Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name MDVSA-2011:146 First vendor Publication 2011-10-11
Vendor Mandriva Last vendor Modification 2011-10-11
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple vulnerabilities has been discovered and corrected in cups:

The cupsDoAuthentication function in auth.c in the client in CUPS before 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a demand for authorization, which allows remote CUPS servers to cause a denial of service (infinite loop) via HTTP_UNAUTHORIZED responses (CVE-2010-2432).

The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895 (CVE-2011-2896).

The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896 (CVE-2011-3170).

Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct these issues.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2011:146

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
25 % CWE-787 Out-of-bounds Write (CWE/SANS Top 25)
25 % CWE-399 Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:14612
 
Oval ID: oval:org.mitre.oval:def:14612
Title: USN-1191-1 -- libXfont vulnerability
Description: libxfont: X11 font rasterisation library libXfont could be made to run programs as an administrator if it opened a specially crafted file.
Family: unix Class: patch
Reference(s): USN-1191-1
CVE-2011-2895
Version: 5
Platform(s): Ubuntu 11.04
Ubuntu 10.04
Ubuntu 10.10
Product(s): libXfont
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14918
 
Oval ID: oval:org.mitre.oval:def:14918
Title: DSA-2293-1 libxfont -- buffer overflow
Description: Tomas Hoger found a buffer overflow in the X.Org libXfont library, which may allow for a local privilege escalation through crafted font files.
Family: unix Class: patch
Reference(s): DSA-2293-1
CVE-2011-2895
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): libxfont
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15027
 
Oval ID: oval:org.mitre.oval:def:15027
Title: USN-1207-1 -- CUPS vulnerabilities
Description: cups: Common UNIX Printing System - server - cupsys: Common UNIX Printing System - server An attacker could send crafted print jobs to CUPS and cause it to crash or run programs.
Family: unix Class: patch
Reference(s): USN-1207-1
CVE-2011-2896
CVE-2011-3170
Version: 5
Platform(s): Ubuntu 11.04
Ubuntu 8.04
Ubuntu 10.04
Ubuntu 10.10
Product(s): CUPS
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15349
 
Oval ID: oval:org.mitre.oval:def:15349
Title: DSA-2354-1 cups -- several
Description: Petr Sklenar and Tomas Hoger discovered that missing input sanitising in the GIF decoder inside the Cups printing system could lead to denial of service or potentially arbitrary code execution through crafted GIF files.
Family: unix Class: patch
Reference(s): DSA-2354-1
CVE-2011-2896
CVE-2011-3170
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): cups
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15350
 
Oval ID: oval:org.mitre.oval:def:15350
Title: DSA-2426-1 gimp -- several
Description: Several vulnerabilities have been identified in GIMP, the GNU Image Manipulation Program. CVE-2010-4540 Stack-based buffer overflow in the load_preset_response function in plug-ins/lighting/lighting-ui.c in the "LIGHTING EFFECTS > LIGHT" plugin allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a long Position field in a plugin configuration file. CVE-2010-4541 Stack-based buffer overflow in the loadit function in plug-ins/common/sphere-designer.c in the SPHERE DESIGNER plugin allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a long "Number of lights" field in a plugin configuration file. CVE-2010-4542 Stack-based buffer overflow in the gfig_read_parameter_gimp_rgb function in in the GFIG plugin allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a long Foreground field in a plugin configuration file. CVE-2010-4543 Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro plugin allows remote attackers to cause a denial of service or possibly execute arbitrary code via a PSP_COMP_RLE image file that begins a long run count at the end of the image. CVE-2011-1782 The correction for CVE-2010-4543 was incomplete. CVE-2011-2896 The LZW decompressor in the LZWReadByte function in plug-ins/common/file-gif-load.c does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream.
Family: unix Class: patch
Reference(s): DSA-2426-1
CVE-2010-4540
CVE-2010-4541
CVE-2010-4542
CVE-2010-4543
CVE-2011-1782
CVE-2011-2896
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): gimp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21028
 
Oval ID: oval:org.mitre.oval:def:21028
Title: USN-1214-1 -- gimp vulnerability
Description: GIMP could be made to run programs as your login if it opened a specially crafted GIF file.
Family: unix Class: patch
Reference(s): USN-1214-1
CVE-2011-2896
Version: 5
Platform(s): Ubuntu 11.04
Ubuntu 10.10
Ubuntu 10.04
Product(s): gimp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21320
 
