:\"koffice-kspread~1.6.3~19.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"koffice-kugar\", rpm:\"koffice-kugar~1.6.3~19.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"koffice-kword\", rpm:\"koffice-kword~1.6.3~19.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkoffice2-common\", rpm:\"libkoffice2-common~1.6.3~19.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkoffice2-karbon\", rpm:\"libkoffice2-karbon~1.6.3~19.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkoffice2-kchart\", rpm:\"libkoffice2-kchart~1.6.3~19.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkoffice2-kexi\", rpm:\"libkoffice2-kexi~1.6.3~19.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkoffice2-kformula\", rpm:\"libkoffice2-kformula~1.6.3~19.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkoffice2-kivio\", rpm:\"libkoffice2-kivio~1.6.3~19.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkoffice2-kpresenter\", rpm:\"libkoffice2-kpresenter~1.6.3~19.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkoffice2-krita\", rpm:\"libkoffice2-krita~1.6.3~19.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkoffice2-kspread\", rpm:\"libkoffice2-kspread~1.6.3~19.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkoffice2-kugar\", rpm:\"libkoffice2-kugar~1.6.3~19.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkoffice2-kword\", rpm:\"libkoffice2-kword~1.6.3~19.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64koffice2-common\", rpm:\"lib64koffice2-common~1.6.3~19.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64koffice2-karbon\", rpm:\"lib64koffice2-karbon~1.6.3~19.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64koffice2-kchart\", rpm:\"lib64koffice2-kchart~1.6.3~19.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64koffice2-kexi\", rpm:\"lib64koffice2-kexi~1.6.3~19.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64koffice2-kformula\", rpm:\"lib64koffice2-kformula~1.6.3~19.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64koffice2-kivio\", rpm:\"lib64koffice2-kivio~1.6.3~19.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64koffice2-kpresenter\", rpm:\"lib64koffice2-kpresenter~1.6.3~19.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64koffice2-krita\", rpm:\"lib64koffice2-krita~1.6.3~19.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64koffice2-kspread\", rpm:\"lib64koffice2-kspread~1.6.3~19.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64koffice2-kugar\", rpm:\"lib64koffice2-kugar~1.6.3~19.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64koffice2-kword\", rpm:\"lib64koffice2-kword~1.6.3~19.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:49", "bulletinFamily": "scanner", "description": "The remote host is missing an update to xpdf\nannounced via advisory DSA 1548-1.", "modified": "2017-07-07T00:00:00", "published": "2008-04-21T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=60795", "id": "OPENVAS:60795", "title": "Debian Security Advisory DSA 1548-1 (xpdf)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1548_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1548-1 (xpdf)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Kees Cook discovered a vulnerability in xpdf, set set of tools for\ndisplay and conversion of Portable Document Format (PDF) files. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblem:\n\nCVE-2008-1693\n\nXpdf's handling of embedded fonts lacks sufficient validation\nand type checking. If a maliciously-crafted PDF file is opened,\nthe vulnerability may allow the execution of arbitrary code with\nthe privileges of the user running xpdf.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 3.01-9.1+etch3.\n\nFor the unstable distribution (sid), these problems were fixed in\nversion 3.02-1.2.\n\nWe recommend that you upgrade your xpdf package.\";\ntag_summary = \"The remote host is missing an update to xpdf\nannounced via advisory DSA 1548-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201548-1\";\n\n\nif(description)\n{\n script_id(60795);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-04-21 20:40:14 +0200 (Mon, 21 Apr 2008)\");\n script_cve_id(\"CVE-2008-1693\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1548-1 (xpdf)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"xpdf\", ver:\"3.01-9.1+etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xpdf-common\", ver:\"3.01-9.1+etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xpdf-reader\", ver:\"3.01-9.1+etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xpdf-utils\", ver:\"3.01-9.1+etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:41:39", "bulletinFamily": "scanner", "description": "Check for the Version of xpdf", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880005", "id": "OPENVAS:1361412562310880005", "type": "openvas", "title": "CentOS Update for xpdf CESA-2008:0240 centos4 x86_64", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for xpdf CESA-2008:0240 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Xpdf is an X Window System-based viewer for Portable Document Format (PDF)\n files.\n\n Kees Cook discovered a flaw in the way xpdf displayed malformed fonts\n embedded in PDF files. An attacker could create a malicious PDF file that\n would cause xpdf to crash, or, potentially, execute arbitrary code when\n opened. (CVE-2008-1693)\n \n Users are advised to upgrade to these updated packages, which contain\n backported patches to resolve this issue.\";\n\ntag_affected = \"xpdf on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-April/014846.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880005\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2008:0240\");\n script_cve_id(\"CVE-2008-1693\");\n script_name( \"CentOS Update for xpdf CESA-2008:0240 centos4 x86_64\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of xpdf\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.00~16.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-27T10:56:16", "bulletinFamily": "scanner", "description": "Check for the Version of gpdf", "modified": "2017-07-12T00:00:00", "published": "2009-03-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870054", "id": "OPENVAS:870054", "title": "RedHat Update for gpdf RHSA-2008:0262-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for gpdf RHSA-2008:0262-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"gpdf is a GNOME-based viewer for Portable Document Format (PDF) files.