Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (c) 2011 Greenbone Networks GmbHOPENVAS:840602
HistoryMar 07, 2011 - 12:00 a.m.

Ubuntu Update for pango1.0 vulnerabilities USN-1082-1

2011-03-0700:00:00
Copyright (c) 2011 Greenbone Networks GmbH
plugins.openvas.org
17

0.186 Low

EPSS

Percentile

96.2%

JSON

Ubuntu Update for Linux kernel vulnerabilities USN-1082-1

###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_ubuntu_USN_1082_1.nasl 7964 2017-12-01 07:32:11Z santu $
#
# Ubuntu Update for pango1.0 vulnerabilities USN-1082-1
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");
tag_insight = "Marc Schoenefeld discovered that Pango incorrectly handled certain Glyph
  Definition (GDEF) tables. If a user were tricked into displaying text with
  a specially-crafted font, an attacker could cause Pango to crash, resulting
  in a denial of service. This issue only affected Ubuntu 8.04 LTS and 9.10.
  (CVE-2010-0421)

  Dan Rosenberg discovered that Pango incorrectly handled certain FT_Bitmap
  objects. If a user were tricked into displaying text with a specially-
  crafted font, an attacker could cause a denial of service or execute
  arbitrary code with privileges of the user invoking the program. The
  default compiler options for affected releases should reduce the
  vulnerability to a denial of service. (CVE-2011-0020)
  
  It was discovered that Pango incorrectly handled certain memory
  reallocation failures. If a user were tricked into displaying text in a way
  that would cause a reallocation failure, an attacker could cause a denial
  of service or execute arbitrary code with privileges of the user invoking
  the program. This issue only affected Ubuntu 9.10, 10.04 LTS and 10.10.
  (CVE-2011-0064)";

tag_summary = "Ubuntu Update for Linux kernel vulnerabilities USN-1082-1";
tag_affected = "pango1.0 vulnerabilities on Ubuntu 8.04 LTS ,
  Ubuntu 9.10 ,
  Ubuntu 10.04 LTS ,
  Ubuntu 10.10";
tag_solution = "Please Install the Updated Packages.";


if(description)
{
  script_xref(name: "URL" , value: "http://www.ubuntu.com/usn/usn-1082-1/");
  script_id(840602);
  script_version("$Revision: 7964 $");
  script_tag(name:"last_modification", value:"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $");
  script_tag(name:"creation_date", value:"2011-03-07 06:45:55 +0100 (Mon, 07 Mar 2011)");
  script_tag(name:"cvss_base", value:"7.6");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:H/Au:N/C:C/I:C/A:C");
  script_xref(name: "USN", value: "1082-1");
  script_cve_id("CVE-2010-0421", "CVE-2011-0020", "CVE-2011-0064");
  script_name("Ubuntu Update for pango1.0 vulnerabilities USN-1082-1");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
  script_family("Ubuntu Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages");
  script_tag(name : "summary" , value : tag_summary);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("pkg-lib-deb.inc");

release = get_kb_item("ssh/login/release");


res = "";
if(release == NULL){
  exit(0);
}

if(release == "UBUNTU9.10")
{

  if ((res = isdpkgvuln(pkg:"libpango1.0-0-dbg", ver:"1.26.0-1ubuntu0.1", rls:"UBUNTU9.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libpango1.0-0", ver:"1.26.0-1ubuntu0.1", rls:"UBUNTU9.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libpango1.0-dev", ver:"1.26.0-1ubuntu0.1", rls:"UBUNTU9.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libpango1.0-common", ver:"1.26.0-1ubuntu0.1", rls:"UBUNTU9.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libpango1.0-doc", ver:"1.26.0-1ubuntu0.1", rls:"UBUNTU9.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libpango1.0-udeb", ver:"1.26.0-1ubuntu0.1", rls:"UBUNTU9.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}


if(release == "UBUNTU10.10")
{

  if ((res = isdpkgvuln(pkg:"gir1.0-pango-1.0", ver:"1.28.2-0ubuntu1.1", rls:"UBUNTU10.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libpango1.0-0-dbg", ver:"1.28.2-0ubuntu1.1", rls:"UBUNTU10.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libpango1.0-0", ver:"1.28.2-0ubuntu1.1", rls:"UBUNTU10.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libpango1.0-dev", ver:"1.28.2-0ubuntu1.1", rls:"UBUNTU10.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libpango1.0-common", ver:"1.28.2-0ubuntu1.1", rls:"UBUNTU10.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libpango1.0-doc", ver:"1.28.2-0ubuntu1.1", rls:"UBUNTU10.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libpango1.0-udeb", ver:"1.28.2-0ubuntu1.1", rls:"UBUNTU10.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}


