ID CVE-2011-3922 Type cve Reporter cve@mitre.org Modified 2017-09-19T01:34:00
Description
Stack-based buffer overflow in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to glyph handling.
{"suse": [{"lastseen": "2016-09-04T12:08:02", "bulletinFamily": "unix", "description": "A stack-based buffer overflow in the glyph handling of\n libqt4's harfbuzz has been fixed. CVE-2011-3922 has been\n assigned to this issue.\n\n", "modified": "2012-01-19T03:08:15", "published": "2012-01-19T03:08:15", "id": "OPENSUSE-SU-2012:0091-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00045.html", "type": "suse", "title": "libqt4: fixed stack-based buffer overflow in glyph handling (CVE-2011-3922) (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:41:56", "bulletinFamily": "unix", "description": "A stack-based buffer overflow in the glyph handling of\n libqt4's harfbuzz has been fixed. CVE-2011-3922 has been\n assigned to this issue.\n\n Security Issuereference:\n\n * CVE-2011-3922\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3922\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3922</a>\n >\n\n", "modified": "2012-01-19T05:08:18", "published": "2012-01-19T05:08:18", "id": "SUSE-SU-2012:0097-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00046.html", "title": "Security update for libqt4 (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2019-05-29T18:39:14", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-10-19T00:00:00", "id": "OPENVAS:1361412562310864792", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864792", "title": "Fedora Update for qt FEDORA-2012-15203", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt FEDORA-2012-15203\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090122.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864792\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-19 09:46:40 +0530 (Fri, 19 Oct 2012)\");\n script_cve_id(\"CVE-2011-3922\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-15203\");\n script_name(\"Fedora Update for qt FEDORA-2012-15203\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qt'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"qt on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt\", rpm:\"qt~4.8.2~7.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:58", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-04-02T00:00:00", "id": "OPENVAS:1361412562310863987", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863987", "title": "Fedora Update for qt FEDORA-2012-0523", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt FEDORA-2012-0523\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072234.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863987\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:49:13 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-3922\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-0523\");\n script_name(\"Fedora Update for qt FEDORA-2012-0523\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qt'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"qt on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt\", rpm:\"qt~4.8.0~7.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-02T10:56:33", "bulletinFamily": "scanner", "description": "Check for the Version of qt", "modified": "2017-12-28T00:00:00", "published": "2012-10-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=864792", "id": "OPENVAS:864792", "title": "Fedora Update for qt FEDORA-2012-15203", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt FEDORA-2012-15203\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Qt is a software toolkit for developing applications.\n\n This package contains base tools, like string, xml, and network\n handling.\";\n\ntag_affected = \"qt on Fedora 16\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090122.html\");\n script_id(864792);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-19 09:46:40 +0530 (Fri, 19 Oct 2012)\");\n script_cve_id(\"CVE-2011-3922\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-15203\");\n script_name(\"Fedora Update for qt FEDORA-2012-15203\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of qt\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt\", rpm:\"qt~4.8.2~7.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:11", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-02-01T00:00:00", "id": "OPENVAS:1361412562310863710", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863710", "title": "Fedora Update for qt FEDORA-2011-17565", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt FEDORA-2011-17565\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072563.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863710\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-01 11:33:49 +0530 (Wed, 01 Feb 2012)\");\n script_cve_id(\"CVE-2011-3922\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-17565\");\n script_name(\"Fedora Update for qt FEDORA-2011-17565\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qt'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"qt on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt\", rpm:\"qt~4.7.4~10.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-02T10:57:41", "bulletinFamily": "scanner", "description": "Check for the Version of libqt4", "modified": "2018-01-02T00:00:00", "published": "2012-08-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=850178", "id": "OPENVAS:850178", "title": "SuSE Update for libqt4 openSUSE-SU-2012:0091-1 (libqt4)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2012_0091_1.nasl 8267 2018-01-02 06:29:17Z teissa $\n#\n# SuSE Update for libqt4 openSUSE-SU-2012:0091-1 (libqt4)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"libqt4 on openSUSE 11.4, openSUSE 11.3\";\ntag_insight = \"A stack-based buffer overflow in the glyph handling of\n libqt4's harfbuzz has been fixed. CVE-2011-3922 has been\n assigned to this issue.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850178);\n script_version(\"$Revision: 8267 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 07:29:17 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-02 20:16:33 +0530 (Thu, 02 Aug 2012)\");\n script_cve_id(\"CVE-2011-3922\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"openSUSE-SU\", value: \"2012:0091_1\");\n script_name(\"SuSE Update for libqt4 openSUSE-SU-2012:0091-1 (libqt4)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libqt4\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.4\")\n{\n\n if ((res = isrpmvuln(pkg:\"libQtWebKit-devel\", rpm:\"libQtWebKit-devel~4.7.1~8.17.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libQtWebKit4\", rpm:\"libQtWebKit4~4.7.1~8.17.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4\", rpm:\"libqt4~4.7.1~8.17.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4-devel\", rpm:\"libqt4-devel~4.7.1~8.17.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4-qt3support\", rpm:\"libqt4-qt3support~4.7.1~8.17.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4-sql\", rpm:\"libqt4-sql~4.7.1~8.17.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4-sql-sqlite\", rpm:\"libqt4-sql-sqlite~4.7.1~8.17.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4-x11\", rpm:\"libqt4-x11~4.7.1~8.17.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libQtWebKit4-32bit\", rpm:\"libQtWebKit4-32bit~4.7.1~8.17.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4-32bit\", rpm:\"libqt4-32bit~4.7.1~8.17.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4-qt3support-32bit\", rpm:\"libqt4-qt3support-32bit~4.7.1~8.17.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4-sql-32bit\", rpm:\"libqt4-sql-32bit~4.7.1~8.17.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4-sql-sqlite-32bit\", rpm:\"libqt4-sql-sqlite-32bit~4.7.1~8.17.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4-x11-32bit\", rpm:\"libqt4-x11-32bit~4.7.1~8.17.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE11.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"libQtWebKit-devel\", rpm:\"libQtWebKit-devel~4.6.3~2.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libQtWebKit4\", rpm:\"libQtWebKit4~4.6.3~2.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4\", rpm:\"libqt4~4.6.3~2.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4-devel\", rpm:\"libqt4-devel~4.6.3~2.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4-qt3support\", rpm:\"libqt4-qt3support~4.6.3~2.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4-sql\", rpm:\"libqt4-sql~4.6.3~2.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4-sql-sqlite\", rpm:\"libqt4-sql-sqlite~4.6.3~2.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4-x11\", rpm:\"libqt4-x11~4.6.3~2.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libQtWebKit4-32bit\", rpm:\"libQtWebKit4-32bit~4.6.3~2.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4-32bit\", rpm:\"libqt4-32bit~4.6.3~2.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4-qt3support-32bit\", rpm:\"libqt4-qt3support-32bit~4.6.3~2.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4-sql-32bit\", rpm:\"libqt4-sql-32bit~4.6.3~2.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4-sql-sqlite-32bit\", rpm:\"libqt4-sql-sqlite-32bit~4.6.3~2.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4-x11-32bit\", rpm:\"libqt4-x11-32bit~4.6.3~2.