Debian DLA-1786-1 : qt4-x11 security update

2019-05-14T00:00:00

Description

Multiple issues have been addressed in Qt4. CVE-2018-15518 A double-free or corruption during parsing of a specially crafted illegal XML document. CVE-2018-19869 A malformed SVG image could cause a segmentation fault in qsvghandler.cpp. CVE-2018-19870 A malformed GIF image might have caused a NULL pointer dereference in QGifHandler resulting in a segmentation fault. CVE-2018-19871 There was an uncontrolled resource consumption in QTgaFile. CVE-2018-19873 QBmpHandler had a buffer overflow via BMP data. For Debian 8 'Jessie', these problems have been fixed in version 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2. We recommend that you upgrade your qt4-x11 packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

{"id": "DEBIAN_DLA-1786.NASL", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DLA-1786-1 : qt4-x11 security update", "description": "Multiple issues have been addressed in Qt4.\n\nCVE-2018-15518\n\nA double-free or corruption during parsing of a specially crafted illegal XML document.\n\nCVE-2018-19869\n\nA malformed SVG image could cause a segmentation fault in qsvghandler.cpp.\n\nCVE-2018-19870\n\nA malformed GIF image might have caused a NULL pointer dereference in QGifHandler resulting in a segmentation fault.\n\nCVE-2018-19871\n\nThere was an uncontrolled resource consumption in QTgaFile.\n\nCVE-2018-19873\n\nQBmpHandler had a buffer overflow via BMP data.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2.\n\nWe recommend that you upgrade your qt4-x11 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2019-05-14T00:00:00", "modified": "2021-01-11T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/124875", "reporter": "This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19873", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19870", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19871", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19869", "https://packages.debian.org/source/jessie/qt4-x11", "https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15518"], "cvelist": ["CVE-2018-15518", "CVE-2018-19869", "CVE-2018-19870", "CVE-2018-19871", "CVE-2018-19873"], "immutableFields": [], "lastseen": "2021-08-19T12:22:51", "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:1665"]}, {"type": "amazon", "idList": ["ALAS2-2020-1397", "ALAS2-2020-1458"]}, {"type": "centos", "idList": ["CESA-2019:2135", "CESA-2020:1172"]}, {"type": "cve", "idList": ["CVE-2018-15518", "CVE-2018-19869", "CVE-2018-19870", "CVE-2018-19871", "CVE-2018-19873"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1627-1:B5712", "DEBIAN:DLA-1786-1:57AFC", "DEBIAN:DLA-1786-1:E10CC", "DEBIAN:DLA-2377-1:093E0", "DEBIAN:DLA-2422-1:FE256", "DEBIAN:DSA-4374-1:49FEA", "DEBIAN:DSA-4374-1:68641"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-15518", "DEBIANCVE:CVE-2018-19869", "DEBIANCVE:CVE-2018-19870", "DEBIANCVE:CVE-2018-19871", "DEBIANCVE:CVE-2018-19873"]}, {"type": "f5", "idList": ["F5:K08037765", "F5:K42941419"]}, {"type": "fedora", "idList": ["FEDORA:07B9D62EF550", "FEDORA:07C0062F0D09", "FEDORA:1E12462E5266", "FEDORA:2210262E5266", "FEDORA:22A6962F0D2C", "FEDORA:3B35C62E2398", "FEDORA:3F03B62E4679", "FEDORA:4317D62E2398", "FEDORA:54A1762E5266", "FEDORA:5662C62E4679", "FEDORA:6FAE062E5288", "FEDORA:70BD062E4679", "FEDORA:88DE562EF550", "FEDORA:8D40F62E467E", "FEDORA:A32B862EF568", "FEDORA:A53B062E4679", "FEDORA:A713A62E5292", "FEDORA:BED7562E467E", "FEDORA:C24EA62F0D01", "FEDORA:C2AB262E2398", "FEDORA:DF56F62E5288", "FEDORA:E0C5D62E2398"]}, {"type": "mageia", "idList": ["MGASA-2019-0025", "MGASA-2020-0204"]}, {"type": "nessus", "idList": ["AL2_ALAS-2020-1397.NASL", "AL2_ALAS-2020-1458.NASL", "ALMA_LINUX_ALSA-2020-1665.NASL", "CENTOS8_RHSA-2019-3390.NASL", "CENTOS8_RHSA-2020-1665.NASL", "CENTOS_RHSA-2019-2135.NASL", "CENTOS_RHSA-2020-1172.NASL", "DEBIAN_DLA-1627.NASL", "DEBIAN_DLA-2377.NASL", "DEBIAN_DLA-2422.NASL", "DEBIAN_DSA-4374.NASL", "EULEROS_SA-2019-1042.NASL", "EULEROS_SA-2019-1057.NASL", "EULEROS_SA-2019-1103.NASL", "EULEROS_SA-2019-1688.NASL", "EULEROS_SA-2019-1746.NASL", "EULEROS_SA-2019-2012.NASL", "EULEROS_SA-2019-2186.NASL", "EULEROS_SA-2019-2301.NASL", "EULEROS_SA-2019-2381.NASL", "EULEROS_SA-2019-2656.NASL", "EULEROS_SA-2020-1881.NASL", "EULEROS_SA-2020-2563.NASL", "FEDORA_2019-3C45BD2CC3.NASL", "NEWSTART_CGSL_NS-SA-2019-0217_QT5-QTBASE.NASL", "NEWSTART_CGSL_NS-SA-2019-0236_QT5-QTBASE.NASL", "NEWSTART_CGSL_NS-SA-2020-0040_QT5-QTIMAGEFORMATS.NASL", "NEWSTART_CGSL_NS-SA-2020-0042_QT5-QTSVG.NASL", "NEWSTART_CGSL_NS-SA-2020-0062_QT.NASL", "NEWSTART_CGSL_NS-SA-2020-0092_QT.NASL", "NEWSTART_CGSL_NS-SA-2020-0099_QT5-QTIMAGEFORMATS.NASL", "NEWSTART_CGSL_NS-SA-2020-0111_QT5-QTSVG.NASL", "OPENSUSE-2018-1592.NASL", "OPENSUSE-2019-1115.NASL", "OPENSUSE-2019-1116.NASL", "OPENSUSE-2019-1239.NASL", "OPENSUSE-2019-265.NASL", "OPENSUSE-2020-1452.NASL", "OPENSUSE-2020-1501.NASL", "REDHAT-RHSA-2019-2135.NASL", "REDHAT-RHSA-2019-3390.NASL", "REDHAT-RHSA-2020-1172.NASL", "REDHAT-RHSA-2020-1665.NASL", "SL_20190806_QT5_ON_SL7_X.NASL", "SL_20200407_QT_ON_SL7_X.NASL", "SUSE_SU-2018-4179-1.NASL", "SUSE_SU-2018-4183-1.NASL", "SUSE_SU-2018-4210-1.NASL", "SUSE_SU-2018-4294-1.NASL", "SUSE_SU-2019-0447-1.NASL", "SUSE_SU-2019-0705-1.NASL", "SUSE_SU-2019-0706-1.NASL", "SUSE_SU-2019-0927-1.NASL", "SUSE_SU-2020-0317-1.NASL", "SUSE_SU-2020-0318-1.NASL", "SUSE_SU-2020-0319-1.NASL", "SUSE_SU-2020-1021-1.NASL", "SUSE_SU-2020-2923-1.NASL", "SUSE_SU-2020-2924-1.NASL", "UBUNTU_USN-4003-1.NASL", "UBUNTU_USN-5241-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704374", "OPENVAS:1361412562310844032", "OPENVAS:1361412562310852212", "OPENVAS:1361412562310852320", "OPENVAS:1361412562310852364", "OPENVAS:1361412562310852375", "OPENVAS:1361412562310852441", "OPENVAS:1361412562310875598", "OPENVAS:1361412562310875611", "OPENVAS:1361412562310875631", "OPENVAS:1361412562310875722", "OPENVAS:1361412562310875725", "OPENVAS:1361412562310875765", "OPENVAS:1361412562310875800", "OPENVAS:1361412562310875803", "OPENVAS:1361412562310875813", "OPENVAS:1361412562310875838", "OPENVAS:1361412562310875857", "OPENVAS:1361412562310875996", "OPENVAS:1361412562310876022", "OPENVAS:1361412562310876024", "OPENVAS:1361412562310876085", "OPENVAS:1361412562310876109", "OPENVAS:1361412562310876122", "OPENVAS:1361412562310876127", "OPENVAS:1361412562310876196", "OPENVAS:1361412562310876242", "OPENVAS:1361412562310876288", "OPENVAS:1361412562310876308", "OPENVAS:1361412562310891627", "OPENVAS:1361412562310891786", "OPENVAS:1361412562311220191042", "OPENVAS:1361412562311220191057", "OPENVAS:1361412562311220191103", "OPENVAS:1361412562311220191688", "OPENVAS:1361412562311220191746", "OPENVAS:1361412562311220192012", "OPENVAS:1361412562311220192186", "OPENVAS:1361412562311220192301", "OPENVAS:1361412562311220192381", "OPENVAS:1361412562311220192656"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-2135", "ELSA-2019-3390", "ELSA-2020-1172", "ELSA-2020-1665"]}, {"type": "osv", "idList": ["OSV:DLA-1627-1", "OSV:DLA-1786-1", "OSV:DLA-2377-1", "OSV:DLA-2422-1", "OSV:DSA-4374-1"]}, {"type": "qt", "idList": ["QT:CE083167141AA39DA6CB0209418EA74D"]}, {"type": "redhat", "idList": ["RHSA-2019:2135", "RHSA-2019:3390", "RHSA-2020:1172", "RHSA-2020:1665"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-15518", "RH:CVE-2018-19869", "RH:CVE-2018-19870", "RH:CVE-2018-19871", "RH:CVE-2018-19873"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:4261-1", "OPENSUSE-SU-2019:0265-1", "OPENSUSE-SU-2019:1115-1", "OPENSUSE-SU-2019:1116-1", "OPENSUSE-SU-2019:1239-1", "OPENSUSE-SU-2020:1452-1", "OPENSUSE-SU-2020:1500-1", "OPENSUSE-SU-2020:1501-1", "OPENSUSE-SU-2020:1530-1"]}, {"type": "ubuntu", "idList": ["USN-4003-1", "USN-5241-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-15518", "UB:CVE-2018-19869", "UB:CVE-2018-19870", "UB:CVE-2018-19871", "UB:CVE-2018-19873"]}, {"type": "veracode", "idList": ["VERACODE:21813", "VERACODE:21814", "VERACODE:21815", "VERACODE:22870"]}]}, "score": {"value": -0.