Oval ID: oval:org.mitre.oval:def:21320
Title: RHSA-2012:0302: cups security and bug fix update (Low)
Description: The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895.
Family: unix Class: patch
Reference(s): RHSA-2012:0302-03
CVE-2011-2896
Version: 4
Platform(s): Red Hat Enterprise Linux 5
Product(s): cups
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22062
 
Oval ID: oval:org.mitre.oval:def:22062
Title: RHSA-2011:1154: libXfont security update (Important)
Description: The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.
Family: unix Class: patch
Reference(s): RHSA-2011:1154-01
CESA-2011:1154
CVE-2011-2895
Version: 4
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): libXfont
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23080
 
Oval ID: oval:org.mitre.oval:def:23080
Title: ELSA-2012:0302: cups security and bug fix update (Low)
Description: The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895.
Family: unix Class: patch
Reference(s): ELSA-2012:0302-03
CVE-2011-2896
Version: 6
Platform(s): Oracle Linux 5
Product(s): cups
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23366
 
Oval ID: oval:org.mitre.oval:def:23366
Title: DEPRECATED: ELSA-2011:1154: libXfont security update (Important)
Description: The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.
Family: unix Class: patch
Reference(s): ELSA-2011:1154-01
CVE-2011-2895
Version: 7
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): libXfont
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23404
 
Oval ID: oval:org.mitre.oval:def:23404
Title: ELSA-2011:1154: libXfont security update (Important)
Description: The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.
Family: unix Class: patch
Reference(s): ELSA-2011:1154-01
CVE-2011-2895
Version: 6
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): libXfont
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27046
 
Oval ID: oval:org.mitre.oval:def:27046
Title: RHSA-2011:1635 -- cups security and bug fix update (Low)
Description: The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW) decompression algorithm implementation used by the CUPS GIF image format reader. An attacker could create a malicious GIF image file that, when printed, could possibly cause CUPS to crash or, potentially, execute arbitrary code with the privileges of the "lp" user. (CVE-2011-2896) These updated cups packages also provide fixes for the following bugs: * Previously CUPS was not correctly handling the language setting LANG=en_US.ASCII. As a consequence lpadmin, lpstat and lpinfo binaries were not displaying any output when the LANG=en_US.ASCII environment variable was used. As a result of this update the problem is fixed and the expected output is now displayed. (BZ#681836) * Previously the scheduler did not check for empty values of several configuration directives. As a consequence it was possible for the CUPS daemon (cupsd) to crash when a configuration file contained certain empty values. With this update the problem is fixed and cupsd no longer crashes when reading such a configuration file. (BZ#706673) * Previously when printing to a raw print queue, when using certain printer models, CUPS was incorrectly sending SNMP queries. As a consequence there was a noticeable 4-second delay between queueing the job and the start of printing. With this update the problem is fixed and CUPS no longer tries to collect SNMP supply and status information for raw print queues. (BZ#709896) * Previously when using the BrowsePoll directive it could happen that the CUPS printer polling daemon (cups-polld) began polling before the network interfaces were set up after a system boot. CUPS was then caching the failed hostname lookup. As a consequence no printers were found and the error, "Host name lookup failure", was logged. With this update the code that re-initializes the resolver after failure in cups-polld is fixed and as a result CUPS will obtain the correct network settings to use in printer discovery. (BZ#712430) * The MaxJobs directive controls the maximum number of print jobs that are kept in memory. Previously, once the number of jobs reached the limit, the CUPS system failed to automatically purge the data file associated with the oldest completed job from the system in order to make room for a new print job. This bug has been fixed, and the jobs beyond the set limit are now properly purged. (BZ#735505) * The cups init script (/etc/rc.d/init.d/cups) uses the daemon function (from /etc/rc.d/init.d/functions) to start the cups process, but previously it did not source a configuration file from the /etc/sysconfig/ directory. As a consequence, it was difficult to cleanly set the nice level or cgroup for the cups daemon by setting the NICELEVEL or CGROUP_DAEMON variables. With this update, the init script is fixed. (BZ#744791) All users of CUPS are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the cupsd daemon will be restarted automatically.
Family: unix Class: patch
Reference(s): RHSA-2011:1635
CVE-2011-2896
Version: 3
Platform(s): Red Hat Enterprise Linux 6
Product(s): cups
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27680
 