\n\n Kees Cook discovered a flaw in the way gpdf displayed malformed fonts\n embedded in PDF files. An attacker could create a malicious PDF file that\n would cause gpdf to crash, or, potentially, execute arbitrary code when\n opened. (CVE-2008-1693)\n \n Users of gpdf are advised to upgrade to this updated package, which\n contains a backported patch to resolve this issue.\";\n\ntag_affected = \"gpdf on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-May/msg00003.html\");\n script_id(870054);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2008:0262-01\");\n script_cve_id(\"CVE-2008-1693\");\n script_name( \"RedHat Update for gpdf RHSA-2008:0262-01\");\n\n script_summary(\"Check for the Version of gpdf\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"gpdf\", rpm:\"gpdf~2.8.2~7.7.2\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gpdf-debuginfo\", rpm:\"gpdf-debuginfo~2.8.2~7.7.2\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:51", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200804-18.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=60818", "id": "OPENVAS:60818", "title": "Gentoo Security Advisory GLSA 200804-18 (poppler)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Poppler does not handle fonts inside PDF files safely, allowing for\nexecution of arbitrary code.\";\ntag_solution = \"All Poppler users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-text/poppler-0.6.3'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200804-18\nhttp://bugs.gentoo.org/show_bug.cgi?id=216850\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200804-18.\";\n\n \n\nif(description)\n{\n script_id(60818);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2008-1693\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200804-18 (poppler)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"app-text/poppler\", unaffected: make_list(\"ge 0.6.3\"), vulnerable: make_list(\"lt 0.6.3\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:41:34", "bulletinFamily": "scanner", "description": "Check for the Version of poppler", "modified": "2018-04-06T00:00:00", "published": "2009-03-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870056", "id": "OPENVAS:1361412562310870056", "type": "openvas", "title": "RedHat Update for poppler RHSA-2008:0239-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for poppler RHSA-2008:0239-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Poppler is a PDF rendering library, used by applications such as Evince.\n\n Kees Cook discovered a flaw in the way poppler displayed malformed fonts\n embedded in PDF files. An attacker could create a malicious PDF file that\n would cause applications that use poppler -- such as Evince -- to crash,\n or, potentially, execute arbitrary code when opened. (CVE-2008-1693)\n \n Users are advised to upgrade to these updated packages, which contain\n backported patches to resolve this issue.\";\n\ntag_affected = \"poppler on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-April/msg00021.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870056\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2008:0239-01\");\n script_cve_id(\"CVE-2008-1693\");\n script_name( \"RedHat Update for poppler RHSA-2008:0239-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of poppler\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.5.4~4.4.el5_1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"poppler-debuginfo\", rpm:\"poppler-debuginfo~0.5.4~4.4.el5_1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"poppler-devel\", rpm:\"poppler-devel~0.5.4~4.4.el5_1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"poppler-utils\", rpm:\"poppler-utils~0.5.4~4.4.el5_1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:28", "bulletinFamily": "scanner", "description": "Check for the Version of koffice", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=830617", "id": "OPENVAS:830617", "title": "Mandriva Update for koffice MDVSA-2008:197 (koffice)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for koffice MDVSA-2008:197 (koffice)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Kees Cook of Ubuntu security found a flaw in how poppler prior\n to version 0.6 displayed malformed fonts embedded in PDF files.\n An attacker could create a malicious PDF file that would cause\n applications using poppler to crash, or possibly execute arbitrary\n code when opened (CVE-2008-1693).\n\n This vulnerability also affected KOffice, so the updated packages\n have been patched to correct this issue.\";\n\ntag_affected = \"koffice on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-09/msg00020.php\");\n script_id(830617);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2008:197\");\n script_cve_id(\"CVE-2008-1693\");\n script_name( \"Mandriva Update for koffice MDVSA-2008:197 (koffice)\");\n\n script_summary(\"Check for the Version of koffice\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"koffice\", rpm:\"koffice~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"koffice-karbon\", rpm:\"koffice-karbon~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"koffice-kexi\", rpm:\"koffice-kexi~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"koffice-kformula\", rpm:\"koffice-kformula~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"koffice-kivio\", rpm:\"koffice-kivio~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"koffice-koshell\", rpm:\"koffice-koshell~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"koffice-kplato\", rpm:\"koffice-kplato~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"koffice-kpresenter\", rpm:\"koffice-kpresenter~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"koffice-krita\", rpm:\"koffice-krita~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"koffice-kspread\", rpm:\"koffice-kspread~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"koffice-kugar\", rpm:\"koffice-kugar~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"koffice-kword\", rpm:\"koffice-kword~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"koffice-progs\", rpm:\"koffice-progs~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkoffice2-karbon\", rpm:\"libkoffice2-karbon~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkoffice2-karbon-devel\", rpm:\"libkoffice2-karbon-devel~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkoffice2-kexi\", rpm:\"libkoffice2-kexi~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkoffice2-kexi-devel\", rpm:\"libkoffice2-kexi-devel~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkoffice2-kformula\", rpm:\"libkoffice2-kformula~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkoffice2-kformula-devel\", rpm:\"libkoffice2-kformula-devel~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkoffice2-kivio\", rpm:\"libkoffice2-kivio~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkoffice2-kivio-devel\", rpm:\"libkoffice2-kivio-devel~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkoffice2-koshell\", rpm:\"libkoffice2-koshell~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkoffice2-kplato\", rpm:\"libkoffice2-kplato~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkoffice2-kpresenter\", rpm:\"libkoffice2-kpresenter~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkoffice2-kpresenter-devel\", rpm:\"libkoffice2-kpresenter-devel~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkoffice2-krita\", rpm:\"libkoffice2-krita~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkoffice2-krita-devel\", rpm:\"libkoffice2-krita-devel~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkoffice2-kspread\", rpm:\"libkoffice2-kspread~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkoffice2-kspread-devel\", rpm:\"libkoffice2-kspread-devel~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkoffice2-kugar\", rpm:\"libkoffice2-kugar~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkoffice2-kugar-devel\", rpm:\"libkoffice2-kugar-devel~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkoffice2-kword\", rpm:\"libkoffice2-kword~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkoffice2-kword-devel\", rpm:\"libkoffice2-kword-devel~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkoffice2-progs\", rpm:\"libkoffice2-progs~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkoffice2-progs-devel\", rpm:\"libkoffice2-progs-devel~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64koffice2-karbon\", rpm:\"lib64koffice2-karbon~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64koffice2-karbon-devel\", rpm:\"lib64koffice2-karbon-devel~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64koffice2-kexi\", rpm:\"lib64koffice2-kexi~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64koffice2-kexi-devel\", rpm:\"lib64koffice2-kexi-devel~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64koffice2-kformula\", rpm:\"lib64koffice2-kformula~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64koffice2-kformula-devel\", rpm:\"lib64koffice2-kformula-devel~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64koffice2-kivio\", rpm:\"lib64koffice2-kivio~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64koffice2-kivio-devel\", rpm:\"lib64koffice2-kivio-devel~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64koffice2-koshell\", rpm:\"lib64koffice2-koshell~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64koffice2-kplato\", rpm:\"lib64koffice2-kplato~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64koffice2-kpresenter\", rpm:\"lib64koffice2-kpresenter~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64koffice2-kpresenter-devel\", rpm:\"lib64koffice2-kpresenter-devel~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64koffice2-krita\", rpm:\"lib64koffice2-krita~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64koffice2-krita-devel\", rpm:\"lib64koffice2-krita-devel~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64koffice2-kspread\", rpm:\"lib64koffice2-kspread~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64koffice2-kspread-devel\", rpm:\"lib64koffice2-kspread-devel~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64koffice2-kugar\", rpm:\"lib64koffice2-kugar~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64koffice2-kugar-devel\", rpm:\"lib64koffice2-kugar-devel~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64koffice2-kword\", rpm:\"lib64koffice2-kword~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64koffice2-kword-devel\", rpm:\"lib64koffice2-kword-devel~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64koffice2-progs\", rpm:\"lib64koffice2-progs~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64koffice2-progs-devel\", rpm:\"lib64koffice2-progs-devel~1.6.3~9.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"koffice\", rpm:\"koffice~1.6.3~19.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"koffice-common\", rpm:\"koffice-common~1.6.3~19.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"koffice-devel\", rpm:\"koffice-devel~1.6.3~19.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"koffice-karbon\", rpm:\"koffice-karbon~1.6.3~19.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"koffice-kchart\", rpm:\"koffice-kchart~1.6.3~19.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"koffice-kexi\", rpm:\"koffice-kexi~1.6.3~19.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"koffice-kformula\", rpm:\"koffice-kformula~1.6.3~19.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"koffice-kivio\", rpm:\"koffice-kivio~1.6.3~19.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"koffice-koshell\", rpm:\"koffice-koshell~1.6.3~19.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"koffice-kplato\", rpm:\"koffice-kplato~1.6.3~19.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"koffice-kpresenter\", rpm:\"koffice-kpresenter~1.6.3~19.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"koffice-krita\", rpm:\"koffice-krita~1.6.3~19.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"koffice-kspread\", rpm:\"koffice-kspread~1.6.3~19.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"koffice-kugar\", rpm:\"koffice-kugar~1.6.3~19.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"koffice-kword\", rpm:\"koffice-kword~1.6.3~19.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkoffice2-common\", rpm:\"libkoffice2-common~1.6.3~19.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkoffice2-karbon\", rpm:\"libkoffice2-karbon~1.6.3~19.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkoffice2-kchart\", rpm:\"libkoffice2-kchart~1.6.3~19.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkoffice2-kexi\", rpm:\"libkoffice2-kexi~1.6.3~19.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkoffice2-kformula\", rpm:\"libkoffice2-kformula~1.6.3~19.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkoffice2-kivio\", rpm:\"libkoffice2-kivio~1.6.3~19.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkoffice2-kpresenter\", rpm:\"libkoffice2-kpresenter~1.6.3~19.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkoffice2-krita\", rpm:\"libkoffice2-krita~1.6.3~19.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkoffice2-kspread\", rpm:\"libkoffice2-kspread~1.6.3~19.