if(release == "UBUNTU10.04 LTS")
{

  if ((res = isdpkgvuln(pkg:"gir1.0-pango-1.0", ver:"1.28.0-0ubuntu2.2", rls:"UBUNTU10.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libpango1.0-0-dbg", ver:"1.28.0-0ubuntu2.2", rls:"UBUNTU10.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libpango1.0-0", ver:"1.28.0-0ubuntu2.2", rls:"UBUNTU10.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libpango1.0-dev", ver:"1.28.0-0ubuntu2.2", rls:"UBUNTU10.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libpango1.0-common", ver:"1.28.0-0ubuntu2.2", rls:"UBUNTU10.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libpango1.0-doc", ver:"1.28.0-0ubuntu2.2", rls:"UBUNTU10.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libpango1.0-udeb", ver:"1.28.0-0ubuntu2.2", rls:"UBUNTU10.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}


if(release == "UBUNTU8.04 LTS")
{

  if ((res = isdpkgvuln(pkg:"libpango1.0-0-dbg", ver:"1.20.5-0ubuntu1.2", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libpango1.0-0", ver:"1.20.5-0ubuntu1.2", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libpango1.0-dev", ver:"1.20.5-0ubuntu1.2", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libpango1.0-common", ver:"1.20.5-0ubuntu1.2", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libpango1.0-doc", ver:"1.20.5-0ubuntu1.2", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"libpango1.0-udeb", ver:"1.20.5-0ubuntu1.2", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}

Related

openvas 28
nessus 27
ubuntu 1
gentoo 1
centos 2
debiancve 3
redhat 3
ubuntucve 3
fedora 1
oraclelinux 3
osv 1
cve 3
veracode 2
cvelist 3
nvd 3
debian 3
securityvulns 7
prion 3
rosalinux 1
openvas
openvas
Ubuntu: Security Advisory (USN-1082-1)
2011-03-07 00:00:00
Gentoo Security Advisory GLSA 201405-13
2015-09-29 00:00:00
RedHat Update for pango RHSA-2011:0180-01
2011-01-31 00:00:00
nessus
nessus
Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : pango1.0 vulnerabilities (USN-1082-1)
2011-03-03 00:00:00
openSUSE Security Update : libpango-1_0-0 (openSUSE-SU-2011:0221-1)
2011-05-05 00:00:00
openSUSE Security Update : libpango-1_0-0 (openSUSE-SU-2011:0221-1)
2014-06-13 00:00:00
ubuntu
ubuntu
Pango vulnerabilities
2011-03-02 00:00:00
gentoo
gentoo
Pango: Multiple vulnerabilities
2014-05-17 00:00:00
centos
centos
evolution28 security update
2011-02-04 10:45:23
evolution28, pango security update
2010-03-16 13:01:20
debiancve
debiancve
CVE-2011-0020
2011-01-24 18:00:03
CVE-2011-0064
2011-03-07 21:00:01
CVE-2010-0421
2010-03-18 17:30:00
redhat
redhat
(RHSA-2011:0180) Moderate: pango security update
2011-01-27 00:00:00
(RHSA-2011:0309) Critical: pango security update
2011-03-01 00:00:00
(RHSA-2010:0140) Moderate: pango security update
2010-03-15 00:00:00
ubuntucve
ubuntucve
CVE-2011-0064
2011-03-01 00:00:00
CVE-2010-0421
2010-03-18 00:00:00
CVE-2011-0020
2011-01-24 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: pango-1.28.1-5.fc14
2011-03-16 19:54:59
oraclelinux
oraclelinux
pango security update
2010-03-15 00:00:00
pango security update
2011-03-01 00:00:00
pango security update
2011-01-27 00:00:00
osv
osv
pango1.0 - denial of service
2010-03-20 00:00:00
cve
cve
CVE-2010-0421
2010-03-18 17:30:00
CVE-2011-0064
2011-03-07 21:00:01
CVE-2011-0020
2011-01-24 18:00:03
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:40:49
Arbitrary Code Execution
2020-04-10 00:59:27
cvelist
cvelist
CVE-2010-0421
2010-03-18 17:12:00
CVE-2011-0064
2011-03-07 20:00:00
CVE-2011-0020
2011-01-24 17:00:00
nvd
nvd
CVE-2011-0064
2011-03-07 21:00:01
CVE-2010-0421
2010-03-18 17:30:00
CVE-2011-0020
2011-01-24 18:00:03
debian
debian
[SECURITY] [DSA 2178-1] pango1.0 security update
2011-03-02 20:10:55
[SECURITY] [DSA-2019-1] New pango1.0 packages fix denial of service
2010-03-20 09:41:28
[SECURITY] [DSA-2019-1] New pango1.0 packages fix denial of service
2010-03-20 09:41:28
securityvulns
securityvulns
Pango library NULL pointer dereference
2011-03-03 00:00:00
[SECURITY] [DSA 2178-1] pango1.0 security update
2011-03-03 00:00:00
pango / libpango buffer overflow
2011-02-04 00:00:00
prion
prion
Null pointer dereference
2011-03-07 21:00:00
Design/Logic Flaw
2010-03-18 17:30:00
Heap overflow
2011-01-24 18:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2371
2024-03-12 12:37:38

0.186 Low

EPSS

Percentile

96.2%

JSON
Related for OPENVAS:840602
openvas28nessus27ubuntu1gentoo1centos2debiancve3redhat3ubuntucve3fedora1oraclelinux3osv1cve3veracode2cvelist3nvd3debian3securityvulns7prion3rosalinux1