Oval ID: oval:org.mitre.oval:def:27680
Title: DEPRECATED: ELSA-2012-0302 -- cups security and bug fix update (low)
Description: [1:1.3.7-30] - Backported patch to fix transcoding for ASCII (bug #759081, STR #3832). [1:1.3.7-29] - The imageto* filters could crash with bad GIF files (CVE-2011-2896, STR #3867, STR #3914, bug #752118). [1:1.3.7-28] - Web interface didn't show completed jobs for printer (STR #3436, bug #625900) - Serial backend didn't allow a raw job to be canceled (STR #3649, bug #625955) - Fixed condition in textonly filter to create temporary file regardless of the number of copies specified. (bug #660518) [1:1.3.7-27] - Call avc_init() only once to not leak file descriptors (bug #668009).
Family: unix Class: patch
Reference(s): ELSA-2012-0302
CVE-2011-2896
Version: 4
Platform(s): Oracle Linux 5
Product(s): cups
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27729
 
Oval ID: oval:org.mitre.oval:def:27729
Title: DEPRECATED: ELSA-2012-0308 -- busybox security and bug fix update (low)
Description: [1:1.2.0-13] - Resolves: #768083 'busybox various flaws' including: 'buffer underflow in decompression' 'udhcpc insufficient checking of DHCP options' [1:1.2.0-12] - Resolves: #756723 'Kdump fails after findfs subcommand of busybox fails' [1:1.2.0-11] - Resolves: #689659 ''busybox cp' does not return a correct exit code when 'No space left on device''
Family: unix Class: patch
Reference(s): ELSA-2012-0308
CVE-2011-2716
CVE-2006-1168
Version: 4
Platform(s): Oracle Linux 5
Product(s): busybox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27752
 
Oval ID: oval:org.mitre.oval:def:27752
Title: DEPRECATED: ELSA-2012-1181 -- gimp security update (moderate)
Description: [2:2.2.13-2.0.7.el5_8.5] - fix overflow in GIF loader (CVE-2012-3481) [2:2.2.13-2.0.7.el5_8.4] - fix overflows in PSD plugin (CVE-2009-3909, CVE-2012-3402) - fix heap corruption and overflow in GIF plug-in (CVE-2011-2896) - fix overflow in CEL plug-in (CVE-2012-3403)
Family: unix Class: patch
Reference(s): ELSA-2012-1181
CVE-2009-3909
CVE-2012-3402
CVE-2012-3403
CVE-2012-3481
CVE-2011-2896
Version: 4
Platform(s): Oracle Linux 5
Product(s): gimp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27773
 
Oval ID: oval:org.mitre.oval:def:27773
Title: DEPRECATED: ELSA-2012-0810 -- busybox security and bug fix update (low)
Description: [1:1.15.1-15] - Fix btrfs support to findfs and related applets - Resolves: #751927 [1:1.15.1-14] - Resolves: #790335 'busybox various flaws' Added a fix for SEGV on empty command in hush [1:1.15.1-13] - Resolves: #790335 'busybox various flaws' including: 'buffer underflow in decompression' 'udhcpc insufficient checking of DHCP options' [1:1.15.1-12] - Backport 'set -o pipefail' support - Resolves: #782018 - Add btrfs support to findfs and related applets - Resolves: #751927
Family: unix Class: patch
Reference(s): ELSA-2012-0810
CVE-2011-2716
CVE-2006-1168
Version: 4
Platform(s): Oracle Linux 6
Product(s): busybox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27838
 
Oval ID: oval:org.mitre.oval:def:27838
Title: DEPRECATED: ELSA-2012-1180 -- gimp security update (moderate)
Description: [2:2.6.9-4.3] - fix overflow in GIF loader (#847303) [2:2.6.9-4.2] - fix overflows in GIF, CEL loaders (#727800, #839020)
Family: unix Class: patch
Reference(s): ELSA-2012-1180
CVE-2012-3403
CVE-2012-3481
CVE-2011-2896
Version: 4
Platform(s): Oracle Linux 6
Product(s): gimp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28007
 