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:02", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2012-08-02T00:00:00", "id": "OPENVAS:1361412562310850178", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850178", "title": "SuSE Update for libqt4 openSUSE-SU-2012:0091-1 (libqt4)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2012_0091_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for libqt4 openSUSE-SU-2012:0091-1 (libqt4)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850178\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-02 20:16:33 +0530 (Thu, 02 Aug 2012)\");\n script_cve_id(\"CVE-2011-3922\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"openSUSE-SU\", value:\"2012:0091_1\");\n script_name(\"SuSE Update for libqt4 openSUSE-SU-2012:0091-1 (libqt4)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libqt4'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSE11\\.4|openSUSE11\\.3)\");\n script_tag(name:\"affected\", value:\"libqt4 on openSUSE 11.4, openSUSE 11.3\");\n script_tag(name:\"insight\", value:\"A stack-based buffer overflow in the glyph handling of\n libqt4's harfbuzz has been fixed. CVE-2011-3922 has been\n assigned to this issue.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSE11.4\")\n{\n\n if ((res = isrpmvuln(pkg:\"libQtWebKit-devel\", rpm:\"libQtWebKit-devel~4.7.1~8.17.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libQtWebKit4\", rpm:\"libQtWebKit4~4.7.1~8.17.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4\", rpm:\"libqt4~4.7.1~8.17.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4-devel\", rpm:\"libqt4-devel~4.7.1~8.17.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4-qt3support\", rpm:\"libqt4-qt3support~4.7.1~8.17.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4-sql\", rpm:\"libqt4-sql~4.7.1~8.17.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4-sql-sqlite\", rpm:\"libqt4-sql-sqlite~4.7.1~8.17.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4-x11\", rpm:\"libqt4-x11~4.7.1~8.17.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libQtWebKit4-32bit\", rpm:\"libQtWebKit4-32bit~4.7.1~8.17.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4-32bit\", rpm:\"libqt4-32bit~4.7.1~8.17.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4-qt3support-32bit\", rpm:\"libqt4-qt3support-32bit~4.7.1~8.17.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4-sql-32bit\", rpm:\"libqt4-sql-32bit~4.7.1~8.17.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4-sql-sqlite-32bit\", rpm:\"libqt4-sql-sqlite-32bit~4.7.1~8.17.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4-x11-32bit\", rpm:\"libqt4-x11-32bit~4.7.1~8.17.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"openSUSE11.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"libQtWebKit-devel\", rpm:\"libQtWebKit-devel~4.6.3~2.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libQtWebKit4\", rpm:\"libQtWebKit4~4.6.3~2.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4\", rpm:\"libqt4~4.6.3~2.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4-devel\", rpm:\"libqt4-devel~4.6.3~2.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4-qt3support\", rpm:\"libqt4-qt3support~4.6.3~2.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4-sql\", rpm:\"libqt4-sql~4.6.3~2.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4-sql-sqlite\", rpm:\"libqt4-sql-sqlite~4.6.3~2.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4-x11\", rpm:\"libqt4-x11~4.6.3~2.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libQtWebKit4-32bit\", rpm:\"libQtWebKit4-32bit~4.6.3~2.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4-32bit\", rpm:\"libqt4-32bit~4.6.3~2.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4-qt3support-32bit\", rpm:\"libqt4-qt3support-32bit~4.6.3~2.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4-sql-32bit\", rpm:\"libqt4-sql-32bit~4.6.3~2.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4-sql-sqlite-32bit\", rpm:\"libqt4-sql-sqlite-32bit~4.6.3~2.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4-x11-32bit\", rpm:\"libqt4-x11-32bit~4.6.3~2.7.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-03T10:58:30", "bulletinFamily": "scanner", "description": "Check for the Version of qt", "modified": "2018-01-03T00:00:00", "published": "2012-04-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=863987", "id": "OPENVAS:863987", "title": "Fedora Update for qt FEDORA-2012-0523", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt FEDORA-2012-0523\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Qt is a software toolkit for developing applications.\n\n This package contains base tools, like string, xml, and network\n handling.\";\n\ntag_affected = \"qt on Fedora 16\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072234.html\");\n script_id(863987);\n script_version(\"$Revision: 8273 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 07:29:19 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:49:13 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-3922\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-0523\");\n script_name(\"Fedora Update for qt FEDORA-2012-0523\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of qt\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt\", rpm:\"qt~4.8.0~7.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:57:22", "bulletinFamily": "scanner", "description": "Check for the Version of qt", "modified": "2017-12-29T00:00:00", "published": "2012-02-01T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=863710", "id": "OPENVAS:863710", "title": "Fedora Update for qt FEDORA-2011-17565", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt FEDORA-2011-17565\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Qt is a software toolkit for developing applications.\n\n This package contains base tools, like string, xml, and network\n handling.\";\n\ntag_affected = \"qt on Fedora 15\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072563.html\");\n script_id(863710);\n script_version(\"$Revision: 8257 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-01 11:33:49 +0530 (Wed, 01 Feb 2012)\");\n script_cve_id(\"CVE-2011-3922\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-17565\");\n script_name(\"Fedora Update for qt FEDORA-2011-17565\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of qt\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt\", rpm:\"qt~4.7.4~10.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:58:08", "bulletinFamily": "scanner", "description": "Check for the Version of qt", "modified": "2017-12-28T00:00:00", "published": "2012-06-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870761", "id": "OPENVAS:870761", "title": "RedHat Update for qt RHSA-2012:0880-04", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for qt RHSA-2012:0880-04\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Qt is a software toolkit that simplifies the task of writing and\n maintaining GUI (Graphical User Interface) applications for the X Window\n System. HarfBuzz is an OpenType text shaping engine.\n\n A buffer overflow flaw was found in the harfbuzz module in Qt. If a user\n loaded a specially-crafted font file with an application linked against Qt,\n it could cause the application to crash or, possibly, execute arbitrary\n code with the privileges of the user running the application.\n (CVE-2011-3922)\n\n A flaw was found in the way Qt handled X.509 certificates with IP address\n wildcards. An attacker able to obtain a certificate with a Common Name\n containing an IP wildcard could possibly use this flaw to impersonate an\n SSL server to client applications that are using Qt. This update also\n introduces more strict handling for hostname wildcard certificates by\n disallowing the wildcard character to match more than one hostname\n component. (CVE-2010-5076)\n\n This update also fixes the following bugs:\n\n * The Phonon API allowed premature freeing of the media object.\n Consequently, GStreamer could terminate unexpectedly as it failed to access\n the released media object. This update modifies the underlying Phonon API\n code and the problem no longer occurs. (BZ#694684)\n\n * Previously, Qt could output the "Unrecognized OpenGL version" error and\n fall back to OpenGL-version-1 compatibility mode. This happened because Qt\n failed to recognize the version of OpenGL installed on the system if the\n system was using a version of OpenGL released later than the Qt version in\n use. This update adds the code for recognition of OpenGL versions to Qt and\n if the OpenGL version is unknown, Qt assumes that the last-known version of\n OpenGL is available. (BZ#757793)\n\n * Previously Qt included a compiled-in list of trusted CA (Certificate\n Authority) certificates, that could have been used if Qt failed to open a\n system's ca-bundle.crt file. With this update, Qt no longer includes\n compiled-in CA certificates and only uses the system bundle. (BZ#734444)\n\n Users of Qt should upgrade to these updated packages, which contain\n backported patches to correct these issues. All running applications linked\n against Qt libraries must be restarted for this update to take effect.