Vulnerabilities > CVE-2013-6425 - Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2014-272.NASL description An integer overflow, which led to a heap-based buffer overflow, was found in the way pixman handled trapezoids. If a remote attacker could trick an application using pixman into rendering a trapezoid shape with specially crafted coordinates, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-6425) last seen 2020-06-01 modified 2020-06-02 plugin id 72290 published 2014-02-05 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72290 title Amazon Linux AMI : pixman (ALAS-2014-272) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2014-272. # include("compat.inc"); if (description) { script_id(72290); script_version("1.4"); script_cvs_date("Date: 2018/04/18 15:09:35"); script_cve_id("CVE-2013-6425"); script_xref(name:"ALAS", value:"2014-272"); script_xref(name:"RHSA", value:"2013:1869"); script_name(english:"Amazon Linux AMI : pixman (ALAS-2014-272)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "An integer overflow, which led to a heap-based buffer overflow, was found in the way pixman handled trapezoids. If a remote attacker could trick an application using pixman into rendering a trapezoid shape with specially crafted coordinates, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-6425)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2014-272.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update pixman' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:pixman"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:pixman-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:pixman-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2014/01/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"pixman-0.26.2-5.10.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"pixman-debuginfo-0.26.2-5.10.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"pixman-devel-0.26.2-5.10.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pixman / pixman-debuginfo / pixman-devel"); }NASL family Fedora Local Security Checks NASL id FEDORA_2014-9399.NASL description fix tests on big endians CVE-2013-6425, added patches from https://bugzilla.redhat.com/show_bug.cgi?id=1043743 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-08-30 plugin id 77441 published 2014-08-30 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77441 title Fedora 19 : pixman-0.30.0-5.fc19 (2014-9399) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2014-9399. # include("compat.inc"); if (description) { script_id(77441); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-6425"); script_bugtraq_id(64122); script_xref(name:"FEDORA", value:"2014-9399"); script_name(english:"Fedora 19 : pixman-0.30.0-5.fc19 (2014-9399)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "fix tests on big endians CVE-2013-6425, added patches from https://bugzilla.redhat.com/show_bug.cgi?id=1043743 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1037975" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1043743" ); # https://lists.fedoraproject.org/pipermail/package-announce/2014-August/137160.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b78a900d" ); script_set_attribute( attribute:"solution", value:"Update the affected pixman package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:pixman"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19"); script_set_attribute(attribute:"patch_publication_date", value:"2014/08/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^19([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC19", reference:"pixman-0.30.0-5.fc19")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pixman"); }NASL family Fedora Local Security Checks NASL id FEDORA_2014-9359.NASL description fix tests on big endians CVE-2013-6425, added patches from https://bugzilla.redhat.com/show_bug.cgi?id=1043743 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-08-16 plugin id 77227 published 2014-08-16 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77227 title Fedora 20 : pixman-0.30.0-5.fc20 (2014-9359) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2014-9359. # include("compat.inc"); if (description) { script_id(77227); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-6425"); script_bugtraq_id(64122); script_xref(name:"FEDORA", value:"2014-9359"); script_name(english:"Fedora 20 : pixman-0.30.0-5.fc20 (2014-9359)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "fix tests on big endians CVE-2013-6425, added patches from https://bugzilla.redhat.com/show_bug.cgi?id=1043743 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1037975" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1043743" ); # https://lists.fedoraproject.org/pipermail/package-announce/2014-August/136750.