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:1665"]}, {"type": "amazon", "idList": ["ALAS2-2020-1397", "ALAS2-2020-1458"]}, {"type": "centos", "idList": ["CESA-2019:2135"]}, {"type": "cve", "idList": ["CVE-2018-15518", "CVE-2018-19869", "CVE-2018-19870", "CVE-2018-19871", "CVE-2018-19873"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1627-1:B5712"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-15518", "DEBIANCVE:CVE-2018-19869", "DEBIANCVE:CVE-2018-19870", "DEBIANCVE:CVE-2018-19871", "DEBIANCVE:CVE-2018-19873"]}, {"type": "f5", "idList": ["F5:K42941419"]}, {"type": "fedora", "idList": ["FEDORA:07B9D62EF550", "FEDORA:07C0062F0D09", "FEDORA:1E12462E5266", "FEDORA:2210262E5266", "FEDORA:22A6962F0D2C", "FEDORA:3B35C62E2398", "FEDORA:3F03B62E4679", "FEDORA:4317D62E2398", "FEDORA:54A1762E5266", "FEDORA:5662C62E4679", "FEDORA:6FAE062E5288", "FEDORA:70BD062E4679", "FEDORA:88DE562EF550", "FEDORA:8D40F62E467E", "FEDORA:A32B862EF568", "FEDORA:A53B062E4679", "FEDORA:A713A62E5292", "FEDORA:BED7562E467E", "FEDORA:C24EA62F0D01", "FEDORA:C2AB262E2398", "FEDORA:DF56F62E5288", "FEDORA:E0C5D62E2398"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-1627.NASL", "OPENSUSE-2018-1592.NASL", "SUSE_SU-2018-4179-1.NASL", "SUSE_SU-2018-4183-1.NASL", "SUSE_SU-2018-4210-1.NASL", "SUSE_SU-2018-4294-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310844032", "OPENVAS:1361412562310852212", "OPENVAS:1361412562310891627"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-2135"]}, {"type": "qt", "idList": ["QT:CE083167141AA39DA6CB0209418EA74D"]}, {"type": "redhat", "idList": ["RHSA-2020:1665"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-15518", "RH:CVE-2018-19869", "RH:CVE-2018-19870", "RH:CVE-2018-19871", "RH:CVE-2018-19873"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:4261-1"]}, {"type": "ubuntu", "idList": ["USN-4003-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-15518", "UB:CVE-2018-19869", "UB:CVE-2018-19870", "UB:CVE-2018-19871", "UB:CVE-2018-19873"]}]}, "exploitation": null, "vulnersScore": -0.3}, "pluginID": "124875", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1786-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124875);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-15518\", \"CVE-2018-19869\", \"CVE-2018-19870\", \"CVE-2018-19871\", \"CVE-2018-19873\");\n\n script_name(english:\"Debian DLA-1786-1 : qt4-x11 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple issues have been addressed in Qt4.\n\nCVE-2018-15518\n\nA double-free or corruption during parsing of a specially crafted\nillegal XML document.\n\nCVE-2018-19869\n\nA malformed SVG image could cause a segmentation fault in\nqsvghandler.cpp.\n\nCVE-2018-19870\n\nA malformed GIF image might have caused a NULL pointer dereference in\nQGifHandler resulting in a segmentation fault.\n\nCVE-2018-19871\n\nThere was an uncontrolled resource consumption in QTgaFile.\n\nCVE-2018-19873\n\nQBmpHandler had a buffer overflow via BMP data.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2.\n\nWe recommend that you upgrade your qt4-x11 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/qt4-x11\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-assistant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-dbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-declarative\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-declarative-folderlistmodel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-declarative-gestures\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-declarative-particles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-declarative-shaders\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-designer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-designer-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-dev-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-help\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-opengl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-opengl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-phonon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-private-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-qt3support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-qt3support-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-script\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-script-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-scripttools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-sql-ibase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-sql-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-sql-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-sql-psql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-sql-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-sql-sqlite2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-sql-tds\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-svg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-webkit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-webkit-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-xmlpatterns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-xmlpatterns-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqtcore4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqtdbus4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqtgui4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qdbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt4-bin-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt4-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt4-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt4-demos-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt4-designer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt4-dev-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt4-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt4-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt4-linguist-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt4-qmake\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt4-qmlviewer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt4-qtconfig\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qtcore4-l10n\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libqt4-assistant\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt4-core\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt4-dbg\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt4-dbus\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt4-declarative\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt4-declarative-folderlistmodel\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt4-declarative-gestures\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt4-declarative-particles\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt4-declarative-shaders\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt4-designer\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt4-designer-dbg\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt4-dev\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt4-dev-bin\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt4-gui\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt4-help\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt4-network\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt4-opengl\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt4-opengl-dev\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt4-phonon\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt4-private-dev\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt4-qt3support\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt4-qt3support-dbg\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt4-script\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt4-script-dbg\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt4-scripttools\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt4-sql\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt4-sql-ibase\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt4-sql-mysql\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt4-sql-odbc\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt4-sql-psql\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt4-sql-sqlite\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt4-sql-sqlite2\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt4-sql-tds\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt4-svg\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt4-test\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt4-webkit\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt4-webkit-dbg\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt4-xml\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt4-xmlpatterns\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt4-xmlpatterns-dbg\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqtcore4\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqtdbus4\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqtgui4\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qdbus\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qt4-bin-dbg\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qt4-default\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qt4-demos\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qt4-demos-dbg\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qt4-designer\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qt4-dev-tools\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qt4-doc\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qt4-doc-html\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qt4-linguist-tools\