\";\n\ntag_affected = \"qt on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-June/msg00032.html\");\n script_id(870761);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-22 10:25:46 +0530 (Fri, 22 Jun 2012)\");\n script_cve_id(\"CVE-2010-5076\", \"CVE-2011-3922\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2012:0880-04\");\n script_name(\"RedHat Update for qt RHSA-2012:0880-04\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of qt\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"phonon-backend-gstreamer\", rpm:\"phonon-backend-gstreamer~4.6.2~24.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt\", rpm:\"qt~4.6.2~24.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-debuginfo\", rpm:\"qt-debuginfo~4.6.2~24.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-devel\", rpm:\"qt-devel~4.6.2~24.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-mysql\", rpm:\"qt-mysql~4.6.2~24.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-odbc\", rpm:\"qt-odbc~4.6.2~24.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-postgresql\", rpm:\"qt-postgresql~4.6.2~24.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-sqlite\", rpm:\"qt-sqlite~4.6.2~24.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-x11\", rpm:\"qt-x11~4.6.2~24.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-doc\", rpm:\"qt-doc~4.6.2~24.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-08T12:58:16", "bulletinFamily": "scanner", "description": "Check for the Version of phonon-backend-gstreamer", "modified": "2018-01-08T00:00:00", "published": "2012-07-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881099", "id": "OPENVAS:881099", "title": "CentOS Update for phonon-backend-gstreamer CESA-2012:0880 centos6 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for phonon-backend-gstreamer CESA-2012:0880 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Qt is a software toolkit that simplifies the task of writing and\n maintaining GUI (Graphical User Interface) applications for the X Window\n System. HarfBuzz is an OpenType text shaping engine.\n\n A buffer overflow flaw was found in the harfbuzz module in Qt. If a user\n loaded a specially-crafted font file with an application linked against Qt,\n it could cause the application to crash or, possibly, execute arbitrary\n code with the privileges of the user running the application.\n (CVE-2011-3922)\n \n A flaw was found in the way Qt handled X.509 certificates with IP address\n wildcards. An attacker able to obtain a certificate with a Common Name\n containing an IP wildcard could possibly use this flaw to impersonate an\n SSL server to client applications that are using Qt. This update also\n introduces more strict handling for hostname wildcard certificates by\n disallowing the wildcard character to match more than one hostname\n component. (CVE-2010-5076)\n \n This update also fixes the following bugs:\n \n * The Phonon API allowed premature freeing of the media object.\n Consequently, GStreamer could terminate unexpectedly as it failed to access\n the released media object. This update modifies the underlying Phonon API\n code and the problem no longer occurs. (BZ#694684)\n \n * Previously, Qt could output the "Unrecognized OpenGL version" error and\n fall back to OpenGL-version-1 compatibility mode. This happened because Qt\n failed to recognize the version of OpenGL installed on the system if the\n system was using a version of OpenGL released later than the Qt version in\n use. This update adds the code for recognition of OpenGL versions to Qt and\n if the OpenGL version is unknown, Qt assumes that the last-known version of\n OpenGL is available. (BZ#757793)\n \n * Previously Qt included a compiled-in list of trusted CA (Certificate\n Authority) certificates, that could have been used if Qt failed to open a\n system's ca-bundle.crt file. With this update, Qt no longer includes\n compiled-in CA certificates and only uses the system bundle. (BZ#734444)\n \n Users of Qt should upgrade to these updated packages, which contain\n backported patches to correct these issues. All running applications linked\n against Qt libraries must be restarted for this update to take effect.\";\n\ntag_affected = \"phonon-backend-gstreamer on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-July/018718.html\");\n script_id(881099);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:08:03 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2010-5076\", \"CVE-2011-3922\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2012:0880\");\n script_name(\"CentOS Update for phonon-backend-gstreamer CESA-2012:0880 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of phonon-backend-gstreamer\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"phonon-backend-gstreamer\", rpm:\"phonon-backend-gstreamer~4.6.2~24.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt\", rpm:\"qt~4.6.2~24.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-demos\", rpm:\"qt-demos~4.6.2~24.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-devel\", rpm:\"qt-devel~4.6.2~24.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-doc\", rpm:\"qt-doc~4.6.2~24.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-examples\", rpm:\"qt-examples~4.6.2~24.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-mysql\", rpm:\"qt-mysql~4.6.2~24.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-odbc\", rpm:\"qt-odbc~4.6.2~24.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-postgresql\", rpm:\"qt-postgresql~4.6.2~24.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-sqlite\", rpm:\"qt-sqlite~4.6.2~24.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-x11\", rpm:\"qt-x11~4.6.2~24.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-11-03T12:17:43", "bulletinFamily": "scanner", "description": "A stack-based buffer overflow in the glyph handling of libqt4", "modified": "2019-11-02T00:00:00", "id": "SUSE_11_4_LIBQTWEBKIT-DEVEL-120110.NASL", "href": "https://www.tenable.com/plugins/nessus/75918", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : libQtWebKit-devel (openSUSE-SU-2012:0091-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libQtWebKit-devel-5628.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75918);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/10 11:50:00\");\n\n script_cve_id(\"CVE-2011-3922\");\n\n script_name(english:\"openSUSE Security Update : libQtWebKit-devel (openSUSE-SU-2012:0091-1)\");\n script_summary(english:\"Check for the libQtWebKit-devel-5628 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A stack-based buffer overflow in the glyph handling of libqt4's\nharfbuzz has been fixed. CVE-2011-3922 has been assigned to this\nissue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=739904\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-01/msg00034.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libQtWebKit-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQtWebKit-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQtWebKit4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQtWebKit4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQtWebKit4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQtWebKit4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libQtWebKit-devel-4.7.1-8.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libQtWebKit4-4.7.1-8.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libQtWebKit4-debuginfo-4.7.1-8.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libqt4-4.7.1-8.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libqt4-debuginfo-4.7.1-8.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libqt4-debugsource-4.7.1-8.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libqt4-devel-4.7.1-8.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libqt4-devel-debuginfo-4.7.1-8.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libqt4-qt3support-4.7.1-8.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libqt4-qt3support-debuginfo-4.7.1-8.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libqt4-sql-4.7.1-8.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libqt4-sql-debuginfo-4.7.1-8.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libqt4-sql-sqlite-4.7.1-8.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libqt4-sql-sqlite-debuginfo-4.7.1-8.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libqt4-x11-4.7.1-8.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libqt4-x11-debuginfo-4.7.1-8.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libQtWebKit4-32bit-4.7.1-8.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libQtWebKit4-debuginfo-32bit-4.7.1-8.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libqt4-32bit-4.7.1-8.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libqt4-debuginfo-32bit-4.7.1-8.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libqt4-qt3support-32bit-4.7.1-8.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libqt4-qt3support-debuginfo-32bit-4.7.1-8.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libqt4-sql-32bit-4.7.1-8.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libqt4-sql-debuginfo-32bit-4.7.1-8.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libqt4-sql-sqlite-32bit-4.7.1-8.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libqt4-sql-sqlite-debuginfo-32bit-4.7.1-8.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libqt4-x11-32bit-4.7.1-8.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libqt4-x11-debuginfo-32bit-4.7.1-8.17.