Oval ID: oval:org.mitre.oval:def:28007
Title: ELSA-2011-1635 -- cups security and bug fix update (low)
Description: [1.4.2-44] - Init script should source /etc/sysconfig/cups (bug #744791) [1.4.2-43] - The scheduler might leave old job data files in the spool directory (STR #3795, STR #3880, bug #735505). [1.4.2-42] - A further fix for imageto* filters crashing with bad GIF files (STR #3914, bug #714118). [1.4.2-41] - The imageto* filters could crash with bad GIF files (STR #3867, bug #714118). [1.4.2-40] - Map ASCII to ISO-8859-1 in the transcoding code (STR #3832, bug #681836). - Check for empty values for some configuration directives (STR #3861, bug #706673). - The network backends no longer try to collect SNMP supply and status information for raw queues (STR #3809, bug #709896). - Handle EAI_NONAME when resolving hostnames (bug #712430).
Family: unix Class: patch
Reference(s): ELSA-2011-1635
CVE-2011-2896
Version: 3
Platform(s): Oracle Linux 6
Product(s): cups
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28127
 
Oval ID: oval:org.mitre.oval:def:28127
Title: DEPRECATED: ELSA-2011-1154 -- libXfont security update (important)
Description: [1.4.1-2] - cve-2011-2895.patch: LZW decompression heap corruption
Family: unix Class: patch
Reference(s): ELSA-2011-1154
CVE-2011-2895
Version: 4
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): libXfont
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9373
 
Oval ID: oval:org.mitre.oval:def:9373
Title: The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow.
Description: The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow.
Family: unix Class: vulnerability
Reference(s): CVE-2006-1168
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 96
Application 1
Application 28
Application 1
Application 38
Application 21
Os 1
Os 1
Os 21

