{"cve": [{"lastseen": "2020-12-09T19:52:45", "description": "QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.", "edition": 5, "cvss3": {}, "published": "2013-12-23T22:55:00", "title": "CVE-2013-4549", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4549"], "modified": "2014-05-10T03:56:00", "cpe": ["cpe:/a:digia:qt:5.1.0", "cpe:/a:digia:qt:5.0.2"], "id": "CVE-2013-4549", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4549", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:digia:qt:5.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:digia:qt:5.0.2:*:*:*:*:*:*:*"]}], "gentoo": [{"lastseen": "2016-09-06T19:46:21", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4549"], "edition": 1, "description": "### Background\n\nThe Qt toolkit is a comprehensive C++ application development framework.\n\n### Description\n\nA vulnerability in QXmlSimpleReader\u2019s XML entity parsing has been discovered. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted XML file using an application linked against QtCore, possibly resulting in Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll QtCore users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-qt/qtcore-4.8.5-r1\"\n \n\nPackages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying these packages.", "modified": "2014-03-13T00:00:00", "published": "2014-03-13T00:00:00", "id": "GLSA-201403-04", "href": "https://security.gentoo.org/glsa/201403-04", "type": "gentoo", "title": "QtCore: Denial of Service", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2020-07-02T11:32:43", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4549"], "description": "It was discovered that QXmlSimpleReader in Qt incorrectly handled XML \nentity expansion. An attacker could use this flaw to cause Qt applications \nto consume large amounts of resources, resulting in a denial of service.", "edition": 5, "modified": "2013-12-17T00:00:00", "published": "2013-12-17T00:00:00", "id": "USN-2057-1", "href": "https://ubuntu.com/security/notices/USN-2057-1", "title": "Qt vulnerability", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:28", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4549"], "description": "\nRichard J. Moore reports:\n\nQXmlSimpleReader in Qt versions prior to 5.2 supports\n\t expansion of internal entities in XML documents without\n\t placing restrictions to ensure the document does not cause\n\t excessive memory usage. If an application using this API\n\t processes untrusted data then the application may use\n\t unexpected amounts of memory if a malicious document is\n\t processed.\nIt is possible to construct XML documents using internal\n\t entities that consume large amounts of memory and other\n\t resources to process, this is known as the 'Billion Laughs'\n\t attack. Qt versions prior to 5.2 did not offer protection\n\t against this issue.\n\n", "edition": 4, "modified": "2013-12-05T00:00:00", "published": "2013-12-05T00:00:00", "id": "89709E58-D497-11E3-A3D5-5453ED2E2B49", "href": "https://vuxml.freebsd.org/freebsd/89709e58-d497-11e3-a3d5-5453ed2e2b49.html", "title": "qt4-xml -- XML Entity Expansion Denial of Service", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:50", "bulletinFamily": "software", "cvelist": ["CVE-2013-4549"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2057-1\r\nDecember 17, 2013\r\n\r\nqt4-x11, qtbase-opensource-src vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 13.10\r\n- Ubuntu 13.04\r\n- Ubuntu 12.10\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nQt could be made to consume resources and hang if it processed XML data.\r\n\r\nSoftware Description:\r\n- qt4-x11: Qt 4 libraries\r\n- qtbase-opensource-src: Qt 5 libraries\r\n\r\nDetails:\r\n\r\nIt was discovered that QXmlSimpleReader in Qt incorrectly handled XML\r\nentity expansion. An attacker could use this flaw to cause Qt applications\r\nto consume large amounts of resources, resulting in a denial of service.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 13.10:\r\n libqt4-xml 4:4.8.4+dfsg-0ubuntu18.1\r\n libqt5xml5 5.0.2+dfsg1-7ubuntu11.1\r\n\r\nUbuntu 13.04:\r\n libqt4-xml 4:4.8.4+dfsg-0ubuntu9.5\r\n libqt5xml5 5.0.1+dfsg-0ubuntu4.1\r\n\r\nUbuntu 12.10:\r\n libqt4-xml 4:4.8.3+dfsg-0ubuntu3.2\r\n\r\nUbuntu 12.04 LTS:\r\n libqt4-xml 4:4.8.1-0ubuntu4.5\r\n\r\nAfter a standard system update you need to restart your session to make all\r\nthe necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2057-1\r\n CVE-2013-4549\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/qt4-x11/4:4.8.4+dfsg-0ubuntu18.1\r\n https://launchpad.net/ubuntu/+source/qtbase-opensource-src/5.0.2+dfsg1-7ubuntu11.1\r\n https://launchpad.net/ubuntu/+source/qt4-x11/4:4.8.4+dfsg-0ubuntu9.5\r\n https://launchpad.net/ubuntu/+source/qtbase-opensource-src/5.0.1+dfsg-0ubuntu4.1\r\n https://launchpad.net/ubuntu/+source/qt4-x11/4:4.8.3+dfsg-0ubuntu3.2\r\n https://launchpad.net/ubuntu/+source/qt4-x11/4:4.8.1-0ubuntu4.5\r\n\r\n\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n", "edition": 1, "modified": "2013-12-24T00:00:00", "published": "2013-12-24T00:00:00", "id": "SECURITYVULNS:DOC:30136", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30136", "title": "[USN-2057-1] Qt vulnerability", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:53", "bulletinFamily": "software", "cvelist": ["CVE-2013-4549"], "description": "Resources exhaustion leads to denial of service.", "edition": 1, "modified": "2013-12-24T00:00:00", "published": "2013-12-24T00:00:00", "id": "SECURITYVULNS:VULN:13468", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13468", "title": "QT resources exhaustion", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4549"], "description": "Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling. ", "modified": "2014-05-06T03:40:28", "published": "2014-05-06T03:40:28", "id": "FEDORA:C06512304C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: qt5-qtbase-5.2.1-8.fc20", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4549"], "description": "Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling. ", "modified": "2014-01-22T23:07:30", "published": "2014-01-22T23:07:30", "id": "FEDORA:D14D0228CC", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: qt-4.8.5-15.fc19", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4549"], "description": "Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling. ", "modified": "2014-05-06T03:32:31", "published": "2014-05-06T03:32:31", "id": "FEDORA:DBA5B22BB4", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: qt5-qtbase-5.2.1-8.fc19", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4549"], "description": "Qt is a GUI software toolkit which simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. Qt is written in C++ and is fully object-oriented. This package contains the shared library needed to run Qt 3 applications, as well as the README files for Qt 3. ", "modified": "2014-01-23T11:11:04", "published": "2014-01-23T11:11:04", "id": "FEDORA:63F3122817", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: qt3-3.3.8b-56.fc19", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4549"], "description": "Qt is a GUI software toolkit which simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. Qt is written in C++ and is fully object-oriented. This package contains the shared library needed to run Qt 3 applications, as well as the README files for Qt 3. ", "modified": "2014-01-23T11:18:08", "published": "2014-01-23T11:18:08", "id": "FEDORA:3A77E2145A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: qt3-3.3.8b-56.fc20", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4549", "CVE-2014-0190"], "description": "Qt is a GUI software toolkit which simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. Qt is written in C++ and is fully object-oriented. This package contains the shared library needed to run Qt 3 applications, as well as the README files for Qt 3. ", "modified": "2014-06-10T03:05:58", "published": "2014-06-10T03:05:58", "id": "FEDORA:2B3BE22126", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: qt3-3.3.8b-58.fc19", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4549", "CVE-2016-10040"], "description": "Qt is a GUI software toolkit which simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. Qt is written in