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libqt4\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-03T12:17:39", "bulletinFamily": "scanner", "description": "A stack-based buffer overflow in the glyph handling of libqt4", "modified": "2019-11-02T00:00:00", "id": "SUSE_11_3_LIBQTWEBKIT-DEVEL-120110.NASL", "href": "https://www.tenable.com/plugins/nessus/75610", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : libQtWebKit-devel (openSUSE-SU-2012:0091-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libQtWebKit-devel-5628.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75610);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/10 11:50:00\");\n\n script_cve_id(\"CVE-2011-3922\");\n\n script_name(english:\"openSUSE Security Update : libQtWebKit-devel (openSUSE-SU-2012:0091-1)\");\n script_summary(english:\"Check for the libQtWebKit-devel-5628 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A stack-based buffer overflow in the glyph handling of libqt4's\nharfbuzz has been fixed. CVE-2011-3922 has been assigned to this\nissue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=739904\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-01/msg00034.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libQtWebKit-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQtWebKit-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQtWebKit4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQtWebKit4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libQtWebKit-devel-4.6.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libQtWebKit4-4.6.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libqt4-4.6.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libqt4-devel-4.6.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libqt4-qt3support-4.6.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libqt4-sql-4.6.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libqt4-sql-sqlite-4.6.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libqt4-x11-4.6.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libQtWebKit4-32bit-4.6.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libqt4-32bit-4.6.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libqt4-qt3support-32bit-4.6.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libqt4-sql-32bit-4.6.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libqt4-sql-sqlite-32bit-4.6.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libqt4-x11-32bit-4.6.3-2.7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libqt4\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:26:53", "bulletinFamily": "scanner", "description": "This build addresses a security issue :\n\n - CVE-2011-3922 qt: Stack-based buffer overflow in\n embedded harfbuzz code\n\nas well as includes an upstream patch to address :\n\n - ", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2011-17565.NASL", "href": "https://www.tenable.com/plugins/nessus/57714", "published": "2012-01-30T00:00:00", "title": "Fedora 15 : qt-4.7.4-10.fc15 (2011-17565)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-17565.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57714);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/08/02 13:32:34\");\n\n script_cve_id(\"CVE-2011-3922\");\n script_bugtraq_id(51300);\n script_xref(name:\"FEDORA\", value:\"2011-17565\");\n\n script_name(english:\"Fedora 15 : qt-4.7.4-10.fc15 (2011-17565)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This build addresses a security issue :\n\n - CVE-2011-3922 qt: Stack-based buffer overflow in\n embedded harfbuzz code\n\nas well as includes an upstream patch to address :\n\n - 'closed windows stay in the taskbar sometimes, taskbar\n doesn't react on clicks', http://bugs.kde.org/275469\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://bugs.kde.org/275469\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.kde.org/275469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=772128\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-January/072563.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?02856329\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qt package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:qt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"qt-4.7.4-10.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-03T12:18:01", "bulletinFamily": "scanner", "description": "A stack-based buffer overflow in the glyph handling of libqt4", "modified": "2019-11-02T00:00:00", "id": "SUSE_11_LIBQTWEBKIT-DEVEL-120109.NASL", "href": "https://www.tenable.com/plugins/nessus/57596", "published": "2012-01-19T00:00:00", "title": "SuSE 11.1 Security Update : libqt4 (SAT Patch Number 5624)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57596);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2013/10/25 23:52:01 $\");\n\n script_cve_id(\"CVE-2011-3922\");\n\n script_name(english:\"SuSE 11.1 Security Update : libqt4 (SAT Patch Number 5624)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A stack-based buffer overflow in the glyph handling of libqt4's\nharfbuzz has been fixed. CVE-2011-3922 has been assigned to this\nissue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=739904\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3922.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 5624.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libQtWebKit4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libQtWebKit4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-qt3support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-qt3support-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-sql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-sql-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-sql-sqlite-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-x11-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libQtWebKit4-4.6.3-5.12.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libqt4-4.6.3-5.12.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libqt4-qt3support-4.6.3-5.12.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libqt4-sql-4.6.3-5.12.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libqt4-sql-sqlite-4.6.3-5.12.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libqt4-x11-4.6.3-5.12.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libQtWebKit4-4.6.3-5.12.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libQtWebKit4-32bit-4.6.3-5.12.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libqt4-4.6.3-5.12.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libqt4-32bit-4.6.3-5.12.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libqt4-qt3support-4.6.3-5.12.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libqt4-qt3support-32bit-4.6.3-5.12.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libqt4-sql-4.6.3-5.12.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libqt4-sql-32bit-4.6.3-5.12.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libqt4-sql-sqlite-4.6.3-5.12.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libqt4-sql-sqlite-32bit-4.6.3-5.12.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libqt4-x11-4.6.3-5.12.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libqt4-x11-32bit-4.6.3-5.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libQtWebKit4-4.6.3-5.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libqt4-4.6.3-5.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libqt4-qt3support-4.6.3-5.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libqt4-sql-4.6.3-5.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libqt4-sql-sqlite-4.6.3-5.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libqt4-x11-4.6.3-5.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"libQtWebKit4-32bit-4.6.3-5.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"libqt4-32bit-4.6.3-5.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"libqt4-qt3support-32bit-4.6.3-5.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"libqt4-sql-32bit-4.6.3-5.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"libqt4-x11-32bit-4.6.3-5.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"libQtWebKit4-32bit-4.6.3-5.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"libqt4-32bit-4.6.3-5.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"libqt4-qt3support-32bit-4.6.3-5.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"libqt4-sql-32bit-4.6.3-5.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"libqt4-x11-32bit-4.6.3-5.12.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:26:55", "bulletinFamily": "scanner", "description": "This build addresses a security issue :\n\n - CVE-2011-3922 qt: Stack-based buffer overflow in\n embedded harfbuzz code\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2012-0523.NASL", "href": "https://www.tenable.com/plugins/nessus/57626", "published": "2012-01-23T00:00:00", "title": "Fedora 16 : qt-4.8.0-7.fc16 (2012-0523)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-0523.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57626);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2015/10/20 22:15:25 $\");\n\n script_cve_id(\"CVE-2011-3922\");\n script_bugtraq_id(51300);\n script_xref(name:\"FEDORA\", value:\"2012-0523\");\n\n script_name(english:\"Fedora 16 : qt-4.8.0-7.fc16 (2012-0523)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This build addresses a security issue :\n\n - CVE-2011-3922 qt: Stack-based buffer overflow in\n embedded harfbuzz code\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=772128\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-January/072234.