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkoffice2-kugar\", rpm:\"libkoffice2-kugar~1.6.3~19.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkoffice2-kword\", rpm:\"libkoffice2-kword~1.6.3~19.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64koffice2-common\", rpm:\"lib64koffice2-common~1.6.3~19.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64koffice2-karbon\", rpm:\"lib64koffice2-karbon~1.6.3~19.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64koffice2-kchart\", rpm:\"lib64koffice2-kchart~1.6.3~19.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64koffice2-kexi\", rpm:\"lib64koffice2-kexi~1.6.3~19.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64koffice2-kformula\", rpm:\"lib64koffice2-kformula~1.6.3~19.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64koffice2-kivio\", rpm:\"lib64koffice2-kivio~1.6.3~19.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64koffice2-kpresenter\", rpm:\"lib64koffice2-kpresenter~1.6.3~19.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64koffice2-krita\", rpm:\"lib64koffice2-krita~1.6.3~19.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64koffice2-kspread\", rpm:\"lib64koffice2-kspread~1.6.3~19.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64koffice2-kugar\", rpm:\"lib64koffice2-kugar~1.6.3~19.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64koffice2-kword\", rpm:\"lib64koffice2-kword~1.6.3~19.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:10:55", "bulletinFamily": "scanner", "description": "An updated gpdf package that fixes a security issue is now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\ngpdf is a GNOME-based viewer for Portable Document Format (PDF) files.\n\nKees Cook discovered a flaw in the way gpdf displayed malformed fonts embedded in PDF files. An attacker could create a malicious PDF file that would cause gpdf to crash, or, potentially, execute arbitrary code when opened. (CVE-2008-1693)\n\nUsers of gpdf are advised to upgrade to this updated package, which contains a backported patch to resolve this issue.", "modified": "2018-11-27T00:00:00", "id": "REDHAT-RHSA-2008-0262.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=32163", "published": "2008-05-09T00:00:00", "title": "RHEL 4 : gpdf (RHSA-2008:0262)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0262. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32163);\n script_version (\"1.19\");\n script_cvs_date(\"Date: 2018/11/27 13:31:32\");\n\n script_cve_id(\"CVE-2008-1693\");\n script_bugtraq_id(28830);\n script_xref(name:\"RHSA\", value:\"2008:0262\");\n\n script_name(english:\"RHEL 4 : gpdf (RHSA-2008:0262)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated gpdf package that fixes a security issue is now available\nfor Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\ngpdf is a GNOME-based viewer for Portable Document Format (PDF) files.\n\nKees Cook discovered a flaw in the way gpdf displayed malformed fonts\nembedded in PDF files. An attacker could create a malicious PDF file\nthat would cause gpdf to crash, or, potentially, execute arbitrary\ncode when opened. (CVE-2008-1693)\n\nUsers of gpdf are advised to upgrade to this updated package, which\ncontains a backported patch to resolve this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0262\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gpdf package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gpdf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0262\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"gpdf-2.8.2-7.7.2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gpdf\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:10:52", "bulletinFamily": "scanner", "description": "Updated kdegraphics packages that fix a security issue are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kdegraphics packages contain applications for the K Desktop Environment, including kpdf, a PDF file viewer.\n\nKees Cook discovered a flaw in the way kpdf displayed malformed fonts embedded in PDF files. An attacker could create a malicious PDF file that would cause kpdf to crash, or, potentially, execute arbitrary code when opened. (CVE-2008-1693)\n\nAll kdegraphics users are advised to upgrade to these updated packages, which contain backported patches to resolve this issue.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2008-0238.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=32001", "published": "2008-04-22T00:00:00", "title": "CentOS 4 : kdegraphics (CESA-2008:0238)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0238 and \n# CentOS Errata and Security Advisory 2008:0238 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32001);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/11/10 11:49:28\");\n\n script_cve_id(\"CVE-2008-1693\");\n script_bugtraq_id(28830);\n script_xref(name:\"RHSA\", value:\"2008:0238\");\n\n script_name(english:\"CentOS 4 : kdegraphics (CESA-2008:0238)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kdegraphics packages that fix a security issue are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kdegraphics packages contain applications for the K Desktop\nEnvironment, including kpdf, a PDF file viewer.\n\nKees Cook discovered a flaw in the way kpdf displayed malformed fonts\nembedded in PDF files. An attacker could create a malicious PDF file\nthat would cause kpdf to crash, or, potentially, execute arbitrary\ncode when opened. (CVE-2008-1693)\n\nAll kdegraphics users are advised to upgrade to these updated\npackages, which contain backported patches to resolve this issue.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-April/014844.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?706e2a4b\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-April/014845.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?10161044\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-April/014864.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ab55e27c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kdegraphics packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kdegraphics\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kdegraphics-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kdegraphics-3.3.1-9.el4_6\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"kdegraphics-3.3.1-9.c4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kdegraphics-3.3.1-9.el4_6\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kdegraphics-devel-3.3.1-9.el4_6\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"kdegraphics-devel-3.3.1-9.c4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kdegraphics-devel-3.3.1-9.el4_6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:17:05", "bulletinFamily": "scanner", "description": "Kees Cook discovered a flaw in the way kpdf displayed malformed fonts embedded in PDF files. An attacker could create a malicious PDF file that would cause kpdf to crash, or, potentially, execute arbitrary code when opened. (CVE-2008-1693)", "modified": "2019-01-07T00:00:00", "id": "SL_20080417_KDEGRAPHICS_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60387", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : kdegraphics on SL4.