HistoryApr 28, 2009 - 12:00 a.m.

SuSE Security Advisory SUSE-SA:2009:026 (glib2)

The remote host is missing updates announced in
advisory SUSE-SA:2009:026.

tag_insight = "The advisory was resent because the previous one contained the wrong
Announcement ID.

The code library glib2 provides base64 encoding and decoding functions
that are vulnerable to integer overflows when processing very large strings.

Processes using this library functions for processing data from the network
can be exploited remotely to execute arbitrary code with the privileges of
the user running this process.";
tag_solution = "Update your system with the packages as indicated in
the referenced security advisory.";
tag_summary = "The remote host is missing updates announced in
advisory SUSE-SA:2009:026.";


 script_version("$Revision: 6668 $");
 script_tag(name:"last_modification", value:"$Date: 2017-07-11 15:34:29 +0200 (Tue, 11 Jul 2017) $");
 script_tag(name:"creation_date", value:"2009-04-28 20:40:12 +0200 (Tue, 28 Apr 2009)");
 script_tag(name:"cvss_base", value:"4.6");
 script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:P/I:P/A:P");
 script_name("SuSE Security Advisory SUSE-SA:2009:026 (glib2)");


 script_copyright("Copyright (c) 2009 E-Soft Inc.");
 script_family("SuSE Local Security Checks");
 script_mandatory_keys("ssh/login/suse", "ssh/login/rpms");
 script_tag(name : "insight" , value : tag_insight);
 script_tag(name : "solution" , value : tag_solution);
 script_tag(name : "summary" , value : tag_summary);
 script_tag(name:"qod_type", value:"package");
 script_tag(name:"solution_type", value:"VendorFix");