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?061dc70c" ); script_set_attribute( attribute:"solution", value:"Update the affected pixman package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:pixman"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20"); script_set_attribute(attribute:"patch_publication_date", value:"2014/08/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC20", reference:"pixman-0.30.0-5.fc20")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pixman"); }NASL family Fedora Local Security Checks NASL id FEDORA_2014-9063.NASL description CVE-2013-6425, added patches from https://bugzilla.redhat.com/show_bug.cgi?id=1043743 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-08-08 plugin id 77070 published 2014-08-08 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77070 title Fedora 20 : pixman-0.30.0-4.fc20 (2014-9063) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2014-9063. # include("compat.inc"); if (description) { script_id(77070); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-6425"); script_bugtraq_id(64122); script_xref(name:"FEDORA", value:"2014-9063"); script_name(english:"Fedora 20 : pixman-0.30.0-4.fc20 (2014-9063)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "CVE-2013-6425, added patches from https://bugzilla.redhat.com/show_bug.cgi?id=1043743 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1037975" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1043743" ); # https://lists.fedoraproject.org/pipermail/package-announce/2014-August/136329.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?34ca621e" ); script_set_attribute( attribute:"solution", value:"Update the affected pixman package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:pixman"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20"); script_set_attribute(attribute:"patch_publication_date", value:"2014/08/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC20", reference:"pixman-0.30.0-4.fc20")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pixman"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0041.NASL description An updated rhev-hypervisor6 package that fixes multiple security issues is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Upgrade Note: If you upgrade Red Hat Enterprise Virtualization Hypervisor 6.4 to version 6.5 through the 3.3 Manager administration portal, configuration of the previous system appears to be lost when reported in the TUI. However, this is an issue in the TUI itself, not in the upgrade process; the configuration of the system is not affected. A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-5605) A flaw was found in the way OpenSSL determined which hashing algorithm to use when TLS protocol version 1.2 was enabled. This could possibly cause OpenSSL to use an incorrect hashing algorithm, leading to a crash of an application using the library. (CVE-2013-6449) A NULL pointer dereference flaw was found in the way OpenSSL handled TLS/SSL protocol handshake packets. A specially crafted handshake packet could cause a TLS/SSL client using OpenSSL to crash. (CVE-2013-4353) It was discovered that NSS did not reject certificates with incompatible key usage constraints when validating them while the verifyLog feature was enabled. An application using the NSS certificate validation API could accept an invalid certificate. (CVE-2013-5606) Red Hat would like to thank the Mozilla project for reporting CVE-2013-5606. Upstream acknowledges Camilo Viecco as the original reporter of CVE-2013-5606. This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2013-6462 (libXfont issue) CVE-2013-6629, and CVE-2013-6630 (libjpeg-turbo issues) CVE-2013-1739, CVE-2013-1741, and CVE-2013-5607 (nss, nspr issues) CVE-2013-6450 (openssl issue) CVE-2013-6425 (pixman issue) Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which corrects these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 78994 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78994 title RHEL 6 : rhev-hypervisor6 (RHSA-2014:0041) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2014:0041. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(78994); script_version("1.8"); script_cvs_date("Date: 2019/10/24 15:35:37"); script_cve_id("CVE-2013-4353", "CVE-2013-5605", "CVE-2013-5606", "CVE-2013-6449"); script_bugtraq_id(63737, 63738, 64530, 64691); script_xref(name:"RHSA", value:"2014:0041"); script_name(english:"RHEL 6 : rhev-hypervisor6 (RHSA-2014:0041)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing a security update." ); script_set_attribute( attribute:"description", value: "An updated rhev-hypervisor6 package that fixes multiple security issues is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Upgrade Note: If you upgrade Red Hat Enterprise Virtualization Hypervisor 6.4 to version 6.5 through the 3.3 Manager administration portal, configuration of the previous system appears to be lost when reported in the TUI. However, this is an issue in the TUI itself, not in the upgrade process; the configuration of the system is not affected. A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-5605) A flaw was found in the way OpenSSL determined which hashing algorithm to use when TLS protocol version 1.2 was enabled. This could possibly cause OpenSSL to use an incorrect hashing algorithm, leading to a crash of an application using the library. (CVE-2013-6449) A NULL pointer dereference flaw was found in the way OpenSSL handled TLS/SSL protocol handshake packets. A specially crafted handshake packet could cause a TLS/SSL client using OpenSSL to crash. (CVE-2013-4353) It was discovered that NSS did not reject certificates with incompatible key usage constraints when validating them while the verifyLog feature was enabled. An application using the NSS certificate validation API could accept an invalid certificate. (CVE-2013-5606) Red Hat would like to thank the Mozilla project for reporting CVE-2013-5606. Upstream acknowledges Camilo Viecco as the original reporter of CVE-2013-5606. This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2013-6462 (libXfont issue) CVE-2013-6629, and CVE-2013-6630 (libjpeg-turbo issues) CVE-2013-1739, CVE-2013-1741, and CVE-2013-5607 (nss, nspr issues) CVE-2013-6450 (openssl issue) CVE-2013-6425 (pixman issue) Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which corrects these issues." ); # https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?c6b506c4" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2014:0041" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-5606" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-5605" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-6449" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-4353" ); script_set_attribute( attribute:"solution", value:"Update the affected rhev-hypervisor6 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/11/18"); script_set_attribute(attribute:"patch_publication_date", value:"2014/01/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/08"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2014:0041"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL6", reference:"rhev-hypervisor6-6.5-20140112.0.el6ev")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rhev-hypervisor6"); } }NASL family SuSE Local Security Checks NASL id SUSE_11_LIBPIXMAN-1-0-131220.NASL description This update fixes the following security issue with pixman : - Integer underflow when handling trapezoids. (bnc#853824, CVE-2013-6425) last seen 2020-06-05 modified 2014-01-07 plugin id 71834 published 2014-01-07 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71834 title SuSE 11.3 Security Update : pixman (SAT Patch Number 8697) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(71834); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2013-6425"); script_name(english:"SuSE 11.3 Security Update : pixman (SAT Patch Number 8697)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update fixes the following security issue with pixman : - Integer underflow when handling trapezoids. (bnc#853824, CVE-2013-6425)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=853824" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-6425.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 8697."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libpixman-1-0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libpixman-1-0-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2013/12/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3"); flag = 0; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"libpixman-1-0-0.24.4-0.15.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libpixman-1-0-0.24.4-0.15.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libpixman-1-0-32bit-0.24.4-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"libpixman-1-0-0.24.4-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"libpixman-1-0-32bit-0.24.4-0.15.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"libpixman-1-0-32bit-0.24.4-0.15.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-7.NASL description - Added pixman-bnc853824-bfo67484-CVE-2013-6425-fix-underflow.pa tch for bnc#853824. Fixes an integer underflow bug which can cause a crash. last seen 2020-06-05 modified 2014-06-13 plugin id 75406 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75406 title openSUSE Security Update : pixman (openSUSE-SU-2014:0014-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-1869.NASL description From Red Hat Security Advisory 2013:1869 : Updated pixman packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Pixman is a pixel manipulation library for the X Window System and Cairo. An integer overflow, which led to a heap-based buffer overflow, was found in the way pixman handled trapezoids. If a remote attacker could trick an application using pixman into rendering a trapezoid shape with specially crafted coordinates, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-6425) Users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All applications using pixman must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 71611 published 2013-12-23 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71611 title Oracle Linux 6 : pixman (ELSA-2013-1869) NASL family Scientific Linux Local Security Checks NASL id SL_20131220_PIXMAN_ON_SL5_X.NASL description An integer overflow, which led to a heap-based buffer overflow, was found in the way pixman handled trapezoids. If a remote attacker could trick an application using pixman into rendering a trapezoid shape with specially crafted coordinates, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-6425) All applications using pixman must be restarted for this update to take effect. last seen 2020-03-18 modified 2013-12-24 plugin id 71630 published 2013-12-24 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71630 title Scientific Linux Security Update : pixman on SL5.x, SL6.x i386/x86_64 (20131220) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201402-03.NASL description The remote host is affected by the vulnerability described in GLSA-201402-03 (Pixman: User-assisted execution of arbitrary code) The trapezoid handling code in Pixman contains an integer underflow vulnerability. Impact : A context-dependent attacker could entice a user to open a specially crafted file using an application linked against Pixman, possibly resulting in execution of arbitrary code with the privileges of the process, or