OpenVAS Exploits

Date Description
2012-10-03 Name : Gentoo Security Advisory GLSA 201209-23 (gimp)
File : nvt/glsa_201209_23.nasl
2012-08-21 Name : RedHat Update for gimp RHSA-2012:1181-01
File : nvt/gb_RHSA-2012_1181-01_gimp.nasl
2012-08-21 Name : RedHat Update for gimp RHSA-2012:1180-01
File : nvt/gb_RHSA-2012_1180-01_gimp.nasl
2012-08-21 Name : CentOS Update for gimp CESA-2012:1181 centos5
File : nvt/gb_CESA-2012_1181_gimp_centos5.nasl
2012-08-21 Name : CentOS Update for gimp CESA-2012:1180 centos6
File : nvt/gb_CESA-2012_1180_gimp_centos6.nasl
2012-08-14 Name : Mandriva Update for busybox MDVSA-2012:129-1 (busybox)
File : nvt/gb_mandriva_MDVSA_2012_129_1.nasl
2012-08-14 Name : Mandriva Update for busybox MDVSA-2012:129 (busybox)
File : nvt/gb_mandriva_MDVSA_2012_129.nasl
2012-08-10 Name : Gentoo Security Advisory GLSA 201207-10 (cups)
File : nvt/glsa_201207_10.nasl
2012-07-30 Name : CentOS Update for libXfont CESA-2011:1154 centos5 x86_64
File : nvt/gb_CESA-2011_1154_libXfont_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for xorg-x11 CESA-2011:1155 centos4 x86_64
File : nvt/gb_CESA-2011_1155_xorg-x11_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for busybox CESA-2012:0810 centos6
File : nvt/gb_CESA-2012_0810_busybox_centos6.nasl
2012-07-30 Name : CentOS Update for freetype CESA-2011:1161 centos4 x86_64
File : nvt/gb_CESA-2011_1161_freetype_centos4_x86_64.nasl
2012-07-09 Name : RedHat Update for cups RHSA-2011:1635-03
File : nvt/gb_RHSA-2011_1635-03_cups.nasl
2012-06-22 Name : RedHat Update for busybox RHSA-2012:0810-04
File : nvt/gb_RHSA-2012_0810-04_busybox.nasl
2012-05-18 Name : Mac OS X Multiple Vulnerabilities (2012-002)
File : nvt/gb_macosx_su12-002.nasl
2012-04-02 Name : Fedora Update for pl FEDORA-2011-11229
File : nvt/gb_fedora_2011_11229_pl_fc16.nasl
2012-04-02 Name : Fedora Update for gimp FEDORA-2011-10761
File : nvt/gb_fedora_2011_10761_gimp_fc16.nasl
2012-04-02 Name : Fedora Update for cups FEDORA-2011-11173
File : nvt/gb_fedora_2011_11173_cups_fc16.nasl
2012-03-12 Name : Debian Security Advisory DSA 2426-1 (gimp)
File : nvt/deb_2426_1.nasl
2012-02-21 Name : RedHat Update for cups RHSA-2012:0302-03
File : nvt/gb_RHSA-2012_0302-03_cups.nasl
2012-02-21 Name : RedHat Update for busybox RHSA-2012:0308-03
File : nvt/gb_RHSA-2012_0308-03_busybox.nasl
2012-02-12 Name : FreeBSD Ports: FreeBSD
File : nvt/freebsd_FreeBSD14.nasl
2012-02-11 Name : Debian Security Advisory DSA 2354-1 (cups)
File : nvt/deb_2354_1.nasl
2012-02-06 Name : Mac OS X Multiple Vulnerabilities (2012-001)
File : nvt/gb_macosx_su12-001.nasl
2011-11-08 Name : Mandriva Update for gimp MDVSA-2011:167 (gimp)
File : nvt/gb_mandriva_MDVSA_2011_167.nasl