C++ and is fully object-oriented. This package contains the shared library needed to run Qt 3 applications, as well as the README files for Qt 3. ", "modified": "2018-06-09T20:44:14", "published": "2018-06-09T20:44:14", "id": "FEDORA:982BB605A2B4", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: qt3-3.3.8b-74.fc28", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4549", "CVE-2014-0190"], "description": "Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling. ", "modified": "2014-05-23T18:59:49", "published": "2014-05-23T18:59:49", "id": "FEDORA:14DE622969", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: qt-4.8.6-5.fc19", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4549", "CVE-2014-0190"], "description": "Qt is a GUI software toolkit which simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. Qt is written in C++ and is fully object-oriented. This package contains the shared library needed to run Qt 3 applications, as well as the README files for Qt 3. ", "modified": "2014-06-10T02:53:12", "published": "2014-06-10T02:53:12", "id": "FEDORA:C73FD2141E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: qt3-3.3.8b-58.fc20", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4549", "CVE-2014-0190"], "description": "Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling. ", "modified": "2014-05-01T22:22:53", "published": "2014-05-01T22:22:53", "id": "FEDORA:24C8621EC2", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: qt-4.8.6-2.fc20", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2017-07-25T10:48:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4549"], "description": "Check for the Version of qt5-qtbase", "modified": "2017-07-10T00:00:00", "published": "2014-05-12T00:00:00", "id": "OPENVAS:867772", "href": "http://plugins.openvas.org/nasl.php?oid=867772", "type": "openvas", "title": "Fedora Update for qt5-qtbase FEDORA-2014-5710", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt5-qtbase FEDORA-2014-5710\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867772);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-12 09:05:57 +0530 (Mon, 12 May 2014)\");\n script_cve_id(\"CVE-2013-4549\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for qt5-qtbase FEDORA-2014-5710\");\n\n tag_insight = \"Qt is a software toolkit for developing applications.\n\nThis package contains base tools, like string, xml, and network\nhandling.\n\";\n\n tag_affected = \"qt5-qtbase on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-5710\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-May/132648.html\");\n script_summary(\"Check for the Version of qt5-qtbase\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt5-qtbase\", rpm:\"qt5-qtbase~5.2.1~8.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:48:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4549"], "description": "Check for the Version of qt", "modified": "2017-07-10T00:00:00", "published": "2014-01-27T00:00:00", "id": "OPENVAS:867246", "href": "http://plugins.openvas.org/nasl.php?oid=867246", "type": "openvas", "title": "Fedora Update for qt FEDORA-2013-22932", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt FEDORA-2013-22932\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867246);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-01-27 11:19:01 +0530 (Mon, 27 Jan 2014)\");\n script_cve_id(\"CVE-2013-4549\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for qt FEDORA-2013-22932\");\n\n tag_insight = \"Qt is a software toolkit for developing applications.\n\nThis package contains base tools, like string, xml, and network\nhandling.\n\";\n\n tag_affected = \"qt on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-22932\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-January/127010.html\");\n script_summary(\"Check for the Version of qt\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt\", rpm:\"qt~4.8.5~15.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:49:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4549"], "description": "Check for the Version of qt", "modified": "2017-07-10T00:00:00", "published": "2014-02-05T00:00:00", "id": "OPENVAS:867287", "href": "http://plugins.openvas.org/nasl.php?oid=867287", "type": "openvas", "title": "Fedora Update for qt FEDORA-2013-22860", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt FEDORA-2013-22860\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867287);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-05 10:03:39 +0530 (Wed, 05 Feb 2014)\");\n script_cve_id(\"CVE-2013-4549\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for qt FEDORA-2013-22860\");\n\n tag_insight = \"Qt is a software toolkit for developing applications.\n\nThis package contains base tools, like string, xml, and network\nhandling.\n\";\n\n tag_affected = \"qt on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-22860\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-January/126984.html\");\n script_summary(\"Check for the Version of qt\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt\", rpm:\"qt~4.8.5~15.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4549"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-05-12T00:00:00", "id": "OPENVAS:1361412562310867785", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867785", "type": "openvas", "title": "Fedora Update for qt5-qtbase FEDORA-2014-5680", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt5-qtbase FEDORA-2014-5680\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867785\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-12 09:11:01 +0530 (Mon, 12 May 2014)\");\n script_cve_id(\"CVE-2013-4549\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for qt5-qtbase FEDORA-2014-5680\");\n script_tag(name:\"affected\", value:\"qt5-qtbase on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-5680\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-May/132586.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qt5-qtbase'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt5-qtbase\", rpm:\"qt5-qtbase~5.2.1~8.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-25T10:48:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4549"], "description": "Check for the Version of qt3", "modified": "2017-07-10T00:00:00", "published": "2014-02-03T00:00:00", "id": "OPENVAS:867304", "href": "http://plugins.openvas.org/nasl.php?oid=867304", "type": "openvas", "title": "Fedora Update for qt3 FEDORA-2013-22847", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt3 FEDORA-2013-22847\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867304);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-03 18:41:36 +0530 (Mon, 03 Feb 2014)\");\n script_cve_id(\"CVE-2013-4549\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for qt3 FEDORA-2013-22847\");\n\n tag_insight = \"Qt is a GUI software toolkit which simplifies the task of writing and\nmaintaining GUI (Graphical User Interface) applications\nfor the X Window System.\n\nQt is written in C++ and is fully object-oriented.\n\nThis package contains the shared library needed to run Qt 3\napplications, as well as the README files for Qt 3.\n\";\n\n tag_affected = \"qt3 on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-22847\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-January/127076.html\");\n script_summary(\"Check for the Version of qt3\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt3\", rpm:\"qt3~3.3.8b~56.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-26T11:10:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4549"], "description": "Check for the Version of qt4-x11", "modified": "2018-01-26T00:00:00", "published": "2013-12-23T00:00:00", "id": "OPENVAS:841664", "href": "http://plugins.openvas.org/nasl.php?oid=841664", "type": "openvas", "title": "Ubuntu Update for qt4-x11 USN-2057-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2057_1.nasl 8542 2018-01-26 06:57:28Z teissa $\n#\n# Ubuntu Update for qt4-x11 USN-2057-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841664);\n script_version(\"$Revision: 8542 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-26 07:57:28 +0100 (Fri, 26 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-23 13:26:34 +0530 (Mon, 23 Dec 2013)\");\n script_cve_id(\"CVE-2013-4549\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Ubuntu Update for qt4-x11 USN-2057-1\");\n\n tag_insight = \"It was discovered that QXmlSimpleReader in Qt incorrectly\nhandled XML entity expansion. An attacker could use this flaw to cause Qt\napplications to consume large amounts of resources, resulting in a denial of\nservice.