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qt4-qmake\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qt4-qmlviewer\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qt4-qtconfig\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qtcore4-l10n\", reference:\"4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["p-cpe:/a:debian:debian_linux:libqt4-assistant", "p-cpe:/a:debian:debian_linux:libqt4-core", "p-cpe:/a:debian:debian_linux:libqt4-dbg", "p-cpe:/a:debian:debian_linux:libqt4-dbus", "p-cpe:/a:debian:debian_linux:libqt4-declarative", "p-cpe:/a:debian:debian_linux:libqt4-declarative-folderlistmodel", "p-cpe:/a:debian:debian_linux:libqt4-declarative-gestures", "p-cpe:/a:debian:debian_linux:libqt4-declarative-particles", "p-cpe:/a:debian:debian_linux:libqt4-declarative-shaders", "p-cpe:/a:debian:debian_linux:libqt4-designer", "p-cpe:/a:debian:debian_linux:libqt4-designer-dbg", "p-cpe:/a:debian:debian_linux:libqt4-dev", "p-cpe:/a:debian:debian_linux:libqt4-dev-bin", "p-cpe:/a:debian:debian_linux:libqt4-gui", "p-cpe:/a:debian:debian_linux:libqt4-help", "p-cpe:/a:debian:debian_linux:libqt4-network", "p-cpe:/a:debian:debian_linux:libqt4-opengl", "p-cpe:/a:debian:debian_linux:libqt4-opengl-dev", "p-cpe:/a:debian:debian_linux:libqt4-phonon", "p-cpe:/a:debian:debian_linux:libqt4-private-dev", "p-cpe:/a:debian:debian_linux:libqt4-qt3support", "p-cpe:/a:debian:debian_linux:libqt4-qt3support-dbg", "p-cpe:/a:debian:debian_linux:libqt4-script", "p-cpe:/a:debian:debian_linux:libqt4-script-dbg", "p-cpe:/a:debian:debian_linux:libqt4-scripttools", "p-cpe:/a:debian:debian_linux:libqt4-sql", "p-cpe:/a:debian:debian_linux:libqt4-sql-ibase", "p-cpe:/a:debian:debian_linux:libqt4-sql-mysql", "p-cpe:/a:debian:debian_linux:libqt4-sql-odbc", "p-cpe:/a:debian:debian_linux:libqt4-sql-psql", "p-cpe:/a:debian:debian_linux:libqt4-sql-sqlite", "p-cpe:/a:debian:debian_linux:libqt4-sql-sqlite2", "p-cpe:/a:debian:debian_linux:libqt4-sql-tds", "p-cpe:/a:debian:debian_linux:libqt4-svg", "p-cpe:/a:debian:debian_linux:libqt4-test", "p-cpe:/a:debian:debian_linux:libqt4-webkit", "p-cpe:/a:debian:debian_linux:libqt4-webkit-dbg", "p-cpe:/a:debian:debian_linux:libqt4-xml", "p-cpe:/a:debian:debian_linux:libqt4-xmlpatterns", "p-cpe:/a:debian:debian_linux:libqt4-xmlpatterns-dbg", "p-cpe:/a:debian:debian_linux:libqtcore4", "p-cpe:/a:debian:debian_linux:libqtdbus4", "p-cpe:/a:debian:debian_linux:libqtgui4", "p-cpe:/a:debian:debian_linux:qdbus", "p-cpe:/a:debian:debian_linux:qt4-bin-dbg", "p-cpe:/a:debian:debian_linux:qt4-default", "p-cpe:/a:debian:debian_linux:qt4-demos", "p-cpe:/a:debian:debian_linux:qt4-demos-dbg", "p-cpe:/a:debian:debian_linux:qt4-designer", "p-cpe:/a:debian:debian_linux:qt4-dev-tools", "p-cpe:/a:debian:debian_linux:qt4-doc", "p-cpe:/a:debian:debian_linux:qt4-doc-html", "p-cpe:/a:debian:debian_linux:qt4-linguist-tools", "p-cpe:/a:debian:debian_linux:qt4-qmake", "p-cpe:/a:debian:debian_linux:qt4-qmlviewer", "p-cpe:/a:debian:debian_linux:qt4-qtconfig", "p-cpe:/a:debian:debian_linux:qtcore4-l10n", "cpe:/o:debian:debian_linux:8.0"], "solution": "Upgrade the affected packages.", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "5.9"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2019-05-14T00:00:00", "vulnerabilityPublicationDate": "2018-12-26T00:00:00", "exploitableWith": [], "_state": {"dependencies": 1659998956, "score": 1659982289}, "_internal": {"score_hash": "1def6dc99cdfd2c0496e527d5dd41c69"}, "vendor_cvss2": {}, "vendor_cvss3": {}}

{"nessus": [{"lastseen": "2023-01-11T15:22:52", "description": "An update is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nQt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt.\n\nThe following packages have been upgraded to a later upstream version:\nqt5-qt3d (5.9.7), qt5-qtbase (5.9.7), qt5-qtcanvas3d (5.9.7), qt5-qtconnectivity (5.9.7), qt5-qtdeclarative (5.9.7), qt5-qtdoc (5.9.7), qt5-qtgraphicaleffects (5.9.7), qt5-qtimageformats (5.9.7), qt5-qtlocation (5.9.7), qt5-qtmultimedia (5.9.7), qt5-qtquickcontrols (5.9.7), qt5-qtquickcontrols2 (5.9.7), qt5-qtscript (5.9.7), qt5-qtsensors (5.9.7), qt5-qtserialbus (5.9.7), qt5-qtserialport (5.9.7), qt5-qtsvg (5.9.7), qt5-qttools (5.9.7), qt5-qttranslations (5.9.7), qt5-qtwayland (5.9.7), qt5-qtwebchannel (5.9.7), qt5-qtwebsockets (5.9.7), qt5-qtx11extras (5.9.7), qt5-qtxmlpatterns (5.9.7). (BZ#1564000, BZ#1564001, BZ#1564002, BZ#1564003, BZ#1564004, BZ#1564006, BZ# 1564007, BZ#1564008, BZ#1564009, BZ#1564010, BZ#1564011, BZ#1564012, BZ# 1564013, BZ#1564014, BZ#1564015, BZ#1564016, BZ#1564017, BZ#1564018, BZ# 1564019, BZ#1564020, BZ#1564021, BZ#1564022, BZ#1564023, BZ#1564024)\n\nSecurity Fix(es) :\n\n* qt5-qtbase: Double free in QXmlStreamReader (CVE-2018-15518)\n\n* qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service (CVE-2018-19869)\n\n* qt5-qtbase: QImage allocation failure in qgifhandler (CVE-2018-19870)\n\n* qt5-qtimageformats: QTgaFile CPU exhaustion (CVE-2018-19871)\n\n* qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file (CVE-2018-19873)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-08-30T00:00:00", "type": "nessus", "title": "CentOS 7 : qt5-qt3d / qt5-qtbase / qt5-qtcanvas3d / qt5-qtconnectivity / qt5-qtdeclarative / etc (CESA-2019:2135)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15518", "CVE-2018-19869", "CVE-2018-19870", "CVE-2018-19871", "CVE-2018-19873"], "modified": "2019-12-31T00:00:00", "cpe": ["p-cpe:/a:centos:centos:qt5-assistant", "p-cpe:/a:centos:centos:qt5-designer", "p-cpe:/a:centos:centos:qt5-doctools", "p-cpe:/a:centos:centos:qt5-linguist", "p-cpe:/a:centos:centos:qt5-qdbusviewer", "p-cpe:/a:centos:centos:qt5-qt3d", "p-cpe:/a:centos:centos:qt5-qt3d-devel", "p-cpe:/a:centos:centos:qt5-qt3d-doc", "p-cpe:/a:centos:centos:qt5-qt3d-examples", "p-cpe:/a:centos:centos:qt5-qtbase", "p-cpe:/a:centos:centos:qt5-qtbase-common", "p-cpe:/a:centos:centos:qt5-qtbase-devel", "p-cpe:/a:centos:centos:qt5-qtbase-doc", "p-cpe:/a:centos:centos:qt5-qtbase-examples", "p-cpe:/a:centos:centos:qt5-qtbase-gui", "p-cpe:/a:centos:centos:qt5-qtbase-mysql", "p-cpe:/a:centos:centos:qt5-qtbase-odbc", "p-cpe:/a:centos:centos:qt5-qtbase-postgresql", "p-cpe:/a:centos:centos:qt5-qtbase-static", "p-cpe:/a:centos:centos:qt5-qtcanvas3d", "p-cpe:/a:centos:centos:qt5-qtcanvas3d-doc", "p-cpe:/a:centos:centos:qt5-qtcanvas3d-examples", "p-cpe:/a:centos:centos:qt5-qtconnectivity", "p-cpe:/a:centos:centos:qt5-qtconnectivity-devel", "p-cpe:/a:centos:centos:qt5-qtconnectivity-doc", "p-cpe:/a:centos:centos:qt5-qtconnectivity-examples", "p-cpe:/a:centos:centos:qt5-qtdeclarative", "p-cpe:/a:centos:centos:qt5-qtdeclarative-devel", "p-cpe:/a:centos:centos:qt5-qtdeclarative-doc", "p-cpe:/a:centos:centos:qt5-qtdeclarative-examples", "p-cpe:/a:centos:centos:qt5-qtdeclarative-static", "p-cpe:/a:centos:centos:qt5-qtdoc", "p-cpe:/a:centos:centos:qt5-qtgraphicaleffects", "p-cpe:/a:centos:centos:qt5-qtgraphicaleffects-doc", "p-cpe:/a:centos:centos:qt5-qtimageformats", "p-cpe:/a:centos:centos:qt5-qtimageformats-doc", "p-cpe:/a:centos:centos:qt5-qtlocation", "p-cpe:/a:centos:centos:qt5-qtlocation-devel", "p-cpe:/a:centos:centos:qt5-qtlocation-doc", "p-cpe:/a:centos:centos:qt5-qtlocation-examples", "p-cpe:/a:centos:centos:qt5-qtmultimedia", "p-cpe:/a:centos:centos:qt5-qtmultimedia-devel", "p-cpe:/a:centos:centos:qt5-qtmultimedia-doc", "p-cpe:/a:centos:centos:qt5-qtmultimedia-examples", "p-cpe:/a:centos:centos:qt5-qtquickcontrols", "p-cpe:/a:centos:centos:qt5-qtquickcontrols-doc", "p-cpe:/a:centos:centos:qt5-qtquickcontrols-examples", "p-cpe:/a:centos:centos:qt5-qtquickcontrols2", "p-cpe:/a:centos:centos:qt5-qtquickcontrols2-devel", "p-cpe:/a:centos:centos:qt5-qtquickcontrols2-doc", "p-cpe:/a:centos:centos:qt5-qtquickcontrols2-examples", "p-cpe:/a:centos:centos:qt5-qtscript", "p-cpe:/a:centos:centos:qt5-qtscript-devel", "p-cpe:/a:centos:centos:qt5-qtscript-doc", "p-cpe:/a:centos:centos:qt5-qtscript-examples", "p-cpe:/a:centos:centos:qt5-qtsensors", "p-cpe:/a:centos:centos:qt5-qtsensors-devel", "p-cpe:/a:centos:centos:qt5-qtsensors-doc", "p-cpe:/a:centos:centos:qt5-qtsensors-examples", "p-cpe:/a:centos:centos:qt5-qtserialbus", "p-cpe:/a:centos:centos:qt5-qtserialbus-devel", "p-cpe:/a:centos:centos:qt5-qtserialbus-doc", "p-cpe:/a:centos:centos:qt5-qtserialbus-examples", "p-cpe:/a:centos:centos:qt5-qtserialport", "p-cpe:/a:centos:centos:qt5-qtserialport-devel", "p-cpe:/a:centos:centos:qt5-qtserialport-doc", "p-cpe:/a:centos:centos:qt5-qtserialport-examples", "p-cpe:/a:centos:centos:qt5-qtsvg", "p-cpe:/a:centos:centos:qt5-qtsvg-devel", "p-cpe:/a:centos:centos:qt5-qtsvg-doc", "p-cpe:/a:centos:centos:qt5-qtsvg-examples", "p-cpe:/a:centos:centos:qt5-qttools", "p-cpe:/a:centos:centos:qt5-qttools-common", "p-cpe:/a:centos:centos:qt5-qttools-devel", "p-cpe:/a:centos:centos:qt5-qttools-doc", "p-cpe:/a:centos:centos:qt5-qttools-examples", "p-cpe:/a