Lucene search
Copyright (c) 2011 Greenbone Networks GmbHOPENVAS:831342HistoryMar 07, 2011 - 12:00 a.m.
Mandriva Update for pango MDVSA-2011:040 (pango)
2011-03-0700:00:00
Copyright (c) 2011 Greenbone Networks GmbH
plugins.openvas.org
11
EPSS
0.075
Percentile
94.1%
Check for the Version of pango
###############################################################################
# OpenVAS Vulnerability Test
#
# Mandriva Update for pango MDVSA-2011:040 (pango)
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "A vulnerability has been found and corrected in pango:
It was discovered that pango did not check for memory reallocation
failures in hb_buffer_ensure() function. This could trigger a NULL
pointer dereference in hb_buffer_add_glyph(), where possibly untrusted
input is used as an index used for accessing members of the incorrectly
reallocated array, resulting in the use of NULL address as the base
array address. This can result in application crash or, possibly,
code execution (CVE-2011-1002).
The updated packages have been patched to correct this issue.";
tag_solution = "Please Install the Updated Packages.";
tag_affected = "pango on Mandriva Linux 2010.0,
Mandriva Linux 2010.0/X86_64,
Mandriva Linux 2010.1,
Mandriva Linux 2010.1/X86_64";
if(description)
{
script_xref(name : "URL" , value : "http://lists.mandriva.com/security-announce/2011-03/msg00001.php");
script_id(831342);
script_version("$Revision: 6570 $");
script_tag(name:"last_modification", value:"$Date: 2017-07-06 15:06:35 +0200 (Thu, 06 Jul 2017) $");
script_tag(name:"creation_date", value:"2011-03-07 06:45:55 +0100 (Mon, 07 Mar 2011)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_xref(name: "MDVSA", value: "2011:040");
script_cve_id("CVE-2011-1002");
script_name("Mandriva Update for pango MDVSA-2011:040 (pango)");
script_summary("Check for the Version of pango");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
script_family("Mandrake Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mandriva_mandrake_linux", "ssh/login/release");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "MNDK_2010.1")
{
if ((res = isrpmvuln(pkg:"libpango1.0_0", rpm:"libpango1.0_0~1.28.0~1.2mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libpango1.0_0-modules", rpm:"libpango1.0_0-modules~1.28.0~1.2mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libpango1.0-devel", rpm:"libpango1.0-devel~1.28.0~1.2mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"pango", rpm:"pango~1.28.0~1.2mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"pango-doc", rpm:"pango-doc~1.28.0~1.2mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64pango1.0_0", rpm:"lib64pango1.0_0~1.28.0~1.2mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64pango1.0_0-modules", rpm:"lib64pango1.0_0-modules~1.28.0~1.2mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64pango1.0-devel", rpm:"lib64pango1.0-devel~1.28.0~1.2mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "MNDK_2010.0")
{
if ((res = isrpmvuln(pkg:"libpango1.0_0", rpm:"libpango1.0_0~1.26.1~1.4mdv2010.0", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libpango1.0_0-modules", rpm:"libpango1.0_0-modules~1.26.1~1.4mdv2010.0", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libpango1.0-devel", rpm:"libpango1.0-devel~1.26.1~1.4mdv2010.0", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"pango", rpm:"pango~1.26.1~1.4mdv2010.0", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"pango-doc", rpm:"pango-doc~1.26.1~1.4mdv2010.0", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64pango1.0_0", rpm:"lib64pango1.0_0~1.26.1~1.4mdv2010.0", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64pango1.0_0-modules", rpm:"lib64pango1.0_0-modules~1.26.1~1.4mdv2010.0", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64pango1.0-devel", rpm:"lib64pango1.0-devel~1.26.1~1.4mdv2010.0", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
Related
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:56:03
openvas
openvas
Debian: Security Advisory (DSA-2174-1)
2011-03-09 00:00:00
Oracle: Security Advisory (ELSA-2011-0436)
2015-10-06 00:00:00
Ubuntu Update for avahi vulnerability USN-1084-1
2011-03-15 00:00:00
nessus
nessus
Oracle Linux 5 : avahi (ELSA-2011-0436)
2013-07-12 00:00:00
CentOS 5 : avahi (CESA-2011:0436)
2011-04-15 00:00:00
RHEL 5 : avahi (RHSA-2011:0436)
2011-04-13 00:00:00
debian
debian
[SECURITY] [DSA 2174-1] avahi security update
2011-02-26 15:50:04
redhat
redhat
(RHSA-2011:0436) Moderate: avahi security update
2011-04-12 00:00:00
(RHSA-2011:0779) Moderate: avahi security and bug fix update
2011-05-19 00:00:00
oraclelinux
oraclelinux
avahi security update
2011-04-12 00:00:00
avahi security and bug fix update
2011-05-28 00:00:00
centos
centos
avahi security update
2011-04-14 13:41:55
ubuntu
ubuntu
avahi vulnerability
2011-03-07 00:00:00
freebsd
freebsd
avahi -- denial of service
2011-02-21 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: avahi-0.6.29-1.fc15
2011-03-14 05:41:32
[SECURITY] Fedora 14 Update: avahi-0.6.27-8.fc14
2011-09-10 00:26:18
nvd
nvd
CVE-2011-0634
2011-02-22 19:00:01
CVE-2011-1002
2011-02-22 19:00:02
securityvulns
securityvulns
Avahi DNS server DoS
2011-02-24 00:00:00
[ MDVSA-2011:037 ] avahi
2011-02-24 00:00:00
gentoo
gentoo
Avahi: Denial of service
2011-10-22 00:00:00
cvelist
cvelist
CVE-2011-1002
2011-02-22 18:00:00
cve
cve
CVE-2011-0634
2011-02-22 19:00:01
CVE-2011-1002
2011-02-22 19:00:02
prion
prion
Code injection
2011-02-22 19:00:00
debiancve
debiancve
CVE-2011-1002
2011-02-22 19:00:02
ubuntucve
ubuntucve
CVE-2011-1002
2011-02-22 00:00:00
osv
osv
avahi-0.6.32-2.3 on GA media
2024-06-15 00:00:00
nmap
nmap
broadcast-avahi-dos NSE Script
2011-05-02 23:38:18
thn
thn
Nmap 5.59 BETA1 - 40 new NSE scripts & improved IPv6
2011-07-01 11:41:00