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60387);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/01/07 9:52:18\");\n\n script_cve_id(\"CVE-2008-1693\");\n\n script_name(english:\"Scientific Linux Security Update : kdegraphics on SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Kees Cook discovered a flaw in the way kpdf displayed malformed fonts\nembedded in PDF files. An attacker could create a malicious PDF file\nthat would cause kpdf to crash, or, potentially, execute arbitrary\ncode when opened. (CVE-2008-1693)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0804&L=scientific-linux-errata&T=0&P=1321\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?46e08fc7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kdegraphics and / or kdegraphics-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"kdegraphics-3.3.1-9.el4_6\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kdegraphics-devel-3.3.1-9.el4_6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:10:52", "bulletinFamily": "scanner", "description": "Updated xpdf packages that fix a security issue are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nXpdf is an X Window System-based viewer for Portable Document Format (PDF) files.\n\nKees Cook discovered a flaw in the way xpdf displayed malformed fonts embedded in PDF files. An attacker could create a malicious PDF file that would cause xpdf to crash, or, potentially, execute arbitrary code when opened. (CVE-2008-1693)\n\nUsers are advised to upgrade to these updated packages, which contain backported patches to resolve this issue.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2008-0240.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=32002", "published": "2008-04-22T00:00:00", "title": "CentOS 4 : xpdf (CESA-2008:0240)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0240 and \n# CentOS Errata and Security Advisory 2008:0240 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32002);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/11/10 11:49:28\");\n\n script_cve_id(\"CVE-2008-1693\");\n script_bugtraq_id(28830);\n script_xref(name:\"RHSA\", value:\"2008:0240\");\n\n script_name(english:\"CentOS 4 : xpdf (CESA-2008:0240)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated xpdf packages that fix a security issue are now available for\nRed Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nXpdf is an X Window System-based viewer for Portable Document Format\n(PDF) files.\n\nKees Cook discovered a flaw in the way xpdf displayed malformed fonts\nembedded in PDF files. An attacker could create a malicious PDF file\nthat would cause xpdf to crash, or, potentially, execute arbitrary\ncode when opened. (CVE-2008-1693)\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to resolve this issue.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-April/014846.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?597879b0\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-April/014847.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c8e0ccc1\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-April/014865.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0a89e627\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xpdf package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xpdf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", reference:\"xpdf-3.00-16.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:10:54", "bulletinFamily": "scanner", "description": "Specially crafted PDF files with embedded fonts could potentially be abused to trick applications that process PDF files into executing arbitrary code (CVE-2008-1693).", "modified": "2014-06-13T00:00:00", "id": "SUSE_POPPLER-5190.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=32119", "published": "2008-05-01T00:00:00", "title": "openSUSE 10 Security Update : poppler (poppler-5190)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update poppler-5190.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32119);\n script_version (\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2014/06/13 20:36:48 $\");\n\n script_cve_id(\"CVE-2008-1693\");\n\n script_name(english:\"openSUSE 10 Security Update : poppler (poppler-5190)\");\n script_summary(english:\"Check for the poppler-5190 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted PDF files with embedded fonts could potentially be\nabused to trick applications that process PDF files into executing\narbitrary code (CVE-2008-1693).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected poppler packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:poppler-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:poppler-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:poppler-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:poppler-qt4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:poppler-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"poppler-0.4.4-19.18\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"poppler-devel-0.4.4-19.18\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"poppler-glib-0.4.4-19.18\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"poppler-qt-0.4.4-19.18\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"poppler-0.5.4-33.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"poppler-devel-0.5.4-33.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"poppler-glib-0.5.4-33.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"poppler-qt-0.5.4-33.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"poppler-tools-0.5.4-33.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"poppler-0.5.4-101.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"poppler-devel-0.5.4-101.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"poppler-glib-0.5.4-101.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"poppler-qt-0.5.4-101.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"poppler-qt4-0.5.4-101.