\";\n\n tag_affected = \"qt4-x11 on Ubuntu 13.10 ,\n Ubuntu 13.04 ,\n Ubuntu 12.10 ,\n Ubuntu 12.04 LTS\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"2057-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-2057-1/\");\n script_tag(name: \"summary\" , value: \"Check for the Version of qt4-x11\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-xml\", ver:\"4:4.8.3+dfsg-0ubuntu3.2\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-xml\", ver:\"4:4.8.1-0ubuntu4.5\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-xml:i386\", ver:\"4:4.8.4+dfsg-0ubuntu18.1\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt5xml5:i386\", ver:\"5.0.2+dfsg1-7ubuntu11.1\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-xml:i386\", ver:\"4:4.8.4+dfsg-0ubuntu9.5\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt5xml5:i386\", ver:\"5.0.1+dfsg-0ubuntu4.1\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:49:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4549"], "description": "Check for the Version of qt5-qtbase", "modified": "2017-07-10T00:00:00", "published": "2014-05-12T00:00:00", "id": "OPENVAS:867785", "href": "http://plugins.openvas.org/nasl.php?oid=867785", "type": "openvas", "title": "Fedora Update for qt5-qtbase FEDORA-2014-5680", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt5-qtbase FEDORA-2014-5680\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867785);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-12 09:11:01 +0530 (Mon, 12 May 2014)\");\n script_cve_id(\"CVE-2013-4549\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for qt5-qtbase FEDORA-2014-5680\");\n\n tag_insight = \"Qt is a software toolkit for developing applications.\n\nThis package contains base tools, like string, xml, and network\nhandling.\n\";\n\n tag_affected = \"qt5-qtbase on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-5680\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-May/132586.html\");\n script_summary(\"Check for the Version of qt5-qtbase\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt5-qtbase\", rpm:\"qt5-qtbase~5.2.1~8.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4549"], "description": "Gentoo Linux Local Security Checks GLSA 201403-04", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121164", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121164", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201403-04", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201403-04.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121164\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:27:01 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201403-04\");\n script_tag(name:\"insight\", value:\"A vulnerability in QXmlSimpleReaders XML entity parsing has been discovered.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201403-04\");\n script_cve_id(\"CVE-2013-4549\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201403-04\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"dev-qt/qtcore\", unaffected: make_list(\"ge 4.8.5-r1\"), vulnerable: make_list(\"lt 4.8.5-r1\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4549"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-01-27T00:00:00", "id": "OPENVAS:1361412562310867251", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867251", "type": "openvas", "title": "Fedora Update for qt3 FEDORA-2013-22883", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt3 FEDORA-2013-22883\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867251\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-01-27 11:19:42 +0530 (Mon, 27 Jan 2014)\");\n script_cve_id(\"CVE-2013-4549\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for qt3 FEDORA-2013-22883\");\n script_tag(name:\"affected\", value:\"qt3 on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-22883\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-January/127047.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qt3'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt3\", rpm:\"qt3~3.3.8b~56.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-25T10:49:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4549"], "description": "Check for the Version of qt3", "modified": "2017-07-10T00:00:00", "published": "2014-01-27T00:00:00", "id": "OPENVAS:867251", "href": "http://plugins.openvas.org/nasl.php?oid=867251", "type": "openvas", "title": "Fedora Update for qt3 FEDORA-2013-22883", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt3 FEDORA-2013-22883\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867251);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-01-27 11:19:42 +0530 (Mon, 27 Jan 2014)\");\n script_cve_id(\"CVE-2013-4549\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for qt3 FEDORA-2013-22883\");\n\n tag_insight = \"Qt is a GUI software toolkit which simplifies the task of writing and\nmaintaining GUI (Graphical User Interface) applications\nfor the X Window System.\n\nQt is written in C++ and is fully object-oriented.\n\nThis package contains the shared library needed to run Qt 3\napplications, as well as the README files for Qt 3.\n\";\n\n tag_affected = \"qt3 on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-22883\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-January/127047.html\");\n script_summary(\"Check for the Version of qt3\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt3\", rpm:\"qt3~3.3.8b~56.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-01T06:40:21", "description": "It was discovered that QXmlSimpleReader in Qt incorrectly handled XML\nentity expansion. An attacker could use this flaw to cause Qt\napplications to consume large amounts of resources, resulting in a\ndenial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2013-12-18T00:00:00", "title": "Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : qt4-x11, qtbase-opensource-src vulnerability (USN-2057-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4549"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:13.10", "p-cpe:/a:canonical:ubuntu_linux:libqt4-xml", "cpe:/o:canonical:ubuntu_linux:12.10", "p-cpe:/a:canonical:ubuntu_linux:libqt5xml5", "cpe:/o:canonical:ubuntu_linux:13.04", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-2057-1.NASL", "href": "https://www.tenable.com/plugins/nessus/71518", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2057-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71518);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/09/19 12:54:29\");\n\n script_cve_id(\"CVE-2013-4549\");\n script_bugtraq_id(64418);\n script_xref(name:\"USN\", value:\"2057-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : qt4-x11, qtbase-opensource-src vulnerability (USN-2057-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that QXmlSimpleReader in Qt incorrectly handled XML\nentity expansion. An attacker could use this flaw to cause Qt\napplications to consume large amounts of resources, resulting in a\ndenial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2057-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libqt4-xml and / or libqt5xml5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libqt4-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libqt5xml5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/12/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|12\\.10|13\\.04|13\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 12.10 / 13.04 / 13.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libqt4-xml\", pkgver:\"4:4.8.1-0ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"libqt4-xml\", pkgver:\"4:4.8.3+dfsg-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"13.04\", pkgname:\"libqt4-xml\", pkgver:\"4:4.8.4+dfsg-0ubuntu9.5\")) flag++;\nif (ubuntu_check(osver:\"13.04\", pkgname:\"libqt5xml5\", pkgver:\"5.0.1+dfsg-0ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"13.10\", pkgname:\"libqt4-xml\", pkgver:\"4:4.8.4+dfsg-0ubuntu18.1\")) flag++;\nif (ubuntu_check(osver:\"13.10\", pkgname:\"libqt5xml5\", pkgver:\"5.0.2+dfsg1-7ubuntu11.