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8d023750\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qt package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:qt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"qt-4.8.0-7.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T03:00:31", "bulletinFamily": "scanner", "description": "fix stack based overflow in harbuzz parser", "modified": "2019-11-02T00:00:00", "id": "OPENSUSE-2012-72.NASL", "href": "https://www.tenable.com/plugins/nessus/74789", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : libqt4 (openSUSE-2012-72)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-72.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74789);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/06/13 21:09:12 $\");\n\n script_cve_id(\"CVE-2011-3922\");\n\n script_name(english:\"openSUSE Security Update : libqt4 (openSUSE-2012-72)\");\n script_summary(english:\"Check for the openSUSE-2012-72 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"fix stack based overflow in harbuzz parser\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=736425\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=739904\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libqt4 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libqt4-4.7.4-19.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libqt4-debuginfo-4.7.4-19.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libqt4-debugsource-4.7.4-19.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libqt4-devel-4.7.4-19.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libqt4-devel-debuginfo-4.7.4-19.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libqt4-private-headers-devel-4.7.4-19.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libqt4-qt3support-4.7.4-19.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libqt4-qt3support-debuginfo-4.7.4-19.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libqt4-sql-4.7.4-19.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libqt4-sql-debuginfo-4.7.4-19.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libqt4-sql-sqlite-4.7.4-19.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libqt4-sql-sqlite-debuginfo-4.7.4-19.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libqt4-x11-4.7.4-19.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libqt4-x11-debuginfo-4.7.4-19.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libqt4-32bit-4.7.4-19.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libqt4-debuginfo-32bit-4.7.4-19.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libqt4-qt3support-32bit-4.7.4-19.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libqt4-qt3support-debuginfo-32bit-4.7.4-19.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libqt4-sql-32bit-4.7.4-19.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libqt4-sql-debuginfo-32bit-4.7.4-19.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libqt4-sql-sqlite-32bit-4.7.4-19.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libqt4-sql-sqlite-debuginfo-32bit-4.7.4-19.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libqt4-x11-32bit-4.7.4-19.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libqt4-x11-debuginfo-32bit-4.7.4-19.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libqt4-32bit / libqt4 / libqt4-debuginfo-32bit / libqt4-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:15:18", "bulletinFamily": "scanner", "description": "Updated qt packages that fix two security issues and three bugs are\nnow available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nQt is a software toolkit that simplifies the task of writing and\nmaintaining GUI (Graphical User Interface) applications for the X\nWindow System. HarfBuzz is an OpenType text shaping engine.\n\nA buffer overflow flaw was found in the harfbuzz module in Qt. If a\nuser loaded a specially crafted font file with an application linked\nagainst Qt, it could cause the application to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-3922)\n\nA flaw was found in the way Qt handled X.509 certificates with IP\naddress wildcards. An attacker able to obtain a certificate with a\nCommon Name containing an IP wildcard could possibly use this flaw to\nimpersonate an SSL server to client applications that are using Qt.\nThis update also introduces more strict handling for hostname wildcard\ncertificates by disallowing the wildcard character to match more than\none hostname component. (CVE-2010-5076)\n\nThis update also fixes the following bugs :\n\n* The Phonon API allowed premature freeing of the media object.\nConsequently, GStreamer could terminate unexpectedly as it failed to\naccess the released media object. This update modifies the underlying\nPhonon API code and the problem no longer occurs. (BZ#694684)\n\n* Previously, Qt could output the ", "modified": "2019-11-02T00:00:00", "id": "CENTOS_RHSA-2012-0880.NASL", "href": "https://www.tenable.com/plugins/nessus/59928", "published": "2012-07-11T00:00:00", "title": "CentOS 6 : qt (CESA-2012:0880)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0880 and \n# CentOS Errata and Security Advisory 2012:0880 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59928);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/10/02 15:30:17\");\n\n script_cve_id(\"CVE-2010-5076\", \"CVE-2011-3922\");\n script_bugtraq_id(42833, 51300);\n script_xref(name:\"RHSA\", value:\"2012:0880\");\n\n script_name(english:\"CentOS 6 : qt (CESA-2012:0880)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated qt packages that fix two security issues and three bugs are\nnow available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nQt is a software toolkit that simplifies the task of writing and\nmaintaining GUI (Graphical User Interface) applications for the X\nWindow System. HarfBuzz is an OpenType text shaping engine.\n\nA buffer overflow flaw was found in the harfbuzz module in Qt. If a\nuser loaded a specially crafted font file with an application linked\nagainst Qt, it could cause the application to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-3922)\n\nA flaw was found in the way Qt handled X.509 certificates with IP\naddress wildcards. An attacker able to obtain a certificate with a\nCommon Name containing an IP wildcard could possibly use this flaw to\nimpersonate an SSL server to client applications that are using Qt.\nThis update also introduces more strict handling for hostname wildcard\ncertificates by disallowing the wildcard character to match more than\none hostname component. (CVE-2010-5076)\n\nThis update also fixes the following bugs :\n\n* The Phonon API allowed premature freeing of the media object.\nConsequently, GStreamer could terminate unexpectedly as it failed to\naccess the released media object. This update modifies the underlying\nPhonon API code and the problem no longer occurs. (BZ#694684)\n\n* Previously, Qt could output the 'Unrecognized OpenGL version' error\nand fall back to OpenGL-version-1 compatibility mode. This happened\nbecause Qt failed to recognize the version of OpenGL installed on the\nsystem if the system was using a version of OpenGL released later than\nthe Qt version in use. This update adds the code for recognition of\nOpenGL versions to Qt and if the OpenGL version is unknown, Qt assumes\nthat the last-known version of OpenGL is available. (BZ#757793)\n\n* Previously Qt included a compiled-in list of trusted CA (Certificate\nAuthority) certificates, that could have been used if Qt failed to\nopen a system's ca-bundle.crt file. With this update, Qt no longer\nincludes compiled-in CA certificates and only uses the system bundle.\n(BZ#734444)\n\nUsers of Qt should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running applications\nlinked against Qt libraries must be restarted for this update to take\neffect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-July/018718.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?65068e54\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qt packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:phonon-backend-gstreamer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"phonon-backend-gstreamer-4.6.2-24.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"qt-4.6.2-24.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"qt-demos-4.6.2-24.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"qt-devel-4.6.2-24.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"qt-doc-4.6.2-24.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"qt-examples-4.6.2-24.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"qt-mysql-4.6.2-24.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"qt-odbc-4.6.2-24.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"qt-postgresql-4.6.2-24.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"qt-sqlite-4.6.2-24.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"qt-x11-4.6.2-24.