2011-10-21 Name : Mandriva Update for libxfont MDVSA-2011:153 (libxfont)
File : nvt/gb_mandriva_MDVSA_2011_153.nasl
2011-10-16 Name : FreeBSD Security Advisory (FreeBSD-SA-11:04.compress.asc)
File : nvt/freebsdsa_compress.nasl
2011-10-14 Name : Mandriva Update for cups MDVSA-2011:146 (cups)
File : nvt/gb_mandriva_MDVSA_2011_146.nasl
2011-09-23 Name : Ubuntu Update for gimp USN-1214-1
File : nvt/gb_ubuntu_USN_1214_1.nasl
2011-09-23 Name : CentOS Update for libXfont CESA-2011:1154 centos5 i386
File : nvt/gb_CESA-2011_1154_libXfont_centos5_i386.nasl
2011-09-21 Name : FreeBSD Ports: libXfont
File : nvt/freebsd_libXfont.nasl
2011-09-21 Name : Debian Security Advisory DSA 2293-1 (libxfont)
File : nvt/deb_2293_1.nasl
2011-09-16 Name : Ubuntu Update for cups USN-1207-1
File : nvt/gb_ubuntu_USN_1207_1.nasl
2011-09-12 Name : Fedora Update for cups FEDORA-2011-11221
File : nvt/gb_fedora_2011_11221_cups_fc14.nasl
2011-09-12 Name : Fedora Update for pl FEDORA-2011-11305
File : nvt/gb_fedora_2011_11305_pl_fc15.nasl
2011-09-12 Name : Fedora Update for pl FEDORA-2011-11318
File : nvt/gb_fedora_2011_11318_pl_fc14.nasl
2011-08-31 Name : Fedora Update for cups FEDORA-2011-11197
File : nvt/gb_fedora_2011_11197_cups_fc15.nasl
2011-08-27 Name : Fedora Update for gimp FEDORA-2011-10782
File : nvt/gb_fedora_2011_10782_gimp_fc14.nasl
2011-08-24 Name : Fedora Update for gimp FEDORA-2011-10788
File : nvt/gb_fedora_2011_10788_gimp_fc15.nasl
2011-08-19 Name : CentOS Update for freetype CESA-2011:1161 centos4 i386
File : nvt/gb_CESA-2011_1161_freetype_centos4_i386.nasl
2011-08-18 Name : CentOS Update for xorg-x11 CESA-2011:1155 centos4 i386
File : nvt/gb_CESA-2011_1155_xorg-x11_centos4_i386.nasl
2011-08-18 Name : Ubuntu Update for libxfont USN-1191-1
File : nvt/gb_ubuntu_USN_1191_1.nasl
2011-08-18 Name : RedHat Update for freetype RHSA-2011:1161-01
File : nvt/gb_RHSA-2011_1161-01_freetype.nasl
2011-08-12 Name : RedHat Update for libXfont RHSA-2011:1154-01
File : nvt/gb_RHSA-2011_1154-01_libXfont.nasl
2011-08-12 Name : RedHat Update for xorg-x11 RHSA-2011:1155-01
File : nvt/gb_RHSA-2011_1155-01_xorg-x11.nasl
2011-03-09 Name : Debian Security Advisory DSA 2176-1 (cups)
File : nvt/deb_2176_1.nasl
2010-06-21 Name : CUPS 'texttops' Filter NULL-pointer Dereference Vulnerability
File : nvt/gb_cups_40943.nasl
2009-10-10 Name : SLES9: Security update for ncompress
File : nvt/sles9p5010157.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200610-03 (ncompress)
File : nvt/glsa_200610_03.nasl
2008-01-17 Name : Debian Security Advisory DSA 1149-1 (ncompress)
File : nvt/deb_1149_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
74927 X.Org libXfont src/fontfile/decompress.c BufCompressedFill() Function LZW Dec...