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libqt4-xml / libqt5xml5\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-20T12:28:12", "description": " - added patches :\n\n - disallow-deep-or-widely-nested-entity-references.patch:\n upstream fix for bnc#856832 and CVE-2013-4549: xml\n entity expansion attacks", "edition": 18, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : libqt5-qtbase (openSUSE-SU-2014:0173-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4549"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libqt5-qtbase-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt5-sql-unixODBC-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtbase-devel", "p-cpe:/a:novell:opensuse:libQt5Sql5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt5-sql-unixODBC-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtbase", "p-cpe:/a:novell:opensuse:libQt5Sql5", "p-cpe:/a:novell:opensuse:libQt5Widgets5-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-sql-unixODBC-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Widgets5", "p-cpe:/a:novell:opensuse:libQt5Widgets5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Test5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Sql5-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-sql-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-sql-postgresql-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt5-sql-postgresql-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-sql-sqlite", "p-cpe:/a:novell:opensuse:libqt5-sql-mysql", "p-cpe:/a:novell:opensuse:libqt5-sql-mysql-32bit", "p-cpe:/a:novell:opensuse:libQt5Gui5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Gui5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt5-sql-unixODBC", "p-cpe:/a:novell:opensuse:libqt5-sql-postgresql-32bit", "p-cpe:/a:novell:opensuse:libQt5Widgets5-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtbase-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5Sql5-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtbase-32bit", "p-cpe:/a:novell:opensuse:libQt5Test5-32bit", "p-cpe:/a:novell:opensuse:libqt5-sql-mysql-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Test5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt5-sql-postgresql", "p-cpe:/a:novell:opensuse:libqt5-sql-mysql-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Gui5", "p-cpe:/a:novell:opensuse:libqt5-sql-sqlite-32bit", "p-cpe:/a:novell:opensuse:libqt5-sql-sqlite-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtbase-debugsource", "p-cpe:/a:novell:opensuse:libqt5-qtbase-devel-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtbase-debuginfo", "cpe:/o:novell:opensuse:13.1", "p-cpe:/a:novell:opensuse:libQt5Gui5-32bit", "p-cpe:/a:novell:opensuse:libQt5Test5"], "id": "OPENSUSE-2014-94.NASL", "href": "https://www.tenable.com/plugins/nessus/75412", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-94.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75412);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-4549\");\n\n script_name(english:\"openSUSE Security Update : libqt5-qtbase (openSUSE-SU-2014:0173-1)\");\n script_summary(english:\"Check for the openSUSE-2014-94 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - added patches :\n\n - disallow-deep-or-widely-nested-entity-references.patch:\n upstream fix for bnc#856832 and CVE-2013-4549: xml\n entity expansion attacks\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=856832\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-01/msg00104.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-01/msg00106.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libqt5-qtbase packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Gui5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Gui5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Gui5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Gui5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Test5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Test5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Test5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Test5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Widgets5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Widgets5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Widgets5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Widgets5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-sql-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-sql-mysql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-sql-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-sql-mysql-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-sql-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-sql-postgresql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-sql-postgresql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-sql-postgresql-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-sql-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-sql-sqlite-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-sql-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-sql-sqlite-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-sql-unixODBC\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-sql-unixODBC-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-sql-unixODBC-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-sql-unixODBC-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libQt5Gui5-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libQt5Gui5-debuginfo-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libQt5Sql5-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libQt5Sql5-debuginfo-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libQt5Test5-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libQt5Test5-debuginfo-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libQt5Widgets5-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libQt5Widgets5-debuginfo-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt5-qtbase-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt5-qtbase-debuginfo-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt5-qtbase-debugsource-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt5-qtbase-devel-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt5-qtbase-devel-debuginfo-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt5-qtbase-private-headers-devel-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt5-sql-mysql-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt5-sql-mysql-debuginfo-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt5-sql-postgresql-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt5-sql-postgresql-debuginfo-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt5-sql-sqlite-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt5-sql-sqlite-debuginfo-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt5-sql-unixODBC-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt5-sql-unixODBC-debuginfo-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libQt5Gui5-32bit-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libQt5Gui5-debuginfo-32bit-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libQt5Sql5-32bit-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libQt5Sql5-debuginfo-32bit-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libQt5Test5-32bit-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libQt5Test5-debuginfo-32bit-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libQt5Widgets5-32bit-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libQt5Widgets5-debuginfo-32bit-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt5-qtbase-32bit-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt5-qtbase-debuginfo-32bit-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt5-sql-mysql-32bit-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt5-sql-mysql-debuginfo-32bit-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt5-sql-postgresql-32bit-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt5-sql-postgresql-debuginfo-32bit-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt5-sql-sqlite-32bit-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt5-sql-sqlite-debuginfo-32bit-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt5-sql-unixODBC-32bit-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt5-sql-unixODBC-debuginfo-32bit-5.1.1-6.7\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libQt5Gui5-32bit / libQt5Gui5 / libQt5Gui5-debuginfo-32bit / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T10:55:35", "description": "The remote host is affected by the vulnerability described in GLSA-201403-04\n(QtCore: Denial of Service)\n\n A vulnerability in QXmlSimpleReader’s XML entity parsing has been\n discovered.