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phonon-backend-gstreamer / qt / qt-demos / qt-devel / qt-doc / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T03:14:22", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2012:0880 :\n\nUpdated qt packages that fix two security issues and three bugs are\nnow available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nQt is a software toolkit that simplifies the task of writing and\nmaintaining GUI (Graphical User Interface) applications for the X\nWindow System. HarfBuzz is an OpenType text shaping engine.\n\nA buffer overflow flaw was found in the harfbuzz module in Qt. If a\nuser loaded a specially crafted font file with an application linked\nagainst Qt, it could cause the application to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-3922)\n\nA flaw was found in the way Qt handled X.509 certificates with IP\naddress wildcards. An attacker able to obtain a certificate with a\nCommon Name containing an IP wildcard could possibly use this flaw to\nimpersonate an SSL server to client applications that are using Qt.\nThis update also introduces more strict handling for hostname wildcard\ncertificates by disallowing the wildcard character to match more than\none hostname component. (CVE-2010-5076)\n\nThis update also fixes the following bugs :\n\n* The Phonon API allowed premature freeing of the media object.\nConsequently, GStreamer could terminate unexpectedly as it failed to\naccess the released media object. This update modifies the underlying\nPhonon API code and the problem no longer occurs. (BZ#694684)\n\n* Previously, Qt could output the ", "modified": "2019-11-02T00:00:00", "id": "ORACLELINUX_ELSA-2012-0880.NASL", "href": "https://www.tenable.com/plugins/nessus/68557", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 6 : qt (ELSA-2012-0880)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0880 and \n# Oracle Linux Security Advisory ELSA-2012-0880 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68557);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/09/30 10:58:17\");\n\n script_cve_id(\"CVE-2010-5076\", \"CVE-2011-3922\");\n script_bugtraq_id(42833, 51300);\n script_xref(name:\"RHSA\", value:\"2012:0880\");\n\n script_name(english:\"Oracle Linux 6 : qt (ELSA-2012-0880)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0880 :\n\nUpdated qt packages that fix two security issues and three bugs are\nnow available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nQt is a software toolkit that simplifies the task of writing and\nmaintaining GUI (Graphical User Interface) applications for the X\nWindow System. HarfBuzz is an OpenType text shaping engine.\n\nA buffer overflow flaw was found in the harfbuzz module in Qt. If a\nuser loaded a specially crafted font file with an application linked\nagainst Qt, it could cause the application to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-3922)\n\nA flaw was found in the way Qt handled X.509 certificates with IP\naddress wildcards. An attacker able to obtain a certificate with a\nCommon Name containing an IP wildcard could possibly use this flaw to\nimpersonate an SSL server to client applications that are using Qt.\nThis update also introduces more strict handling for hostname wildcard\ncertificates by disallowing the wildcard character to match more than\none hostname component. (CVE-2010-5076)\n\nThis update also fixes the following bugs :\n\n* The Phonon API allowed premature freeing of the media object.\nConsequently, GStreamer could terminate unexpectedly as it failed to\naccess the released media object. This update modifies the underlying\nPhonon API code and the problem no longer occurs. (BZ#694684)\n\n* Previously, Qt could output the 'Unrecognized OpenGL version' error\nand fall back to OpenGL-version-1 compatibility mode. This happened\nbecause Qt failed to recognize the version of OpenGL installed on the\nsystem if the system was using a version of OpenGL released later than\nthe Qt version in use. This update adds the code for recognition of\nOpenGL versions to Qt and if the OpenGL version is unknown, Qt assumes\nthat the last-known version of OpenGL is available. (BZ#757793)\n\n* Previously Qt included a compiled-in list of trusted CA (Certificate\nAuthority) certificates, that could have been used if Qt failed to\nopen a system's ca-bundle.crt file. With this update, Qt no longer\nincludes compiled-in CA certificates and only uses the system bundle.\n(BZ#734444)\n\nUsers of Qt should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running applications\nlinked against Qt libraries must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-July/002908.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qt packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:phonon-backend-gstreamer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qt-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qt-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qt-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qt-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qt-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qt-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qt-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"phonon-backend-gstreamer-4.6.2-24.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"qt-4.6.2-24.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"qt-demos-4.6.2-24.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"qt-devel-4.6.2-24.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"qt-doc-4.6.2-24.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"qt-examples-4.6.2-24.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"qt-mysql-4.6.2-24.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"qt-odbc-4.6.2-24.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"qt-postgresql-4.6.2-24.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"qt-sqlite-4.6.2-24.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"qt-x11-4.6.2-24.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phonon-backend-gstreamer / qt / qt-demos / qt-devel / qt-doc / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-03T12:12:57", "bulletinFamily": "scanner", "description": "Qt is a software toolkit that simplifies the task of writing and\nmaintaining GUI (Graphical User Interface) applications for the X\nWindow System. HarfBuzz is an OpenType text shaping engine.\n\nA buffer overflow flaw was found in the harfbuzz module in Qt. If a\nuser loaded a specially crafted font file with an application linked\nagainst Qt, it could cause the application to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-3922)\n\nA flaw was found in the way Qt handled X.509 certificates with IP\naddress wildcards. An attacker able to obtain a certificate with a\nCommon Name containing an IP wildcard could possibly use this flaw to\nimpersonate an SSL server to client applications that are using Qt.\nThis update also introduces more strict handling for hostname wildcard\ncertificates by disallowing the wildcard character to match more than\none hostname component. (CVE-2010-5076)\n\nThis update also fixes the following bugs :\n\n - The Phonon API allowed premature freeing of the media\n object. Consequently, GStreamer could terminate\n unexpectedly as it failed to access the released media\n object. This update modifies the underlying Phonon API\n code and the problem no longer occurs.\n\n - Previously, Qt could output the ", "modified": "2019-11-02T00:00:00", "id": "SL_20120620_QT_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61347", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : qt on SL6.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61347);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/12/31 11:35:01\");\n\n script_cve_id(\"CVE-2010-5076\", \"CVE-2011-3922\");\n\n script_name(english:\"Scientific Linux Security Update : qt on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Qt is a software toolkit that simplifies the task of writing and\nmaintaining GUI (Graphical User Interface) applications for the X\nWindow System. HarfBuzz is an OpenType text shaping engine.\n\nA buffer overflow flaw was found in the harfbuzz module in Qt. If a\nuser loaded a specially crafted font file with an application linked\nagainst Qt, it could cause the application to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-3922)\n\nA flaw was found in the way Qt handled X.509 certificates with IP\naddress wildcards. An attacker able to obtain a certificate with a\nCommon Name containing an IP wildcard could possibly use this flaw to\nimpersonate an SSL server to client applications that are using Qt.\nThis update also introduces more strict handling for hostname wildcard\ncertificates by disallowing the wildcard character to match more than\none hostname component. (CVE-2010-5076)\n\nThis update also fixes the following bugs :\n\n - The Phonon API allowed premature freeing of the media\n object. Consequently, GStreamer could terminate\n unexpectedly as it failed to access the released media\n object. This update modifies the underlying Phonon API\n code and the problem no longer occurs.