74673 CUPS filter/image-gif.c gif_read_lzw Function Crafted LZW Stream Remote Overflow

74539 GIMP plug-ins/common/file-gif-load.c LZWReadByte() Function GIF File Handling...

65699 CUPS auth.c cupsDoAuthentication Function HTTP_UNAUTHORIZED Response Remote DoS

27868 ncompress decompress() Function Datastream Handling Overflow

Nessus® Vulnerability Scanner

Date Description
2016-10-13 Name : The remote device is affected by multiple vulnerabilities.
File : appletv_9_1.nasl - Type : ACT_GATHER_INFO
2015-12-11 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_SecUpd2015-008.nasl - Type : ACT_GATHER_INFO
2015-12-10 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_10_11_2.nasl - Type : ACT_GATHER_INFO
2015-03-27 Name : The remote Fedora host is missing a security update.
File : fedora_2015-3964.nasl - Type : ACT_GATHER_INFO
2015-03-27 Name : The remote Fedora host is missing a security update.
File : fedora_2015-3948.nasl - Type : ACT_GATHER_INFO
2015-03-23 Name : The remote Fedora host is missing a security update.
File : fedora_2015-3953.nasl - Type : ACT_GATHER_INFO
2014-11-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0168.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_gimp-110916.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_libpciaccess0-110905.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_gimp-110916.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_libpciaccess0-110905.nasl - Type : ACT_GATHER_INFO
2014-02-23 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201402-23.nasl - Type : ACT_GATHER_INFO
2013-12-03 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201312-02.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-103.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1180.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1181.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0810.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0308.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0302.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1161.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1155.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1154.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2006-0663.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1834.nasl - Type : ACT_GATHER_INFO
2012-09-29 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201209-23.nasl - Type : ACT_GATHER_INFO
2012-09-06 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-129.nasl - Type : ACT_GATHER_INFO
2012-09-06 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-147.nasl - Type : ACT_GATHER_INFO
2012-08-21 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120820_gimp_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-21 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-1180.nasl - Type : ACT_GATHER_INFO
2012-08-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1180.nasl - Type : ACT_GATHER_INFO
2012-08-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1181.nasl - Type : ACT_GATHER_INFO
2012-08-21 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-1181.nasl - Type : ACT_GATHER_INFO
2012-08-21 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120820_gimp_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120221_cups_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120620_busybox_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110811_libXfont_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110811_xorg_x11_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110815_freetype_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20111206_cups_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120221_busybox_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-07-11 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0810.nasl - Type : ACT_GATHER_INFO
2012-07-10 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201207-10.nasl - Type : ACT_GATHER_INFO
2012-06-20 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0810.nasl - Type : ACT_GATHER_INFO
2012-05-10 Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_10_7_4.nasl - Type : ACT_GATHER_INFO
2012-03-07 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2426.nasl - Type : ACT_GATHER_INFO
2012-02-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0308.nasl - Type : ACT_GATHER_INFO
2012-02-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0302.nasl - Type : ACT_GATHER_INFO
2012-02-02 Name : The remote host is missing a Mac OS X update that fixes several security vuln...
File : macosx_10_7_3.nasl - Type : ACT_GATHER_INFO
2012-02-02 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_SecUpd2012-001.nasl - Type : ACT_GATHER_INFO
2012-01-31 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_fee94342463811e19f4700e0815b8da8.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_cups-110921.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libpciaccess0-110905.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_cups-7775.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_freetype2-7872.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_gimp-7776.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_gimp-110923.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_xorg-x11-7759.nasl - Type : ACT_GATHER_INFO
2011-12-06 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1635.nasl - Type : ACT_GATHER_INFO
2011-12-01 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2354.nasl - Type : ACT_GATHER_INFO
2011-11-07 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-167.nasl - Type : ACT_GATHER_INFO
2011-10-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_cups-7774.nasl - Type : ACT_GATHER_INFO
2011-10-18 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-153.nasl - Type : ACT_GATHER_INFO
2011-10-11 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-146.nasl - Type : ACT_GATHER_INFO
2011-09-23 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1214-1.nasl - Type : ACT_GATHER_INFO
2011-09-23 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-1154.nasl - Type : ACT_GATHER_INFO
2011-09-15 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1207-1.nasl - Type : ACT_GATHER_INFO
2011-09-12 Name : The remote Fedora host is missing a security update.
File : fedora_2011-11229.nasl - Type : ACT_GATHER_INFO
2011-09-12 Name : The remote Fedora host is missing a security update.
File : fedora_2011-11221.nasl - Type : ACT_GATHER_INFO
2011-09-09 Name : The remote Fedora host is missing a security update.
File : fedora_2011-11318.nasl - Type : ACT_GATHER_INFO
2011-09-09 Name : The remote Fedora host is missing a security update.
File : fedora_2011-11305.nasl - Type : ACT_GATHER_INFO
2011-08-31 Name : The remote Fedora host is missing a security update.
File : fedora_2011-11173.nasl - Type : ACT_GATHER_INFO
2011-08-29 Name : The remote Fedora host is missing a security update.
File : fedora_2011-11197.nasl - Type : ACT_GATHER_INFO
2011-08-29 Name : The remote print service is affected by a buffer overflow vulnerability.
File : cups_1_4_7.nasl - Type : ACT_GATHER_INFO
2011-08-23 Name : The remote Fedora host is missing a security update.
File : fedora_2011-10761.nasl - Type : ACT_GATHER_INFO
2011-08-23 Name : The remote Fedora host is missing a security update.
File : fedora_2011-10782.nasl - Type : ACT_GATHER_INFO
2011-08-20 Name : The remote Fedora host is missing a security update.
File : fedora_2011-10788.nasl - Type : ACT_GATHER_INFO
2011-08-17 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-1161.nasl - Type : ACT_GATHER_INFO
2011-08-16 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1161.nasl - Type : ACT_GATHER_INFO
2011-08-16 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1191-1.nasl - Type : ACT_GATHER_INFO
2011-08-15 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-1155.nasl - Type : ACT_GATHER_INFO
2011-08-15 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2293.nasl - Type : ACT_GATHER_INFO
2011-08-12 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_304409c3c3ef11e08aa5485d60cb5385.nasl - Type : ACT_GATHER_INFO
2011-08-12 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1155.nasl - Type : ACT_GATHER_INFO
2011-08-12 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1154.nasl - Type : ACT_GATHER_INFO
2011-03-02 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2176.nasl - Type : ACT_GATHER_INFO
2010-07-08 Name : The remote printer service is affected by multiple vulnerabilities.
File : cups_1_4_4.nasl - Type : ACT_GATHER_INFO
2007-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_ncompress-1911.nasl - Type : ACT_GATHER_INFO
2006-12-16 Name : The remote Mandrake Linux host is missing a security update.
File : mandrake_MDKSA-2006-140.nasl - Type : ACT_GATHER_INFO
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1149.nasl - Type : ACT_GATHER_INFO
2006-10-10 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200610-03.nasl - Type : ACT_GATHER_INFO
2006-09-14 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2006-0663.nasl - Type : ACT_GATHER_INFO
2006-09-14 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2006-0663.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:42:28
  • Multiple Updates