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted XML\n file using an application linked against QtCore, possibly resulting in\n Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 21, "published": "2014-03-14T00:00:00", "title": "GLSA-201403-04 : QtCore: Denial of Service", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4549"], "modified": "2014-03-14T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:qtcore"], "id": "GENTOO_GLSA-201403-04.NASL", "href": "https://www.tenable.com/plugins/nessus/72997", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201403-04.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72997);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-4549\");\n script_bugtraq_id(64418);\n script_xref(name:\"GLSA\", value:\"201403-04\");\n\n script_name(english:\"GLSA-201403-04 : QtCore: Denial of Service\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201403-04\n(QtCore: Denial of Service)\n\n A vulnerability in QXmlSimpleReader’s XML entity parsing has been\n discovered.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted XML\n file using an application linked against QtCore, possibly resulting in\n Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201403-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All QtCore users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-qt/qtcore-4.8.5-r1'\n Packages which depend on this library may need to be recompiled. Tools\n such as revdep-rebuild may assist in identifying these packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:qtcore\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-qt/qtcore\", unaffected:make_list(\"ge 4.8.5-r1\"), vulnerable:make_list(\"lt 4.8.5-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"QtCore\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:11:32", "description": "This update fixes CVE-2013-4549 (XML Entity Expansion Denial of\nService) in Qt 3. See the Qt Project Security Advisory for details:\nhttp://lists.qt-project.org/pipermail/announce/2013-December/000036.ht\nml\n\nIn addition, this update fixes :\n\n - QTBUG-35459, a too low character limit for XML entities\n enforced by the fix for CVE-2013-4549 that was breaking\n real-world XML files (in particular, the KatePart\n Lilypond syntax highlighting description),\n\n - QTBUG-35460, a misspelling in the error message\n produced by the CVE-2013-4549 fix when the character\n limit for XML entities was exceeded,\n\n - some minor format string abuse that was probably not\n exploitable (most instances definitely weren't).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2014-01-24T00:00:00", "title": "Fedora 19 : qt3-3.3.8b-56.fc19 (2013-22883)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4549"], "modified": "2014-01-24T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:19", "p-cpe:/a:fedoraproject:fedora:qt3"], "id": "FEDORA_2013-22883.NASL", "href": "https://www.tenable.com/plugins/nessus/72111", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-22883.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72111);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-4549\");\n script_xref(name:\"FEDORA\", value:\"2013-22883\");\n\n script_name(english:\"Fedora 19 : qt3-3.3.8b-56.fc19 (2013-22883)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes CVE-2013-4549 (XML Entity Expansion Denial of\nService) in Qt 3. See the Qt Project Security Advisory for details:\nhttp://lists.qt-project.org/pipermail/announce/2013-December/000036.ht\nml\n\nIn addition, this update fixes :\n\n - QTBUG-35459, a too low character limit for XML entities\n enforced by the fix for CVE-2013-4549 that was breaking\n real-world XML files (in particular, the KatePart\n Lilypond syntax highlighting description),\n\n - QTBUG-35460, a misspelling in the error message\n produced by the CVE-2013-4549 fix when the character\n limit for XML entities was exceeded,\n\n - some minor format string abuse that was probably not\n exploitable (most instances definitely weren't).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://lists.qt-project.org/pipermail/announce/2013-December/000036.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6cfa8350\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-January/127047.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?84310b05\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qt3 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:qt3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"qt3-3.3.8b-56.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt3\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T10:46:54", "description": "Richard J. Moore reports :\n\nQXmlSimpleReader in Qt versions prior to 5.2 supports expansion of\ninternal entities in XML documents without placing restrictions to\nensure the document does not cause excessive memory usage. If an\napplication using this API processes untrusted data then the\napplication may use unexpected amounts of memory if a malicious\ndocument is processed.\n\nIt is possible to construct XML documents using internal entities that\nconsume large amounts of memory and other resources to process, this\nis known as the 'Billion Laughs' attack. Qt versions prior to 5.2 did\nnot offer protection against this issue.", "edition": 22, "published": "2014-05-06T00:00:00", "title": "FreeBSD : qt4-xml -- XML Entity Expansion Denial of Service (89709e58-d497-11e3-a3d5-5453ed2e2b49)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4549"], "modified": "2014-05-06T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:qt4-xml"], "id": "FREEBSD_PKG_89709E58D49711E3A3D55453ED2E2B49.NASL", "href": "https://www.tenable.com/plugins/nessus/73881", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73881);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-4549\");\n\n script_name(english:\"FreeBSD : qt4-xml -- XML Entity Expansion Denial of Service (89709e58-d497-11e3-a3d5-5453ed2e2b49)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Richard J. Moore reports :\n\nQXmlSimpleReader in Qt versions prior to 5.2 supports expansion of\ninternal entities in XML documents without placing restrictions to\nensure the document does not cause excessive memory usage. If an\napplication using this API processes untrusted data then the\napplication may use unexpected amounts of memory if a malicious\ndocument is processed.\n\nIt is possible to construct XML documents using internal entities that\nconsume large amounts of memory and other resources to process, this\nis known as the 'Billion Laughs' attack. Qt versions prior to 5.2 did\nnot offer protection against this issue.\"\n );\n # http://lists.qt-project.org/pipermail/announce/2013-December/000036.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6cfa8350\"\n );\n # https://vuxml.freebsd.org/freebsd/89709e58-d497-11e3-a3d5-5453ed2e2b49.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c0639c59\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:qt4-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/12/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"qt4-xml<4.8.6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:11:32", "description": "This update fixes CVE-2013-4549 (XML Entity Expansion Denial of\nService) in Qt 3. See the Qt Project Security Advisory for details:\nhttp://lists.qt-project.org/pipermail/announce/2013-December/000036.ht\nml\n\nIn addition, this update fixes :\n\n - QTBUG-35459, a too low character limit for XML entities\n enforced by the fix for CVE-2013-4549 that was breaking\n real-world XML files (in particular, the KatePart\n Lilypond syntax highlighting description),\n\n - QTBUG-35460, a misspelling in the error message\n produced by the CVE-2013-4549 fix when the character\n limit for XML entities was exceeded,\n\n - some minor format string abuse that was probably not\n exploitable (most instances definitely weren't).