# The script code starts here


res = "";
report = "";
if ((res = isrpmvuln(pkg:"glib2-debuginfo", rpm:"glib2-debuginfo~2.18.2~5.2.1", rls:"openSUSE11.1")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"glib2-debugsource", rpm:"glib2-debugsource~2.18.2~5.2.1", rls:"openSUSE11.1")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"glib2", rpm:"glib2~2.18.2~5.2.1", rls:"openSUSE11.1")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"glib2-branding-upstream", rpm:"glib2-branding-upstream~2.18.2~5.2.1", rls:"openSUSE11.1")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"glib2-devel", rpm:"glib2-devel~2.18.2~5.2.1", rls:"openSUSE11.1")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"glib2-doc", rpm:"glib2-doc~2.18.2~5.2.1", rls:"openSUSE11.1")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"glib2-lang", rpm:"glib2-lang~2.18.2~5.2.1", rls:"openSUSE11.1")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"libgio-2_0-0", rpm:"libgio-2_0-0~2.18.2~5.2.1", rls:"openSUSE11.1")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"libgio-fam", rpm:"libgio-fam~2.18.2~5.2.1", rls:"openSUSE11.1")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"libglib-2_0-0", rpm:"libglib-2_0-0~2.18.2~5.2.1", rls:"openSUSE11.1")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"libgmodule-2_0-0", rpm:"libgmodule-2_0-0~2.18.2~5.2.1", rls:"openSUSE11.1")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"libgobject-2_0-0", rpm:"libgobject-2_0-0~2.18.2~5.2.1", rls:"openSUSE11.1")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"libgthread-2_0-0", rpm:"libgthread-2_0-0~2.18.2~5.2.1", rls:"openSUSE11.1")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"glib2-debuginfo", rpm:"glib2-debuginfo~2.16.3~20.6", rls:"openSUSE11.0")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"glib2-debugsource", rpm:"glib2-debugsource~2.16.3~20.6", rls:"openSUSE11.0")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"glib2", rpm:"glib2~2.16.3~20.6", rls:"openSUSE11.0")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"glib2-branding-upstream", rpm:"glib2-branding-upstream~2.16.3~20.6", rls:"openSUSE11.0")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"glib2-devel", rpm:"glib2-devel~2.16.3~20.6", rls:"openSUSE11.0")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"glib2-doc", rpm:"glib2-doc~2.16.3~20.6", rls:"openSUSE11.0")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"glib2-lang", rpm:"glib2-lang~2.16.3~20.6", rls:"openSUSE11.0")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"libgio-2_0-0", rpm:"libgio-2_0-0~2.16.3~20.6", rls:"openSUSE11.0")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"libgio-fam", rpm:"libgio-fam~2.16.3~20.6", rls:"openSUSE11.0")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"libglib-2_0-0", rpm:"libglib-2_0-0~2.16.3~20.6", rls:"openSUSE11.0")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"libgmodule-2_0-0", rpm:"libgmodule-2_0-0~2.16.3~20.6", rls:"openSUSE11.0")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"libgobject-2_0-0", rpm:"libgobject-2_0-0~2.16.3~20.6", rls:"openSUSE11.0")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"libgthread-2_0-0", rpm:"libgthread-2_0-0~2.16.3~20.6", rls:"openSUSE11.0")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"glib2", rpm:"glib2~2.14.1~4.4", rls:"openSUSE10.3")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"glib2-devel", rpm:"glib2-devel~2.14.1~4.4", rls:"openSUSE10.3")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"glib2-doc", rpm:"glib2-doc~2.14.1~4.4", rls:"openSUSE10.3")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"glib2-lang", rpm:"glib2-lang~2.14.1~4.4", rls:"openSUSE10.3")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"glib2-debuginfo-64bit", rpm:"glib2-debuginfo-64bit~2.18.2~5.2.1", rls:"openSUSE11.1")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"libgio-2_0-0-64bit", rpm:"libgio-2_0-0-64bit~2.18.2~5.2.1", rls:"openSUSE11.1")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"libglib-2_0-0-64bit", rpm:"libglib-2_0-0-64bit~2.18.2~5.2.1", rls:"openSUSE11.1")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"libgmodule-2_0-0-64bit", rpm:"libgmodule-2_0-0-64bit~2.18.2~5.2.1", rls:"openSUSE11.1")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"libgobject-2_0-0-64bit", rpm:"libgobject-2_0-0-64bit~2.18.2~5.2.1", rls:"openSUSE11.1")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"libgthread-2_0-0-64bit", rpm:"libgthread-2_0-0-64bit~2.18.2~5.2.1", rls:"openSUSE11.1")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"glib2-devel-64bit", rpm:"glib2-devel-64bit~2.16.3~20.6", rls:"openSUSE11.0")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"libgio-2_0-0-64bit", rpm:"libgio-2_0-0-64bit~2.16.3~20.6", rls:"openSUSE11.0")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"libglib-2_0-0-64bit", rpm:"libglib-2_0-0-64bit~2.16.3~20.6", rls:"openSUSE11.0")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"libgmodule-2_0-0-64bit", rpm:"libgmodule-2_0-0-64bit~2.16.3~20.6", rls:"openSUSE11.0")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"libgobject-2_0-0-64bit", rpm:"libgobject-2_0-0-64bit~2.16.3~20.6", rls:"openSUSE11.0")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"libgthread-2_0-0-64bit", rpm:"libgthread-2_0-0-64bit~2.16.3~20.6", rls:"openSUSE11.0")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"glib2-64bit", rpm:"glib2-64bit~2.14.1~4.4", rls:"openSUSE10.3")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"glib2-devel-64bit", rpm:"glib2-devel-64bit~2.14.1~4.4", rls:"openSUSE10.3")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"glib2-debuginfo-32bit", rpm:"glib2-debuginfo-32bit~2.18.2~5.2.1", rls:"openSUSE11.1")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"libgio-2_0-0-32bit", rpm:"libgio-2_0-0-32bit~2.18.2~5.2.1", rls:"openSUSE11.1")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"libglib-2_0-0-32bit", rpm:"libglib-2_0-0-32bit~2.18.2~5.2.1", rls:"openSUSE11.1")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"libgmodule-2_0-0-32bit", rpm:"libgmodule-2_0-0-32bit~2.18.2~5.2.1", rls:"openSUSE11.1")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"libgobject-2_0-0-32bit", rpm:"libgobject-2_0-0-32bit~2.18.2~5.2.1", rls:"openSUSE11.1")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"libgthread-2_0-0-32bit", rpm:"libgthread-2_0-0-32bit~2.18.2~5.2.1", rls:"openSUSE11.1")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"libgio-2_0-0-32bit", rpm:"libgio-2_0-0-32bit~2.16.3~20.6", rls:"openSUSE11.0")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"libglib-2_0-0-32bit", rpm:"libglib-2_0-0-32bit~2.16.3~20.6", rls:"openSUSE11.0")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"libgmodule-2_0-0-32bit", rpm:"libgmodule-2_0-0-32bit~2.16.3~20.6", rls:"openSUSE11.0")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"libgobject-2_0-0-32bit", rpm:"libgobject-2_0-0-32bit~2.16.3~20.6", rls:"openSUSE11.0")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"libgthread-2_0-0-32bit", rpm:"libgthread-2_0-0-32bit~2.16.3~20.6", rls:"openSUSE11.0")) != NULL) {
    report += res;
if ((res = isrpmvuln(pkg:"glib2-32bit", rpm:"glib2-32bit~2.14.1~4.4", rls:"openSUSE10.3")) != NULL) {
    report += res;

if (report != "") {
} else if (__pkg_match) {
    exit(99); # Not vulnerable.