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"poppler-tools-0.5.4-101.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler / poppler-devel / poppler-glib / poppler-qt / poppler-tools / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:10:54", "bulletinFamily": "scanner", "description": "Security update: xpdf embedded font vulnerability - CVE-2008-1693 (#441722) (backport patch used in upstream poppler-0.6.2 and later)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2015-10-21T00:00:00", "id": "FEDORA_2008-3312.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=32089", "published": "2008-05-01T00:00:00", "title": "Fedora 7 : poppler-0.5.4-9.fc7 (2008-3312)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-3312.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32089);\n script_version (\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2015/10/21 22:13:39 $\");\n\n script_cve_id(\"CVE-2008-1693\");\n script_bugtraq_id(28830);\n script_xref(name:\"FEDORA\", value:\"2008-3312\");\n\n script_name(english:\"Fedora 7 : poppler-0.5.4-9.fc7 (2008-3312)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security update: xpdf embedded font vulnerability - CVE-2008-1693\n(#441722) (backport patch used in upstream poppler-0.6.2 and later)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=441722\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-April/009547.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b55bfe55\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected poppler package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"poppler-0.5.4-9.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:10:54", "bulletinFamily": "scanner", "description": "Specially crafted PDF files with embedded fonts could potentially be abused to trick applications that process PDF files into executing arbitrary code. (CVE-2008-1693)", "modified": "2012-05-17T00:00:00", "id": "SUSE_POPPLER-5186.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=32118", "published": "2008-05-01T00:00:00", "title": "SuSE 10 Security Update : poppler (ZYPP Patch Number 5186)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32118);\n script_version (\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2012/05/17 11:20:15 $\");\n\n script_cve_id(\"CVE-2008-1693\");\n\n script_name(english:\"SuSE 10 Security Update : poppler (ZYPP Patch Number 5186)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted PDF files with embedded fonts could potentially be\nabused to trick applications that process PDF files into executing\narbitrary code. (CVE-2008-1693)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1693.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5186.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2012 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"poppler-0.4.4-19.18\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"poppler-devel-0.4.4-19.18\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"poppler-glib-0.4.4-19.18\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"poppler-qt-0.4.4-19.18\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"poppler-0.4.4-19.18\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"poppler-glib-0.4.4-19.18\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"poppler-qt-0.4.4-19.18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:19:17", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2008:0238 :\n\nUpdated kdegraphics packages that fix a security issue are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kdegraphics packages contain applications for the K Desktop Environment, including kpdf, a PDF file viewer.\n\nKees Cook discovered a flaw in the way kpdf displayed malformed fonts embedded in PDF files. An attacker could create a malicious PDF file that would cause kpdf to crash, or, potentially, execute arbitrary code when opened. (CVE-2008-1693)\n\nAll kdegraphics users are advised to upgrade to these updated packages, which contain backported patches to resolve this issue.", "modified": "2018-07-18T00:00:00", "id": "ORACLELINUX_ELSA-2008-0238.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67686", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 : kdegraphics (ELSA-2008-0238)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0238 and \n# Oracle Linux Security Advisory ELSA-2008-0238 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67686);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2008-1693\");\n script_bugtraq_id(28830);\n script_xref(name:\"RHSA\", value:\"2008:0238\");\n\n script_name(english:\"Oracle Linux 4 : kdegraphics (ELSA-2008-0238)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0238 :\n\nUpdated kdegraphics packages that fix a security issue are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kdegraphics packages contain applications for the K Desktop\nEnvironment, including kpdf, a PDF file viewer.\n\nKees Cook discovered a flaw in the way kpdf displayed malformed fonts\nembedded in PDF files. An attacker could create a malicious PDF file\nthat would cause kpdf to crash, or, potentially, execute arbitrary\ncode when opened. (CVE-2008-1693)\n\nAll kdegraphics users are advised to upgrade to these updated\npackages, which contain backported patches to resolve this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-April/000576.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kdegraphics packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kdegraphics\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kdegraphics-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kdegraphics-3.3.1-9.el4_6\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kdegraphics-3.3.1-9.el4_6\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kdegraphics-devel-3.3.1-9.el4_6\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kdegraphics-devel-3.3.1-9.el4_6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kdegraphics / kdegraphics-devel\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:10:52", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-200804-18 (Poppler: User-assisted execution of arbitrary code)\n\n Kees Cook from the Ubuntu Security Team reported that the CairoFont::create() function in the file CairoFontEngine.cc does not verify the type of an embedded font object inside a PDF file before dereferencing a function pointer from it.\n Impact :\n\n A remote attacker could entice a user to open a specially crafted PDF file with a Poppler-based PDF viewer such as Gentoo's Xpdf, Epdfview, or Evince, potentially resulting in the execution of arbitrary code with the privileges of the user running the application.