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2014-01-24T00:00:00", "title": "Fedora 20 : qt3-3.3.8b-56.fc20 (2013-22847)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4549"], "modified": "2014-01-24T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:qt3", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2013-22847.NASL", "href": "https://www.tenable.com/plugins/nessus/72110", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-22847.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72110);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-4549\");\n script_xref(name:\"FEDORA\", value:\"2013-22847\");\n\n script_name(english:\"Fedora 20 : qt3-3.3.8b-56.fc20 (2013-22847)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes CVE-2013-4549 (XML Entity Expansion Denial of\nService) in Qt 3. See the Qt Project Security Advisory for details:\nhttp://lists.qt-project.org/pipermail/announce/2013-December/000036.ht\nml\n\nIn addition, this update fixes :\n\n - QTBUG-35459, a too low character limit for XML entities\n enforced by the fix for CVE-2013-4549 that was breaking\n real-world XML files (in particular, the KatePart\n Lilypond syntax highlighting description),\n\n - QTBUG-35460, a misspelling in the error message\n produced by the CVE-2013-4549 fix when the character\n limit for XML entities was exceeded,\n\n - some minor format string abuse that was probably not\n exploitable (most instances definitely weren't).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://lists.qt-project.org/pipermail/announce/2013-December/000036.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6cfa8350\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-January/127076.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6876f41c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qt3 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:qt3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"qt3-3.3.8b-56.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt3\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:11:33", "description": "Qt Project Security Advisory: XML Entity Expansion Denial of Service\n(CVE-2013-4549) See also\nhttp://lists.qt-project.org/pipermail/announce/2013-December/000036.ht\nml\n\nIn addition, this update :\n\n - adds support for the aarch64 architecture,\n\n - fixes QTBUG-35459, a too low character limit for XML\n entities enforced by the fix for CVE-2013-4549 that\n was breaking real-world XML files (in particular, the\n KatePart Lilypond syntax highlighting description),\n\n - fixes QTBUG-35460, a misspelling in the error message\n produced by the CVE-2013-4549 fix when the character\n limit for XML entities was exceeded,\n\n - reverts the faulty 'Discover printers shared by CUPS\n 1.6 (#980952)' patch, which broke default printer\n selection and caused crash bug #1054312.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 12, "published": "2014-01-23T00:00:00", "title": "Fedora 19 : qt-4.8.5-15.fc19 (2013-22932)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4549"], "modified": "2014-01-23T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:qt", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2013-22932.NASL", "href": "https://www.tenable.com/plugins/nessus/72097", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-22932.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72097);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2013-22932\");\n\n script_name(english:\"Fedora 19 : qt-4.8.5-15.fc19 (2013-22932)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Qt Project Security Advisory: XML Entity Expansion Denial of Service\n(CVE-2013-4549) See also\nhttp://lists.qt-project.org/pipermail/announce/2013-December/000036.ht\nml\n\nIn addition, this update :\n\n - adds support for the aarch64 architecture,\n\n - fixes QTBUG-35459, a too low character limit for XML\n entities enforced by the fix for CVE-2013-4549 that\n was breaking real-world XML files (in particular, the\n KatePart Lilypond syntax highlighting description),\n\n - fixes QTBUG-35460, a misspelling in the error message\n produced by the CVE-2013-4549 fix when the character\n limit for XML entities was exceeded,\n\n - reverts the faulty 'Discover printers shared by CUPS\n 1.6 (#980952)' patch, which broke default printer\n selection and caused crash bug #1054312.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://lists.qt-project.org/pipermail/announce/2013-December/000036.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6cfa8350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1054312\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-January/127010.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ed26140a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qt package.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:qt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/01/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"qt-4.8.5-15.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-20T12:27:39", "description": " - Fixes XML Entity Expansion Denial of Service\n (bnc#856832, CVE-2013-4549)\n\n - add backported patch\n libqt4-disallow-deep-or-widely-nested-entity-references.\n patch\n\n - add backported patch\n libqt4-fully-expand-all-entities.patch", "edition": 19, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : libqt4 (openSUSE-SU-2014:0067-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4549"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-x11", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite", "p-cpe:/a:novell:opensuse:libqt4-sql-mysql", "p-cpe:/a:novell:opensuse:libqt4-sql-postgresql", "p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-debuginfo", "cpe:/o:novell:opensuse:12.3", "p-cpe:/a:novell:opensuse:libqt4-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-mysql-32bit", "p-cpe:/a:novell:opensuse:libqt4-debugsource", "p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC", "p-cpe:/a:novell:opensuse:qt4-x11-tools", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-devel-doc-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-devel", "p-cpe:/a:novell:opensuse:libqt4-qt3support-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql", "p-cpe:/a:novell:opensuse:qt4-x11-tools-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-private-headers-devel", "p-cpe:/a:novell:opensuse:libqt4-sql-mysql-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-32bit", "p-cpe:/a:novell:opensuse:libqt4-devel-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-devel-doc-data", "p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-x11-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-32bit", "p-cpe:/a:novell:opensuse:libqt4", "p-cpe:/a:novell:opensuse:libqt4-devel-doc-debugsource", "p-cpe:/a:novell:opensuse:libqt4-sql-32bit", "p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-qt3support", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-mysql-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-plugins-debugsource"], "id": "OPENSUSE-2014-38.NASL", "href": "https://www.tenable.com/plugins/nessus/75369", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-38.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75369);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-4549\");\n script_bugtraq_id(64418);\n\n script_name(english:\"openSUSE Security Update : libqt4 (openSUSE-SU-2014:0067-1)\");\n script_summary(english:\"Check for the openSUSE-2014-38 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fixes XML Entity Expansion Denial of Service\n (bnc#856832, CVE-2013-4549)\n\n - add backported patch\n libqt4-disallow-deep-or-widely-nested-entity-references.\n patch\n\n - add backported patch\n libqt4-fully-expand-all-entities.patch\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=856832\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-01/msg00044.