\n\n - Previously, Qt could output the 'Unrecognized OpenGL\n version' error and fall back to OpenGL-version-1\n compatibility mode. This happened because Qt failed to\n recognize the version of OpenGL installed on the system\n if the system was using a version of OpenGL released\n later than the Qt version in use. This update adds the\n code for recognition of OpenGL versions to Qt and if the\n OpenGL version is unknown, Qt assumes that the\n last-known version of OpenGL is available.\n\n - Previously Qt included a compiled-in list of trusted CA\n (Certificate Authority) certificates, that could have\n been used if Qt failed to open a system's ca-bundle.crt\n file. With this update, Qt no longer includes\n compiled-in CA certificates and only uses the system\n bundle.\n\nUsers of Qt should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running applications\nlinked against Qt libraries must be restarted for this update to take\neffect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1207&L=scientific-linux-errata&T=0&P=2554\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2c2f9d6e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"phonon-backend-gstreamer-4.6.2-24.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"qt-4.6.2-24.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"qt-debuginfo-4.6.2-24.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"qt-demos-4.6.2-24.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"qt-devel-4.6.2-24.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"qt-doc-4.6.2-24.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"qt-examples-4.6.2-24.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"qt-mysql-4.6.2-24.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"qt-odbc-4.6.2-24.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"qt-postgresql-4.6.2-24.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"qt-sqlite-4.6.2-24.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"qt-x11-4.6.2-24.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T03:20:36", "bulletinFamily": "scanner", "description": "Updated qt packages that fix two security issues and three bugs are\nnow available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nQt is a software toolkit that simplifies the task of writing and\nmaintaining GUI (Graphical User Interface) applications for the X\nWindow System. HarfBuzz is an OpenType text shaping engine.\n\nA buffer overflow flaw was found in the harfbuzz module in Qt. If a\nuser loaded a specially crafted font file with an application linked\nagainst Qt, it could cause the application to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-3922)\n\nA flaw was found in the way Qt handled X.509 certificates with IP\naddress wildcards. An attacker able to obtain a certificate with a\nCommon Name containing an IP wildcard could possibly use this flaw to\nimpersonate an SSL server to client applications that are using Qt.\nThis update also introduces more strict handling for hostname wildcard\ncertificates by disallowing the wildcard character to match more than\none hostname component. (CVE-2010-5076)\n\nThis update also fixes the following bugs :\n\n* The Phonon API allowed premature freeing of the media object.\nConsequently, GStreamer could terminate unexpectedly as it failed to\naccess the released media object. This update modifies the underlying\nPhonon API code and the problem no longer occurs. (BZ#694684)\n\n* Previously, Qt could output the ", "modified": "2019-11-02T00:00:00", "id": "REDHAT-RHSA-2012-0880.NASL", "href": "https://www.tenable.com/plugins/nessus/59593", "published": "2012-06-20T00:00:00", "title": "RHEL 6 : qt (RHSA-2012:0880)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0880. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59593);\n script_version (\"1.16\");\n script_cvs_date(\"Date: 2019/10/24 15:35:35\");\n\n script_cve_id(\"CVE-2010-5076\", \"CVE-2011-3922\");\n script_bugtraq_id(42833, 51300);\n script_xref(name:\"RHSA\", value:\"2012:0880\");\n\n script_name(english:\"RHEL 6 : qt (RHSA-2012:0880)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated qt packages that fix two security issues and three bugs are\nnow available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nQt is a software toolkit that simplifies the task of writing and\nmaintaining GUI (Graphical User Interface) applications for the X\nWindow System. HarfBuzz is an OpenType text shaping engine.\n\nA buffer overflow flaw was found in the harfbuzz module in Qt. If a\nuser loaded a specially crafted font file with an application linked\nagainst Qt, it could cause the application to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-3922)\n\nA flaw was found in the way Qt handled X.509 certificates with IP\naddress wildcards. An attacker able to obtain a certificate with a\nCommon Name containing an IP wildcard could possibly use this flaw to\nimpersonate an SSL server to client applications that are using Qt.\nThis update also introduces more strict handling for hostname wildcard\ncertificates by disallowing the wildcard character to match more than\none hostname component. (CVE-2010-5076)\n\nThis update also fixes the following bugs :\n\n* The Phonon API allowed premature freeing of the media object.\nConsequently, GStreamer could terminate unexpectedly as it failed to\naccess the released media object. This update modifies the underlying\nPhonon API code and the problem no longer occurs. (BZ#694684)\n\n* Previously, Qt could output the 'Unrecognized OpenGL version' error\nand fall back to OpenGL-version-1 compatibility mode. This happened\nbecause Qt failed to recognize the version of OpenGL installed on the\nsystem if the system was using a version of OpenGL released later than\nthe Qt version in use. This update adds the code for recognition of\nOpenGL versions to Qt and if the OpenGL version is unknown, Qt assumes\nthat the last-known version of OpenGL is available. (BZ#757793)\n\n* Previously Qt included a compiled-in list of trusted CA (Certificate\nAuthority) certificates, that could have been used if Qt failed to\nopen a system's ca-bundle.crt file. With this update, Qt no longer\nincludes compiled-in CA certificates and only uses the system bundle.\n(BZ#734444)\n\nUsers of Qt should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running applications\nlinked against Qt libraries must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0880\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-5076\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3922\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:phonon-backend-gstreamer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0880\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"phonon-backend-gstreamer-4.6.2-24.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"qt-4.6.2-24.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"qt-debuginfo-4.6.2-24.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"qt-demos-4.6.2-24.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"qt-demos-4.6.2-24.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qt-demos-4.6.2-24.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"qt-devel-4.6.2-24.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"qt-doc-4.6.2-24.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"qt-examples-4.6.2-24.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"qt-examples-4.6.2-24.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qt-examples-4.6.2-24.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"qt-mysql-4.6.2-24.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"qt-odbc-4.6.2-24.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"qt-postgresql-4.6.2-24.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"qt-sqlite-4.6.2-24.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"qt-x11-4.6.2-24.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phonon-backend-gstreamer / qt / qt-debuginfo / qt-demos / qt-devel / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:46:08", "bulletinFamily": "unix", "description": "Qt is a software toolkit that simplifies the task of writing and\nmaintaining GUI (Graphical User Interface) applications for the X Window\nSystem. HarfBuzz is an OpenType text shaping engine.\n\nA buffer overflow flaw was found in the harfbuzz module in Qt. If a user\nloaded a specially-crafted font file with an application linked against Qt,\nit could cause the application to crash or, possibly, execute arbitrary\ncode with the privileges of the user running the application.\n(CVE-2011-3922)\n\nA flaw was found in the way Qt handled X.509 certificates with IP address\nwildcards. An attacker able to obtain a certificate with a Common Name\ncontaining an IP wildcard could possibly use this flaw to impersonate an\nSSL server to client applications that are using Qt. This update also\nintroduces more strict handling for hostname wildcard certificates by\ndisallowing the wildcard character to match more than one hostname\ncomponent. (CVE-2010-5076)\n\nThis update also fixes the following bugs:\n\n* The Phonon API allowed premature freeing of the media object.