:centos:centos:qt5-qttools-libs-designer", "p-cpe:/a:centos:centos:qt5-qttools-libs-designercomponents", "p-cpe:/a:centos:centos:qt5-qttools-libs-help", "p-cpe:/a:centos:centos:qt5-qttools-static", "p-cpe:/a:centos:centos:qt5-qttranslations", "p-cpe:/a:centos:centos:qt5-qtwayland", "p-cpe:/a:centos:centos:qt5-qtwayland-devel", "p-cpe:/a:centos:centos:qt5-qtwayland-doc", "p-cpe:/a:centos:centos:qt5-qtwayland-examples", "p-cpe:/a:centos:centos:qt5-qtwebchannel", "p-cpe:/a:centos:centos:qt5-qtwebchannel-devel", "p-cpe:/a:centos:centos:qt5-qtwebchannel-doc", "p-cpe:/a:centos:centos:qt5-qtwebchannel-examples", "p-cpe:/a:centos:centos:qt5-qtwebsockets", "p-cpe:/a:centos:centos:qt5-qtwebsockets-devel", "p-cpe:/a:centos:centos:qt5-qtwebsockets-doc", "p-cpe:/a:centos:centos:qt5-qtwebsockets-examples", "p-cpe:/a:centos:centos:qt5-qtx11extras", "p-cpe:/a:centos:centos:qt5-qtx11extras-devel", "p-cpe:/a:centos:centos:qt5-qtx11extras-doc", "p-cpe:/a:centos:centos:qt5-qtxmlpatterns", "p-cpe:/a:centos:centos:qt5-qtxmlpatterns-devel", "p-cpe:/a:centos:centos:qt5-qtxmlpatterns-doc", "p-cpe:/a:centos:centos:qt5-qtxmlpatterns-examples", "p-cpe:/a:centos:centos:qt5-rpm-macros", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2019-2135.NASL", "href": "https://www.tenable.com/plugins/nessus/128359", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:2135 and \n# CentOS Errata and Security Advisory 2019:2135 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128359);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/31\");\n\n script_cve_id(\"CVE-2018-15518\", \"CVE-2018-19869\", \"CVE-2018-19870\", \"CVE-2018-19871\", \"CVE-2018-19873\");\n script_xref(name:\"RHSA\", value:\"2019:2135\");\n\n script_name(english:\"CentOS 7 : qt5-qt3d / qt5-qtbase / qt5-qtcanvas3d / qt5-qtconnectivity / qt5-qtdeclarative / etc (CESA-2019:2135)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nQt is a software toolkit for developing applications. The qt5-base\npackages contain base tools for string, xml, and network handling in\nQt.\n\nThe following packages have been upgraded to a later upstream version:\nqt5-qt3d (5.9.7), qt5-qtbase (5.9.7), qt5-qtcanvas3d (5.9.7),\nqt5-qtconnectivity (5.9.7), qt5-qtdeclarative (5.9.7), qt5-qtdoc\n(5.9.7), qt5-qtgraphicaleffects (5.9.7), qt5-qtimageformats (5.9.7),\nqt5-qtlocation (5.9.7), qt5-qtmultimedia (5.9.7), qt5-qtquickcontrols\n(5.9.7), qt5-qtquickcontrols2 (5.9.7), qt5-qtscript (5.9.7),\nqt5-qtsensors (5.9.7), qt5-qtserialbus (5.9.7), qt5-qtserialport\n(5.9.7), qt5-qtsvg (5.9.7), qt5-qttools (5.9.7), qt5-qttranslations\n(5.9.7), qt5-qtwayland (5.9.7), qt5-qtwebchannel (5.9.7),\nqt5-qtwebsockets (5.9.7), qt5-qtx11extras (5.9.7), qt5-qtxmlpatterns\n(5.9.7). (BZ#1564000, BZ#1564001, BZ#1564002, BZ#1564003, BZ#1564004,\nBZ#1564006, BZ# 1564007, BZ#1564008, BZ#1564009, BZ#1564010,\nBZ#1564011, BZ#1564012, BZ# 1564013, BZ#1564014, BZ#1564015,\nBZ#1564016, BZ#1564017, BZ#1564018, BZ# 1564019, BZ#1564020,\nBZ#1564021, BZ#1564022, BZ#1564023, BZ#1564024)\n\nSecurity Fix(es) :\n\n* qt5-qtbase: Double free in QXmlStreamReader (CVE-2018-15518)\n\n* qt5-qtsvg: Invalid parsing of malformed url reference resulting in a\ndenial of service (CVE-2018-19869)\n\n* qt5-qtbase: QImage allocation failure in qgifhandler\n(CVE-2018-19870)\n\n* qt5-qtimageformats: QTgaFile CPU exhaustion (CVE-2018-19871)\n\n* qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file\n(CVE-2018-19873)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.7 Release Notes linked from the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2019-August/006082.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cf56f728\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2019-August/006083.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5727a200\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2019-August/006084.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?aabd21d6\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2019-August/006085.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9330f2cf\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2019-August/006086.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bdf74c91\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2019-August/006087.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7d6c971b\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2019-August/006088.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f86c2d09\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2019-August/006089.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?454a41b6\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2019-August/006090.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1c1c5365\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2019-August/006091.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c3782cd4\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2019-August/006092.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5623576d\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2019-August/006093.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7211c3a9\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2019-August/006094.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?57f30089\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2019-August/006095.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?26d7e0e8\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2019-August/006096.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?105fea91\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2019-August/006097.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f3ad8483\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2019-August/006098.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ce89c712\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2019-August/006099.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?edda3ff8\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2019-August/006100.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7c905578\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2019-August/006101.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5ddcd928\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2019-August/006102.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fdbd8efb\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2019-August/006108.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?06c1b723\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2019-August/006109.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?37932487\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2019-August/006110.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?762704d9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-19873\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-assistant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-designer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-doctools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-linguist\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qdbusviewer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qt3d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qt3d-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qt3d-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qt3d-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtbase-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtbase-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtbase-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtbase-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtbase-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtbase-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtbase-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtbase-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtbase-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtcanvas3d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtcanvas3d-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtcanvas3d-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtconnectivity\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtconnectivity-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtconnectivity-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtconnectivity-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtdeclarative\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtdeclarative-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtdeclarative-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtdeclarative-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtdeclarative-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtgraphicaleffects\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtgraphicaleffects-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtimageformats\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtimageformats-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtlocation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtlocation-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtlocation-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtlocation-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtmultimedia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtmultimedia-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtmultimedia-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtmultimedia-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtquickcontrols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtquickcontrols-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtquickcontrols-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtquickcontrols2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtquickcontrols2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtquickcontrols2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtquickcontrols2-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtscript\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtscript-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtscript-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtscript-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtsensors\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtsensors-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtsensors-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtsensors-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtserialbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtserialbus-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtserialbus-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtserialbus-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtserialport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtserialport-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtserialport-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtserialport-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtsvg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtsvg-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtsvg-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtsvg-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qttools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qttools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qttools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qttools-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qttools-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qttools-libs-designer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qttools-libs-designercomponents\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qttools-libs-help\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qttools-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qttranslations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtwayland\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtwayland-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtwayland-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtwayland-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtwebchannel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtwebchannel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtwebchannel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtwebchannel-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtwebsockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtwebsockets-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtwebsockets-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtwebsockets-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtx11extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtx11extras-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtx11extras-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtxmlpatterns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtxmlpatterns-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtxmlpatterns-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtxmlpatterns-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-rpm-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-assistant-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-designer-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-doctools-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-linguist-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qdbusviewer-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qt3d-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qt3d-devel-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qt3d-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qt3d-examples-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtbase-5.9.7-2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtbase-common-5.9.7-2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtbase-devel-5.9.7-2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtbase-doc-5.9.7-2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtbase-examples-5.9.7-2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtbase-gui-5.9.7-2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtbase-mysql-5.9.7-2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtbase-odbc-5.9.7-2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtbase-postgresql-5.9.7-2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtbase-static-5.9.7-2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtcanvas3d-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtcanvas3d-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtcanvas3d-examples-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtconnectivity-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtconnectivity-devel-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtconnectivity-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtconnectivity-examples-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtdeclarative-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtdeclarative-devel-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtdeclarative-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtdeclarative-examples-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtdeclarative-static-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtdoc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtgraphicaleffects-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtgraphicaleffects-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtimageformats-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtimageformats-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtlocation-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtlocation-devel-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtlocation-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtlocation-examples-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtmultimedia-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtmultimedia-devel-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtmultimedia-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtmultimedia-examples-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtquickcontrols-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtquickcontrols-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtquickcontrols-examples-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtquickcontrols2-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtquickcontrols2-devel-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtquickcontrols2-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtquickcontrols2-examples-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtscript-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtscript-devel-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtscript-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtscript-examples-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtsensors-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtsensors-devel-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtsensors-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtsensors-examples-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtserialbus-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtserialbus-devel-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtserialbus-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtserialbus-examples-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtserialport-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtserialport-devel-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtserialport-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtserialport-examples-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtsvg-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtsvg-devel-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtsvg-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtsvg-examples-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qttools-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qttools-common-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qttools-devel-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qttools-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qttools-examples-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qttools-libs-designer-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qttools-libs-designercomponents-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qttools-libs-help-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qttools-static-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qttranslations-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtwayland-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtwayland-devel-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtwayland-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtwayland-examples-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtwebchannel-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtwebchannel-devel-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtwebchannel-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtwebchannel-examples-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtwebsockets-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtwebsockets-devel-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtwebsockets-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtwebsockets-examples-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtx11extras-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtx11extras-devel-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtx11extras-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtxmlpatterns-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtxmlpatterns-devel-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtxmlpatterns-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-qtxmlpatterns-examples-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt5-rpm-macros-5.9.7-2.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt5-assistant / qt5-designer / qt5-doctools / qt5-linguist / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:23:06", "description": "The following packages have been upgraded to a later upstream version:\nqt5-qt3d (5.9.7), qt5-qtbase (5.9.7), qt5-qtcanvas3d (5.9.7), qt5-qtconnectivity (5.9.7), qt5-qtdeclarative (5.9.7), qt5-qtdoc (5.9.7), qt5-qtgraphicaleffects (5.9.7), qt5-qtimageformats (5.9.7), qt5-qtlocation (5.9.7), qt5-qtmultimedia (5.9.7), qt5-qtquickcontrols (5.9.7), qt5-qtquickcontrols2 (5.9.7), qt5-qtscript (5.9.7), qt5-qtsensors (5.9.7), qt5-qtserialbus (5.9.7), qt5-qtserialport (5.9.7), qt5-qtsvg (5.9.7), qt5-qttools (5.9.7), qt5-qttranslations (5.9.7), qt5-qtwayland (5.9.7), qt5-qtwebchannel (5.9.7), qt5-qtwebsockets (5.9.7), qt5-qtx11extras (5.9.7), qt5-qtxmlpatterns (5.9.7).\n\nSecurity Fix(es) :\n\n - qt5-qtbase: Double free in QXmlStreamReader (CVE-2018-15518)\n\n - qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service (CVE-2018-19869)\n\n - qt5-qtbase: QImage allocation failure in qgifhandler (CVE-2018-19870)\n\n - qt5-qtimageformats: QTgaFile CPU exhaustion (CVE-2018-19871)\n\n - qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file (CVE-2018-19873)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-08-27T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : qt5 on SL7.x x86_64 (20190806)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15518", "CVE-2018-19869", "CVE-2018-19870", "CVE-2018-19871", "CVE-2018-19873"], "modified": "2020-02-24T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:qt5-assistant", "p-cpe:/a:fermilab:scientific_linux:qt5-designer", "p-cpe:/a:fermilab:scientific_linux:qt5-doctools", "p-cpe:/a:fermilab:scientific_linux:qt5-linguist", "p-cpe:/a:fermilab:scientific_linux:qt5-qdbusviewer", "p-cpe:/a:fermilab:scientific_linux:qt5-qt3d", "p-cpe:/a:fermilab:scientific_linux:qt5-qt3d-debuginfo", "p-cpe:/a:fermilab:scientific_linux:qt5-qt3d-devel", "p-cpe:/a:fermilab:scientific_linux:qt5-qt3d-doc", "p-cpe:/a:fermilab:scientific_linux:qt5-qt3d-examples", "p-cpe:/a:fermilab:scientific_linux:qt5-qtbase", "p-cpe:/a:fermilab:scientific_linux:qt5-qtbase-common", "p-cpe:/a:fermilab:scientific_linux:qt5-qtbase-debuginfo", "p-cpe:/a:fermilab:scientific_linux:qt5-qtbase-devel", "p-cpe:/a:fermilab:scientific_linux:qt5-qtbase-doc", "p-cpe:/a:fermilab:scientific_linux:qt5-qtbase-examples", "p-cpe:/a:fermilab:scientific_linux:qt5-qtbase-gui", "p-cpe:/a:fermilab:scientific_linux:qt5-qtbase-mysql", "p-cpe:/a:fermilab:scientific_linux:qt5-qtbase-odbc", "p-cpe:/a:fermilab:scientific_linux:qt5-qtbase-postgresql", "p-cpe:/a:fermilab:scientific_linux:qt5-qtbase-static", "p-cpe:/a:fermilab:scientific_linux:qt5-qtcanvas3d", "p-cpe:/a:fermilab:scientific_linux:qt5-qtcanvas3d-debuginfo", "p-cpe:/a:fermilab:scientific_linux:qt5-qtcanvas3d-doc", "p-cpe:/a:fermilab:scientific_linux:qt5-qtcanvas3d-examples", "p-cpe:/a:fermilab:scientific_linux:qt5-qtconnectivity", "p-cpe:/a:fermilab:scientific_linux:qt5-qtconnectivity-debuginfo", "p-cpe:/a:fermilab:scientific_linux:qt5-qtconnectivity-devel", "p-cpe:/a:fermilab:scientific_linux:qt5-qtconnectivity-doc", "p-cpe:/a:fermilab:scientific_linux:qt5-qtconnectivity-examples", "p-cpe:/a:fermilab:scientific_linux:qt5-qtdeclarative", "p-cpe:/a:fermilab:scientific_linux:qt5-qtdeclarative-debuginfo", "p-cpe:/a:fermilab:scientific_linux:qt5-qtdeclarative-devel", "p-cpe:/a:fermilab:scientific_linux:qt5-qtdeclarative-doc", "p-cpe:/a:fermilab:scientific_linux:qt5-qtdeclarative-examples", "p-cpe:/a:fermilab:scientific_linux:qt5-qtdeclarative-static", "p-cpe:/a:fermilab:scientific_linux:qt5-qtdoc", "p-cpe:/a:fermilab:scientific_linux:qt5-qtgraphicaleffects", "p-cpe:/a:fermilab:scientific_linux:qt5-qtgraphicaleffects-debuginfo", "p-cpe:/a:fermilab:scientific_linux:qt5-qtgraphicaleffects-doc", "p-cpe:/a:fermilab:scientific_linux:qt5-qtimageformats", "p-cpe:/a:fermilab:scientific_linux:qt5-qtimageformats-debuginfo", "p-cpe:/a:fermilab:scientific_linux:qt5-qtimageformats-doc", "p-cpe:/a:fermilab:scientific_linux:qt5-qtlocation", "p-cpe:/a:fermilab:scientific_linux:qt5-qtlocation-debuginfo", "p-cpe:/a:fermilab:scientific_linux:qt5-qtlocation-devel", "p-cpe:/a:fermilab:scientific_linux:qt5-qtlocation-doc", "p-cpe:/a:fermilab:scientific_linux:qt5-qtlocation-examples", "p-cpe:/a:fermilab:scientific_linux:qt5-qtmultimedia", "p-cpe:/a:fermilab:scientific_linux:qt5-qtmultimedia-debuginfo", "p-cpe:/a:fermilab:scientific_linux:qt5-qtmultimedia-devel", "p-cpe:/a:fermilab:scientific_linux:qt5-qtmultimedia-doc", "p-cpe:/a:fermilab:scientific_linux:qt5-qtmultimedia-examples", "p-cpe:/a:fermilab:scientific_linux:qt5-qtquickcontrols", "p-cpe:/a:fermilab:scientific_linux:qt5-qtquickcontrols-debuginfo", "p-cpe:/a:fermilab:scientific_linux:qt5-qtquickcontrols-doc", "p-cpe:/a:fermilab:scientific_linux:qt5-qtquickcontrols-examples", "p-cpe:/a:fermilab:scientific_linux:qt5-qtquickcontrols2", "p-cpe:/a:fermilab:scientific_linux:qt5-qtquickcontrols2-debuginfo", "p-cpe:/a:fermilab:scientific_linux:qt5-qtquickcontrols2-devel", "p-cpe:/a:fermilab:scientific_linux:qt5-qtquickcontrols2-doc", "p-cpe:/a:fermilab:scientific_linux:qt5-qtquickcontrols2-examples", "p-cpe:/a:fermilab:scientific_linux:qt5-qtscript", "p-cpe:/a:fermilab:scientific_linux:qt5-qtscript-debuginfo", "p-cpe:/a:fermilab:scientific_linux:qt5-qtscript-devel", "p-cpe:/a:fermilab:scientific_linux:qt5-qtscript-doc", "p-cpe:/a:fermilab:scientific_linux:qt5-qtscript-examples", "p-cpe:/a:fermilab:scientific_linux:qt5-qtsensors", "p-cpe:/a:fermilab:scientific_linux:qt5-qtsensors-debuginfo", "p-cpe:/a:fermilab:scientific_linux:qt5-qtsensors-devel", "p-cpe:/a:fermilab:scientific_linux:qt5-qtsensors-doc", "p-cpe:/a:fermilab:scientific_linux:qt5-qtsensors-examples", "p-cpe:/a:fermilab:scientific_linux:qt5-qtserialbus", "p-cpe:/a:fermilab:scientific_linux:qt5-qtserialbus-debuginfo", "p-cpe:/a:fermilab:scientific_linux:qt5-qtserialbus-devel", "p-cpe:/a:fermilab:scientific_linux:qt5-qtserialbus-doc", "p-cpe:/a:fermilab:scientific_linux:qt5-qtserialbus-examples", "p-cpe:/a:fermilab:scientific_linux:qt5-qtserialport", "p-cpe:/a:fermilab:scientific_linux:qt5-qtserialport-debuginfo", "p-cpe:/a:fermilab:scientific_linux:qt5-qtserialport-devel", "p-cpe:/a:fermilab:scientific_linux:qt5-qtserialport-doc", "p-cpe:/a:fermilab:scientific_linux:qt5-qtserialport-examples", "p-cpe:/a:fermilab:scientific_linux:qt5-qtsvg", "p-cpe:/a:fermilab:scientific_linux:qt5-qtsvg-debuginfo", "p-cpe:/a:fermilab:scientific_linux:qt5-qtsvg-devel", "p-cpe:/a:fermilab:scientific_linux:qt5-qtsvg-doc", "p-cpe:/a:fermilab:scientific_linux:qt5-qtsvg-examples