\n Workaround :\n\n There is no known workaround at this time.", "modified": "2018-08-10T00:00:00", "id": "GENTOO_GLSA-200804-18.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=32011", "published": "2008-04-22T00:00:00", "title": "GLSA-200804-18 : Poppler: User-assisted execution of arbitrary code", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200804-18.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32011);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/08/10 18:07:07\");\n\n script_cve_id(\"CVE-2008-1693\");\n script_xref(name:\"GLSA\", value:\"200804-18\");\n\n script_name(english:\"GLSA-200804-18 : Poppler: User-assisted execution of arbitrary code\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200804-18\n(Poppler: User-assisted execution of arbitrary code)\n\n Kees Cook from the Ubuntu Security Team reported that the\n CairoFont::create() function in the file CairoFontEngine.cc does not\n verify the type of an embedded font object inside a PDF file before\n dereferencing a function pointer from it.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted PDF\n file with a Poppler-based PDF viewer such as Gentoo's Xpdf, Epdfview,\n or Evince, potentially resulting in the execution of arbitrary code\n with the privileges of the user running the application.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200804-18\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Poppler users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-text/poppler-0.6.3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-text/poppler\", unaffected:make_list(\"ge 0.6.3\"), vulnerable:make_list(\"lt 0.6.3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Poppler\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:10:53", "bulletinFamily": "scanner", "description": "Updated xpdf packages that fix a security issue are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nXpdf is an X Window System-based viewer for Portable Document Format (PDF) files.\n\nKees Cook discovered a flaw in the way xpdf displayed malformed fonts embedded in PDF files. An attacker could create a malicious PDF file that would cause xpdf to crash, or, potentially, execute arbitrary code when opened. (CVE-2008-1693)\n\nUsers are advised to upgrade to these updated packages, which contain backported patches to resolve this issue.", "modified": "2018-11-27T00:00:00", "id": "REDHAT-RHSA-2008-0240.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=32022", "published": "2008-04-22T00:00:00", "title": "RHEL 4 : xpdf (RHSA-2008:0240)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0240. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32022);\n script_version (\"1.20\");\n script_cvs_date(\"Date: 2018/11/27 13:31:32\");\n\n script_cve_id(\"CVE-2008-1693\");\n script_bugtraq_id(28830);\n script_xref(name:\"RHSA\", value:\"2008:0240\");\n\n script_name(english:\"RHEL 4 : xpdf (RHSA-2008:0240)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated xpdf packages that fix a security issue are now available for\nRed Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nXpdf is an X Window System-based viewer for Portable Document Format\n(PDF) files.\n\nKees Cook discovered a flaw in the way xpdf displayed malformed fonts\nembedded in PDF files. An attacker could create a malicious PDF file\nthat would cause xpdf to crash, or, potentially, execute arbitrary\ncode when opened. (CVE-2008-1693)\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to resolve this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0240\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xpdf package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xpdf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0240\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"xpdf-3.00-16.el4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xpdf\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:26", "bulletinFamily": "software", "description": "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nGentoo Linux Security Advisory GLSA 200804-18:02\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n http://security.gentoo.org/\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\n Severity: Normal\r\n Title: Poppler: User-assisted execution of arbitrary code\r\n Date: April 17, 2008\r\n Updated: April 17, 2008\r\n Bugs: #216850\r\n ID: 200804-18:02\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\nSynopsis\r\n========\r\n\r\nPoppler does not handle fonts inside PDF files safely, allowing for\r\nexecution of arbitrary code.\r\n\r\nBackground\r\n==========\r\n\r\nPoppler is a cross-platform PDF rendering library originally based on\r\nXpdf.\r\n\r\nAffected packages\r\n=================\r\n\r\n -------------------------------------------------------------------\r\n Package / Vulnerable / Unaffected\r\n -------------------------------------------------------------------\r\n 1 app-text/poppler < 0.6.3 >= 0.6.3\r\n\r\nDescription\r\n===========\r\n\r\nKees Cook from the Ubuntu Security Team reported that the\r\nCairoFont::create() function in the file CairoFontEngine.cc does not\r\nverify the type of an embedded font object inside a PDF file before\r\ndereferencing a function pointer from it.\r\n\r\nImpact\r\n======\r\n\r\nA remote attacker could entice a user to open a specially crafted PDF\r\nfile with a Poppler-based PDF viewer such as Gentoo's Xpdf, Epdfview,\r\nor Evince, potentially resulting in the execution of arbitrary code\r\nwith the privileges of the user running the application.\r\n\r\nWorkaround\r\n==========\r\n\r\nThere is no known workaround at this time.\r\n\r\nResolution\r\n==========\r\n\r\nAll Poppler users should upgrade to the latest version:\r\n\r\n # emerge --sync\r\n # emerge --ask --oneshot --verbose ">=app-text/poppler-0.6.3"\r\n\r\nReferences\r\n==========\r\n\r\n [ 1 ] CVE-2008-1693\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1693\r\n\r\nAvailability\r\n============\r\n\r\nThis GLSA and any updates to it are available for viewing at\r\nthe Gentoo Security Website:\r\n\r\n http://security.gentoo.org/glsa/glsa-200804-18.xml\r\n\r\nConcerns?\r\n=========\r\n\r\nSecurity is a primary focus of Gentoo Linux and ensuring the\r\nconfidentiality and security of our users machines is of utmost\r\nimportance to us. Any security concerns should be addressed to\r\nsecurity@gentoo.org or alternatively, you may file a bug at\r\nhttp://bugs.gentoo.org.