\nConsequently, GStreamer could terminate unexpectedly as it failed to access\nthe released media object. This update modifies the underlying Phonon API\ncode and the problem no longer occurs. (BZ#694684)\n\n* Previously, Qt could output the \"Unrecognized OpenGL version\" error and\nfall back to OpenGL-version-1 compatibility mode. This happened because Qt\nfailed to recognize the version of OpenGL installed on the system if the\nsystem was using a version of OpenGL released later than the Qt version in\nuse. This update adds the code for recognition of OpenGL versions to Qt and\nif the OpenGL version is unknown, Qt assumes that the last-known version of\nOpenGL is available. (BZ#757793)\n\n* Previously Qt included a compiled-in list of trusted CA (Certificate\nAuthority) certificates, that could have been used if Qt failed to open a\nsystem's ca-bundle.crt file. With this update, Qt no longer includes\ncompiled-in CA certificates and only uses the system bundle. (BZ#734444)\n\nUsers of Qt should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running applications linked\nagainst Qt libraries must be restarted for this update to take effect.\n", "modified": "2018-06-06T20:24:06", "published": "2012-06-20T04:00:00", "id": "RHSA-2012:0880", "href": "https://access.redhat.com/errata/RHSA-2012:0880", "type": "redhat", "title": "(RHSA-2012:0880) Moderate: qt security and bug fix update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:34", "bulletinFamily": "unix", "description": "[1:4.6.2-24]\n- Resolves: bz#734444, list of trusted CA certificates should not be compiled into library\n[1:4.6.2-23]\n- Resolves: bz#805433, CVE-2011-3922\n[1:4.6.2-22]\n- Resolves: bz#694684, phonon crash\n[1:4.6.2-21]\n- Resolves: #rhbz757793, add OpenGL 3.1, 3.2, 3.3 and 4.0 recognition to QGLFormat", "modified": "2012-06-27T00:00:00", "published": "2012-06-27T00:00:00", "id": "ELSA-2012-0880", "href": "http://linux.oracle.com/errata/ELSA-2012-0880.html", "title": "qt security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-05-29T18:34:58", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2012:0880\n\n\nQt is a software toolkit that simplifies the task of writing and\nmaintaining GUI (Graphical User Interface) applications for the X Window\nSystem. HarfBuzz is an OpenType text shaping engine.\n\nA buffer overflow flaw was found in the harfbuzz module in Qt. If a user\nloaded a specially-crafted font file with an application linked against Qt,\nit could cause the application to crash or, possibly, execute arbitrary\ncode with the privileges of the user running the application.\n(CVE-2011-3922)\n\nA flaw was found in the way Qt handled X.509 certificates with IP address\nwildcards. An attacker able to obtain a certificate with a Common Name\ncontaining an IP wildcard could possibly use this flaw to impersonate an\nSSL server to client applications that are using Qt. This update also\nintroduces more strict handling for hostname wildcard certificates by\ndisallowing the wildcard character to match more than one hostname\ncomponent. (CVE-2010-5076)\n\nThis update also fixes the following bugs:\n\n* The Phonon API allowed premature freeing of the media object.\nConsequently, GStreamer could terminate unexpectedly as it failed to access\nthe released media object. This update modifies the underlying Phonon API\ncode and the problem no longer occurs. (BZ#694684)\n\n* Previously, Qt could output the \"Unrecognized OpenGL version\" error and\nfall back to OpenGL-version-1 compatibility mode. This happened because Qt\nfailed to recognize the version of OpenGL installed on the system if the\nsystem was using a version of OpenGL released later than the Qt version in\nuse. This update adds the code for recognition of OpenGL versions to Qt and\nif the OpenGL version is unknown, Qt assumes that the last-known version of\nOpenGL is available. (BZ#757793)\n\n* Previously Qt included a compiled-in list of trusted CA (Certificate\nAuthority) certificates, that could have been used if Qt failed to open a\nsystem's ca-bundle.crt file. With this update, Qt no longer includes\ncompiled-in CA certificates and only uses the system bundle. (BZ#734444)\n\nUsers of Qt should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running applications linked\nagainst Qt libraries must be restarted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-July/018718.html\n\n**Affected packages:**\nphonon-backend-gstreamer\nqt\nqt-demos\nqt-devel\nqt-doc\nqt-examples\nqt-mysql\nqt-odbc\nqt-postgresql\nqt-sqlite\nqt-x11\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0880.html", "modified": "2012-07-10T13:25:14", "published": "2012-07-10T13:25:14", "href": "http://lists.centos.org/pipermail/centos-announce/2012-July/018718.html", "id": "CESA-2012:0880", "title": "phonon, qt security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "threatpost": [{"lastseen": "2018-10-06T23:04:03", "bulletinFamily": "info", "description": "Google has released a new version of its Chrome browser, fixing just a small handful of vulnerabilities in the process. All three of the bugs fixed in Chrome were rated high.\n\nThe release by Google is a pretty small one by the company\u2019s standards. Often, new versions of Chrome will include fixes for 12 or 15 or more vulnerabilities, many of them rated critical. However, [version 16.0.912.75](<http://googlechromereleases.blogspot.com/2012/01/stable-channel-update.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+GoogleChromeReleases+%28Google+Chrome+Releases%29>) includes just three patches. As part of its reward program, Google paid out just $2,000 in bug bounties to two researchers who reported bugs fixed in this release. The third vulnerability was found by someone on the Google Chrome Security Team.\n\nInterestingly, one of the vulnerabilities was discovered and reported by someone from Mozilla.\n\nThe fixes in Chrome include:\n\n * [$1000] [[106672](<http://code.google.com/p/chromium/issues/detail?id=106672>)] High CVE-2011-3921: Use-after-free in animation frames. Credit to Boris Zbarsky of Mozilla.\n * [$1000] [[107128](<http://code.google.com/p/chromium/issues/detail?id=107128>)] High CVE-2011-3919: Heap-buffer-overflow in libxml. Credit to J\u00fcri Aedla.\n * [[108006](<http://code.google.com/p/chromium/issues/detail?id=108006>)] High CVE-2011-3922: Stack-buffer-overflow in glyph handling. Credit to Google Chrome Security Team (Cris Neckar).\n\nGoogle also has released a beta version of Chrome 17, the next major version of the browser. The company doesn\u2019t do big, rolled-up releases the way that Mozilla and Microsoft do, but [Chrome 17](<http://chrome.blogspot.com/2012/01/speed-and-security.html>) will include some new security features and other improvements. The main security upgrade is a change to the way that the Safe Browsing system in Chrome works. The current version of Safe Browsing is designed to protect users against drive-by downloads and malicious links on sites. The new one in Chrome 17 also will run a check on executables and other files downloaded from the Web.\n\n\u201cTo help protect you against malicious downloads, Chrome now includes expanded functionality to analyze executable files (such as \u2018.exe\u2019 and \u2018.msi\u2019 files) that you download. If a file you download is known to be bad, or is hosted on a website that hosts a relatively high percentage of malicious downloads, Chrome will warn you that the file appears to be malicious and that you should discard it. We\u2019re starting small with this initial Beta release, but we\u2019ll be ramping up coverage for more and more malicious files in the coming months,\u201d Dominic Hamon of Google wrote in a blog post.\n", "modified": "2013-04-17T16:33:02", "published": "2012-01-06T12:41:22", "id": "THREATPOST:C97670CE9C71F933BFBB04720A1A632A", "href": "https://threatpost.com/google-fixes-three-high-priority-bugs-chrome-010612/76066/", "type": "threatpost", "title": "Google Fixes Three High-Priority Bugs in Chrome", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2016-09-26T17:24:41", "bulletinFamily": "unix", "description": "\nGoogle Chrome Releases reports:\n\n[106672] High CVE-2011-3921: Use-after-free in animation frames.\n\t Credit to Boris Zbarsky of Mozilla.\n\t [107128] High CVE-2011-3919: Heap-buffer-overflow in libxml.\n\t Credit to Juri Aedla.\n\t [108006] High CVE-2011-3922: Stack-buffer-overflow in glyph\n\t handling. Credit to Google Chrome Security Team (Cris\n\t Neckar).\n[107182] Critical CVE-2011-3925: Use-after-free in Safe Browsing\n\t navigation. Credit to Chamal de Silva.\n\n", "modified": "2012-01-23T00:00:00", "published": "2012-01-05T00:00:00", "href": "https://vuxml.freebsd.org/freebsd/1a1aef8e-3894-11e1-8b5c-00262d5ed8ee.html", "id": "1A1AEF8E-3894-11E1-8B5C-00262D5ED8EE", "title": "chromium -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:47:07", "bulletinFamily": "unix", "description": "### Background\n\nChromium is an open source web browser project. V8 is Google's open source JavaScript engine. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. \n\n### Impact\n\nA context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process, or a Denial of Service condition. \n\nThe attacker could also perform URL bar spoofing.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/chromium-16.0.912.75\"\n \n\nAll V8 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/v8-3.6.6.11\"", "modified": "2012-01-08T00:00:00", "published": "2012-01-08T00:00:00", "id": "GLSA-201201-03", "href": "https://security.gentoo.org/glsa/201201-03", "type": "gentoo", "title": "Chromium, V8: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}