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libqt4 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-doc-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-doc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-doc-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-mysql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-mysql-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-plugins-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt4-x11-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt4-x11-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-debuginfo-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-debugsource-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-devel-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-devel-debuginfo-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-devel-doc-data-4.8.4-3.10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-devel-doc-debuginfo-4.8.4-3.10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-devel-doc-debugsource-4.8.4-3.10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-private-headers-devel-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-qt3support-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-qt3support-debuginfo-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-sql-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-sql-debuginfo-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-sql-mysql-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-sql-mysql-debuginfo-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-sql-plugins-debugsource-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-sql-postgresql-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-sql-postgresql-debuginfo-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-sql-sqlite-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-sql-sqlite-debuginfo-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-sql-unixODBC-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-sql-unixODBC-debuginfo-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-x11-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-x11-debuginfo-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"qt4-x11-tools-4.8.4-3.10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"qt4-x11-tools-debuginfo-4.8.4-3.10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libqt4-32bit-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libqt4-debuginfo-32bit-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libqt4-qt3support-32bit-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libqt4-qt3support-debuginfo-32bit-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libqt4-sql-32bit-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libqt4-sql-debuginfo-32bit-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libqt4-sql-mysql-32bit-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libqt4-sql-mysql-debuginfo-32bit-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libqt4-sql-postgresql-32bit-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libqt4-sql-postgresql-debuginfo-32bit-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libqt4-sql-sqlite-32bit-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libqt4-sql-sqlite-debuginfo-32bit-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libqt4-sql-unixODBC-32bit-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libqt4-sql-unixODBC-debuginfo-32bit-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libqt4-x11-32bit-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libqt4-x11-debuginfo-32bit-4.8.4-3.10.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libqt4-devel-doc-data / libqt4-devel-doc-debuginfo / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-20T12:28:08", "description": " - Fixes XML Entity Expansion Denial of Service\n (bnc#856832, CVE-2013-4549)\n\n - add backported patch\n libqt4-disallow-deep-or-widely-nested-entity-references.\n patch\n\n - add backported patch\n libqt4-fully-expand-all-entities.patch", "edition": 18, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : libqt4 (openSUSE-SU-2014:0125-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4549"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-x11", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite", "p-cpe:/a:novell:opensuse:libqt4-linguist-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql-mysql", "p-cpe:/a:novell:opensuse:libqt4-sql-postgresql", "p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-mysql-32bit", "p-cpe:/a:novell:opensuse:libqt4-debugsource", "p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC", "p-cpe:/a:novell:opensuse:qt4-x11-tools", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-devel-doc-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-devel", "p-cpe:/a:novell:opensuse:libqt4-qt3support-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql", "p-cpe:/a:novell:opensuse:qt4-x11-tools-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-private-headers-devel", "p-cpe:/a:novell:opensuse:libqt4-sql-mysql-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-32bit", "p-cpe:/a:novell:opensuse:libqt4-devel-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-devel-doc-data", "p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-linguist", "p-cpe:/a:novell:opensuse:libqt4-x11-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-32bit", "p-cpe:/a:novell:opensuse:libqt4", "p-cpe:/a:novell:opensuse:libqt4-devel-doc-debugsource", "p-cpe:/a:novell:opensuse:libqt4-sql-32bit", "p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo-32bit", "cpe:/o:novell:opensuse:13.1", "p-cpe:/a:novell:opensuse:libqt4-qt3support", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-mysql-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-plugins-debugsource"], "id": "OPENSUSE-2014-79.NASL", "href": "https://www.tenable.com/plugins/nessus/75405", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-79.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75405);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-4549\");\n\n script_name(english:\"openSUSE Security Update : libqt4 (openSUSE-SU-2014:0125-1)\");\n script_summary(english:\"Check for the openSUSE-2014-79 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fixes XML Entity Expansion Denial of Service\n (bnc#856832, CVE-2013-4549)\n\n - add backported patch\n libqt4-disallow-deep-or-widely-nested-entity-references.\n patch\n\n - add backported patch\n libqt4-fully-expand-all-entities.patch\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=856832\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-01/msg00085.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libqt4 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-doc-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-doc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-doc-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-linguist\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-linguist-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-mysql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-mysql-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-plugins-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt4-x11-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt4-x11-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-debuginfo-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-debugsource-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-devel-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-devel-debuginfo-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-devel-doc-data-4.8.5-5.9.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-devel-doc-debuginfo-4.8.5-5.9.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-devel-doc-debugsource-4.8.5-5.9.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-linguist-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-linguist-debuginfo-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-private-headers-devel-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-qt3support-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-qt3support-debuginfo-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-sql-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-sql-debuginfo-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-sql-mysql-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-sql-mysql-debuginfo-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-sql-plugins-debugsource-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-sql-postgresql-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-sql-postgresql-debuginfo-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-sql-sqlite-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-sql-sqlite-debuginfo-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-sql-unixODBC-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-sql-unixODBC-debuginfo-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-x11-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-x11-debuginfo-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"qt4-x11-tools-4.8.5-5.9.