\r\n\r\nLicense\r\n=======\r\n\r\nCopyright 2008 Gentoo Foundation, Inc; referenced text\r\nbelongs to its owner(s).\r\n\r\nThe contents of this document are licensed under the\r\nCreative Commons - Attribution / Share Alike license.\r\n\r\nhttp://creativecommons.org/licenses/by-sa/2.5", "modified": "2008-04-17T00:00:00", "published": "2008-04-17T00:00:00", "id": "SECURITYVULNS:DOC:19689", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19689", "title": "[ GLSA 200804-18 ] Poppler: User-assisted execution of arbitrary code", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:29", "bulletinFamily": "software", "description": "User-controlled pointer dereference.", "modified": "2008-04-17T00:00:00", "published": "2008-04-17T00:00:00", "id": "SECURITYVULNS:VULN:8923", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8923", "title": "XPDF / Poppler uninitialized pointer dereference", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:45", "bulletinFamily": "unix", "description": "### Background\n\nPoppler is a cross-platform PDF rendering library originally based on Xpdf. \n\n### Description\n\nKees Cook from the Ubuntu Security Team reported that the CairoFont::create() function in the file CairoFontEngine.cc does not verify the type of an embedded font object inside a PDF file before dereferencing a function pointer from it. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted PDF file with a Poppler-based PDF viewer such as Gentoo's Xpdf, Epdfview, or Evince, potentially resulting in the execution of arbitrary code with the privileges of the user running the application. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Poppler users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/poppler-0.6.3\"", "modified": "2008-04-17T00:00:00", "published": "2008-04-17T00:00:00", "id": "GLSA-200804-18", "href": "https://security.gentoo.org/glsa/200804-18", "type": "gentoo", "title": "Poppler: User-assisted execution of arbitrary code", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-12-11T17:43:21", "bulletinFamily": "unix", "description": "Xpdf is an X Window System-based viewer for Portable Document Format (PDF)\r\nfiles.\r\n\r\nKees Cook discovered a flaw in the way xpdf displayed malformed fonts\r\nembedded in PDF files. An attacker could create a malicious PDF file that\r\nwould cause xpdf to crash, or, potentially, execute arbitrary code when\r\nopened. (CVE-2008-1693)\r\n\r\nUsers are advised to upgrade to these updated packages, which contain\r\nbackported patches to resolve this issue.", "modified": "2017-09-08T11:51:23", "published": "2008-04-17T04:00:00", "id": "RHSA-2008:0240", "href": "https://access.redhat.com/errata/RHSA-2008:0240", "type": "redhat", "title": "(RHSA-2008:0240) Important: xpdf security update", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T17:45:53", "bulletinFamily": "unix", "description": "gpdf is a GNOME-based viewer for Portable Document Format (PDF) files.\n\nKees Cook discovered a flaw in the way gpdf displayed malformed fonts\nembedded in PDF files. An attacker could create a malicious PDF file that\nwould cause gpdf to crash, or, potentially, execute arbitrary code when\nopened. (CVE-2008-1693)\n\nUsers of gpdf are advised to upgrade to this updated package, which\ncontains a backported patch to resolve this issue.", "modified": "2017-09-08T12:10:04", "published": "2008-05-08T04:00:00", "id": "RHSA-2008:0262", "href": "https://access.redhat.com/errata/RHSA-2008:0262", "type": "redhat", "title": "(RHSA-2008:0262) Important: gpdf security update", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T17:44:31", "bulletinFamily": "unix", "description": "The kdegraphics packages contain applications for the K Desktop\r\nEnvironment, including kpdf, a PDF file viewer.\r\n\r\nKees Cook discovered a flaw in the way kpdf displayed malformed fonts\r\nembedded in PDF files. An attacker could create a malicious PDF file that\r\nwould cause kpdf to crash, or, potentially, execute arbitrary code when\r\nopened. (CVE-2008-1693)\r\n\r\nAll kdegraphics users are advised to upgrade to these updated packages,\r\nwhich contain backported patches to resolve this issue.", "modified": "2017-09-08T11:50:59", "published": "2008-04-17T04:00:00", "id": "RHSA-2008:0238", "href": "https://access.redhat.com/errata/RHSA-2008:0238", "type": "redhat", "title": "(RHSA-2008:0238) Important: kdegraphics security update", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T17:42:31", "bulletinFamily": "unix", "description": "Poppler is a PDF rendering library, used by applications such as Evince.\r\n\r\nKees Cook discovered a flaw in the way poppler displayed malformed fonts\r\nembedded in PDF files. An attacker could create a malicious PDF file that\r\nwould cause applications that use poppler -- such as Evince -- to crash,\r\nor, potentially, execute arbitrary code when opened. (CVE-2008-1693)\r\n\r\nUsers are advised to upgrade to these updated packages, which contain\r\nbackported patches to resolve this issue.", "modified": "2017-09-08T12:09:31", "published": "2008-04-17T04:00:00", "id": "RHSA-2008:0239", "href": "https://access.redhat.com/errata/RHSA-2008:0239", "type": "redhat", "title": "(RHSA-2008:0239) Important: poppler security update", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:10:17", "bulletinFamily": "unix", "description": "It was discovered that the poppler PDF library did not correctly handle certain malformed embedded fonts. If a user or an automated system were tricked into opening a malicious PDF, a remote attacker could execute arbitrary code with user privileges.", "modified": "2008-04-17T00:00:00", "published": "2008-04-17T00:00:00", "id": "USN-603-1", "href": "https://usn.ubuntu.com/603-1/", "title": "poppler vulnerability", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T00:10:01", "bulletinFamily": "unix", "description": "USN-603-1 fixed vulnerabilities in poppler. This update provides the corresponding updates for KWord, part of KOffice.\n\nOriginal advisory details:\n\nIt was discovered that the poppler PDF library did not correctly handle certain malformed embedded fonts. If a user or an automated system were tricked into opening a malicious PDF, a remote attacker could execute arbitrary code with user privileges.", "modified": "2008-04-17T00:00:00", "published": "2008-04-17T00:00:00", "id": "USN-603-2", "href": "https://usn.ubuntu.com/603-2/", "title": "KOffice vulnerability", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