a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 72256 published 2014-02-03 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72256 title GLSA-201402-03 : Pixman: User-assisted execution of arbitrary code NASL family Fedora Local Security Checks NASL id FEDORA_2014-6829.NASL description Fix CVE-2013-6425 (RHBZ #1043744) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-06-10 plugin id 74393 published 2014-06-10 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74393 title Fedora 19 : mingw-pixman-0.30.0-4.fc19 (2014-6829) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2013-1869.NASL description Updated pixman packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Pixman is a pixel manipulation library for the X Window System and Cairo. An integer overflow, which led to a heap-based buffer overflow, was found in the way pixman handled trapezoids. If a remote attacker could trick an application using pixman into rendering a trapezoid shape with specially crafted coordinates, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-6425) Users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All applications using pixman must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 71584 published 2013-12-23 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71584 title CentOS 5 / 6 : pixman (CESA-2013:1869) NASL family SuSE Local Security Checks NASL id SUSE_11_LIBPIXMAN-1-0-131221.NASL description This update fixes the following security issue with pixman : - Integer underflow when handling trapezoids. (bnc#853824, CVE-2013-6425) last seen 2020-06-05 modified 2014-01-07 plugin id 71835 published 2014-01-07 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71835 title SuSE 11.2 Security Update : pixman (SAT Patch Number 8701) NASL family Fedora Local Security Checks NASL id FEDORA_2014-6825.NASL description Fix CVE-2013-6425 (RHBZ #1043744) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-06-10 plugin id 74391 published 2014-06-10 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74391 title Fedora 20 : mingw-pixman-0.30.0-5.fc20 (2014-6825) NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-6.NASL description - Added pixman-bnc853824-bfo67484-CVE-2013-6425-fix-underflow.pa tch for bnc#853824. Fixes an integer underflow bug which can cause a crash. last seen 2020-06-05 modified 2014-06-13 plugin id 75400 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75400 title openSUSE Security Update : pixman (openSUSE-SU-2014:0007-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-1869.NASL description Updated pixman packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Pixman is a pixel manipulation library for the X Window System and Cairo. An integer overflow, which led to a heap-based buffer overflow, was found in the way pixman handled trapezoids. If a remote attacker could trick an application using pixman into rendering a trapezoid shape with specially crafted coordinates, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-6425) Users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All applications using pixman must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 71613 published 2013-12-23 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71613 title RHEL 5 / 6 : pixman (RHSA-2013:1869) NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-5.NASL description - Added pixman-bnc853824-bfo67484-CVE-2013-6425-fix-underflow.pa tch for bnc#853824. Fixes an integer underflow bug which can cause a crash. last seen 2020-06-05 modified 2014-06-13 plugin id 75396 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75396 title openSUSE Security Update : pixman (openSUSE-SU-2014:0011-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2823.NASL description Bryan Quigley discovered an integer underflow in Pixman which could lead to denial of service or the execution of arbitrary code. last seen 2020-03-17 modified 2013-12-19 plugin id 71528 published 2013-12-19 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71528 title Debian DSA-2823-1 : pixman - integer underflow NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-302.NASL description Updated pixman package fixes security vulnerability : Bryan Quigley discovered an integer underflow in pixman. If a user were tricked into opening a specially crafted file, an attacker could cause a denial of service via application crash (CVE-2013-6425). last seen 2020-06-01 modified 2020-06-02 plugin id 71609 published 2013-12-23 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71609 title Mandriva Linux Security Advisory : pixman (MDVSA-2013:302)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://www.openwall.com/lists/oss-security/2013/12/03/8
- http://www.openwall.com/lists/oss-security/2013/12/04/8
- https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/1197921
- https://bugs.freedesktop.org/show_bug.cgi?id=67484
- http://lists.freedesktop.org/archives/pixman/2013-November/003109.html
- http://www.ubuntu.com/usn/USN-2047-1
- http://cgit.freedesktop.org/pixman/commit/?id=5e14da97f16e421d084a9e735be21b1025150f0c
- http://www.debian.org/security/2013/dsa-2823
- http://rhn.redhat.com/errata/RHSA-2013-1869.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00008.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00005.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00001.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00097.html