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"qt4-x11-tools-debuginfo-4.8.5-5.9.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt4-32bit-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt4-debuginfo-32bit-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt4-qt3support-32bit-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt4-qt3support-debuginfo-32bit-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt4-sql-32bit-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt4-sql-debuginfo-32bit-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt4-sql-mysql-32bit-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt4-sql-mysql-debuginfo-32bit-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt4-sql-postgresql-32bit-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt4-sql-postgresql-debuginfo-32bit-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt4-sql-sqlite-32bit-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt4-sql-sqlite-debuginfo-32bit-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt4-sql-unixODBC-32bit-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt4-sql-unixODBC-debuginfo-32bit-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt4-x11-32bit-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt4-x11-debuginfo-32bit-4.8.5-5.9.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libqt4-devel-doc-data / libqt4-devel-doc-debuginfo / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-20T12:27:45", "description": " - Fixes XML Entity Expansion Denial of Service\n (bnc#856832, CVE-2013-4549)\n\n - add backported patch\n libqt4-disallow-deep-or-widely-nested-entity-references.\n patch\n\n - add backported patch\n libqt4-fully-expand-all-entities.patch", "edition": 19, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : libqt4 (openSUSE-SU-2014:0070-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4549"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-x11", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite", "p-cpe:/a:novell:opensuse:libqt4-sql-mysql", "p-cpe:/a:novell:opensuse:libqt4-sql-postgresql", "p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-mysql-32bit", "p-cpe:/a:novell:opensuse:libqt4-debugsource", "p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC", "p-cpe:/a:novell:opensuse:qt4-x11-tools", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-devel-doc-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-devel", "p-cpe:/a:novell:opensuse:libqt4-qt3support-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql", "p-cpe:/a:novell:opensuse:qt4-x11-tools-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-private-headers-devel", "p-cpe:/a:novell:opensuse:libqt4-sql-mysql-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-32bit", "p-cpe:/a:novell:opensuse:libqt4-devel-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-devel-doc-data", "p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-x11-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-32bit", "p-cpe:/a:novell:opensuse:libqt4", "p-cpe:/a:novell:opensuse:libqt4-devel-doc-debugsource", "p-cpe:/a:novell:opensuse:libqt4-sql-32bit", "p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-qt3support", "cpe:/o:novell:opensuse:12.2", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-mysql-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-plugins-debugsource"], "id": "OPENSUSE-2014-44.NASL", "href": "https://www.tenable.com/plugins/nessus/75390", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-44.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75390);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-4549\");\n\n script_name(english:\"openSUSE Security Update : libqt4 (openSUSE-SU-2014:0070-1)\");\n script_summary(english:\"Check for the openSUSE-2014-44 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fixes XML Entity Expansion Denial of Service\n (bnc#856832, CVE-2013-4549)\n\n - add backported patch\n libqt4-disallow-deep-or-widely-nested-entity-references.\n patch\n\n - add backported patch\n libqt4-fully-expand-all-entities.patch\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=856832\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-01/msg00047.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libqt4 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-doc-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-doc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-doc-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-mysql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-mysql-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-plugins-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt4-x11-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt4-x11-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-debuginfo-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-debugsource-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-devel-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-devel-debuginfo-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-devel-doc-data-4.8.1-2.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-devel-doc-debuginfo-4.8.1-2.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-devel-doc-debugsource-4.8.1-2.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-private-headers-devel-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-qt3support-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-qt3support-debuginfo-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-sql-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-sql-debuginfo-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-sql-mysql-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-sql-mysql-debuginfo-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-sql-plugins-debugsource-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-sql-postgresql-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-sql-postgresql-debuginfo-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-sql-sqlite-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-sql-sqlite-debuginfo-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-sql-unixODBC-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-sql-unixODBC-debuginfo-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-x11-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-x11-debuginfo-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"qt4-x11-tools-4.8.1-2.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"qt4-x11-tools-debuginfo-4.8.1-2.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-32bit-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-debuginfo-32bit-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-qt3support-32bit-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-qt3support-debuginfo-32bit-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-sql-32bit-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-sql-debuginfo-32bit-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-sql-mysql-32bit-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-sql-mysql-debuginfo-32bit-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-sql-postgresql-32bit-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-sql-postgresql-debuginfo-32bit-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-sql-sqlite-32bit-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-sql-sqlite-debuginfo-32bit-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-sql-unixODBC-32bit-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-sql-unixODBC-debuginfo-32bit-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-x11-32bit-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-x11-debuginfo-32bit-4.8.1-2.20.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libqt4-devel-doc-data / libqt4-devel-doc-debuginfo / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}