", "p-cpe:/a:fermilab:scientific_linux:qt5-qttools", "p-cpe:/a:fermilab:scientific_linux:qt5-qttools-common", "p-cpe:/a:fermilab:scientific_linux:qt5-qttools-debuginfo", "p-cpe:/a:fermilab:scientific_linux:qt5-qttools-devel", "p-cpe:/a:fermilab:scientific_linux:qt5-qttools-doc", "p-cpe:/a:fermilab:scientific_linux:qt5-qttools-examples", "p-cpe:/a:fermilab:scientific_linux:qt5-qttools-libs-designer", "p-cpe:/a:fermilab:scientific_linux:qt5-qttools-libs-designercomponents", "p-cpe:/a:fermilab:scientific_linux:qt5-qttools-libs-help", "p-cpe:/a:fermilab:scientific_linux:qt5-qttools-static", "p-cpe:/a:fermilab:scientific_linux:qt5-qttranslations", "p-cpe:/a:fermilab:scientific_linux:qt5-qtwayland", "p-cpe:/a:fermilab:scientific_linux:qt5-qtwayland-debuginfo", "p-cpe:/a:fermilab:scientific_linux:qt5-qtwayland-devel", "p-cpe:/a:fermilab:scientific_linux:qt5-qtwayland-doc", "p-cpe:/a:fermilab:scientific_linux:qt5-qtwayland-examples", "p-cpe:/a:fermilab:scientific_linux:qt5-qtwebchannel", "p-cpe:/a:fermilab:scientific_linux:qt5-qtwebchannel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:qt5-qtwebchannel-devel", "p-cpe:/a:fermilab:scientific_linux:qt5-qtwebchannel-doc", "p-cpe:/a:fermilab:scientific_linux:qt5-qtwebchannel-examples", "p-cpe:/a:fermilab:scientific_linux:qt5-qtwebsockets", "p-cpe:/a:fermilab:scientific_linux:qt5-qtwebsockets-debuginfo", "p-cpe:/a:fermilab:scientific_linux:qt5-qtwebsockets-devel", "p-cpe:/a:fermilab:scientific_linux:qt5-qtwebsockets-doc", "p-cpe:/a:fermilab:scientific_linux:qt5-qtwebsockets-examples", "p-cpe:/a:fermilab:scientific_linux:qt5-qtx11extras", "p-cpe:/a:fermilab:scientific_linux:qt5-qtx11extras-debuginfo", "p-cpe:/a:fermilab:scientific_linux:qt5-qtx11extras-devel", "p-cpe:/a:fermilab:scientific_linux:qt5-qtx11extras-doc", "p-cpe:/a:fermilab:scientific_linux:qt5-qtxmlpatterns", "p-cpe:/a:fermilab:scientific_linux:qt5-qtxmlpatterns-debuginfo", "p-cpe:/a:fermilab:scientific_linux:qt5-qtxmlpatterns-devel", "p-cpe:/a:fermilab:scientific_linux:qt5-qtxmlpatterns-doc", "p-cpe:/a:fermilab:scientific_linux:qt5-qtxmlpatterns-examples", "p-cpe:/a:fermilab:scientific_linux:qt5-rpm-macros", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20190806_QT5_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/128258", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128258);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2018-15518\", \"CVE-2018-19869\", \"CVE-2018-19870\", \"CVE-2018-19871\", \"CVE-2018-19873\");\n\n script_name(english:\"Scientific Linux Security Update : qt5 on SL7.x x86_64 (20190806)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following packages have been upgraded to a later upstream version:\nqt5-qt3d (5.9.7), qt5-qtbase (5.9.7), qt5-qtcanvas3d (5.9.7),\nqt5-qtconnectivity (5.9.7), qt5-qtdeclarative (5.9.7), qt5-qtdoc\n(5.9.7), qt5-qtgraphicaleffects (5.9.7), qt5-qtimageformats (5.9.7),\nqt5-qtlocation (5.9.7), qt5-qtmultimedia (5.9.7), qt5-qtquickcontrols\n(5.9.7), qt5-qtquickcontrols2 (5.9.7), qt5-qtscript (5.9.7),\nqt5-qtsensors (5.9.7), qt5-qtserialbus (5.9.7), qt5-qtserialport\n(5.9.7), qt5-qtsvg (5.9.7), qt5-qttools (5.9.7), qt5-qttranslations\n(5.9.7), qt5-qtwayland (5.9.7), qt5-qtwebchannel (5.9.7),\nqt5-qtwebsockets (5.9.7), qt5-qtx11extras (5.9.7), qt5-qtxmlpatterns\n(5.9.7).\n\nSecurity Fix(es) :\n\n - qt5-qtbase: Double free in QXmlStreamReader\n (CVE-2018-15518)\n\n - qt5-qtsvg: Invalid parsing of malformed url reference\n resulting in a denial of service (CVE-2018-19869)\n\n - qt5-qtbase: QImage allocation failure in qgifhandler\n (CVE-2018-19870)\n\n - qt5-qtimageformats: QTgaFile CPU exhaustion\n (CVE-2018-19871)\n\n - qt5-qtbase: QBmpHandler segmentation fault on malformed\n BMP file (CVE-2018-19873)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1908&L=SCIENTIFIC-LINUX-ERRATA&P=19876\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b1d81f52\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-assistant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-designer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-doctools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-linguist\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qdbusviewer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qt3d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qt3d-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qt3d-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qt3d-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qt3d-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtbase-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtbase-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtbase-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtbase-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtbase-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtbase-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtbase-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtbase-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtbase-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtbase-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtcanvas3d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtcanvas3d-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtcanvas3d-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtcanvas3d-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtconnectivity\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtconnectivity-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtconnectivity-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtconnectivity-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtconnectivity-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtdeclarative\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtdeclarative-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtdeclarative-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtdeclarative-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtdeclarative-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtdeclarative-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtgraphicaleffects\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtgraphicaleffects-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtgraphicaleffects-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtimageformats\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtimageformats-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtimageformats-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtlocation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtlocation-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtlocation-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtlocation-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtlocation-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtmultimedia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtmultimedia-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtmultimedia-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtmultimedia-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtmultimedia-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtquickcontrols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtquickcontrols-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtquickcontrols-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtquickcontrols-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtquickcontrols2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtquickcontrols2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtquickcontrols2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtquickcontrols2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtquickcontrols2-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtscript\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtscript-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtscript-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtscript-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtscript-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtsensors\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtsensors-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtsensors-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtsensors-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtsensors-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtserialbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtserialbus-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtserialbus-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtserialbus-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtserialbus-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtserialport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtserialport-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtserialport-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtserialport-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtserialport-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtsvg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtsvg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtsvg-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtsvg-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtsvg-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qttools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qttools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qttools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qttools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qttools-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qttools-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qttools-libs-designer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qttools-libs-designercomponents\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qttools-libs-help\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qttools-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qttranslations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtwayland\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtwayland-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtwayland-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtwayland-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtwayland-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtwebchannel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtwebchannel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtwebchannel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtwebchannel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtwebchannel-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtwebsockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtwebsockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtwebsockets-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtwebsockets-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtwebsockets-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtx11extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtx11extras-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtx11extras-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtx11extras-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtxmlpatterns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtxmlpatterns-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtxmlpatterns-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtxmlpatterns-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-qtxmlpatterns-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt5-rpm-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-assistant-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-designer-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-doctools-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-linguist-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qdbusviewer-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qt3d-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qt3d-debuginfo-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qt3d-devel-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"qt5-qt3d-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qt3d-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qt3d-examples-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtbase-5.9.7-2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"qt5-qtbase-common-5.9.7-2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtbase-common-5.9.7-2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtbase-debuginfo-5.9.7-2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtbase-devel-5.9.7-2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtbase-doc-5.9.7-2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtbase-examples-5.9.7-2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtbase-gui-5.9.7-2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtbase-mysql-5.9.7-2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtbase-odbc-5.9.7-2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtbase-postgresql-5.9.7-2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtbase-static-5.9.7-2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtcanvas3d-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtcanvas3d-debuginfo-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"qt5-qtcanvas3d-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtcanvas3d-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtcanvas3d-examples-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtconnectivity-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtconnectivity-debuginfo-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtconnectivity-devel-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"qt5-qtconnectivity-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtconnectivity-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtconnectivity-examples-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtdeclarative-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtdeclarative-debuginfo-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtdeclarative-devel-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtdeclarative-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtdeclarative-examples-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtdeclarative-static-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"qt5-qtdoc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtdoc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtgraphicaleffects-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtgraphicaleffects-debuginfo-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"qt5-qtgraphicaleffects-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtgraphicaleffects-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtimageformats-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtimageformats-debuginfo-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"qt5-qtimageformats-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtimageformats-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtlocation-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtlocation-debuginfo-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtlocation-devel-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"qt5-qtlocation-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtlocation-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtlocation-examples-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtmultimedia-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtmultimedia-debuginfo-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtmultimedia-devel-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"qt5-qtmultimedia-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtmultimedia-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtmultimedia-examples-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtquickcontrols-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtquickcontrols-debuginfo-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"qt5-qtquickcontrols-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtquickcontrols-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtquickcontrols-examples-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtquickcontrols2-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtquickcontrols2-debuginfo-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtquickcontrols2-devel-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtquickcontrols2-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtquickcontrols2-examples-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtscript-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtscript-debuginfo-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtscript-devel-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"qt5-qtscript-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtscript-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtscript-examples-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtsensors-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtsensors-debuginfo-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtsensors-devel-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"qt5-qtsensors-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtsensors-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtsensors-examples-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtserialbus-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtserialbus-debuginfo-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtserialbus-devel-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"qt5-qtserialbus-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtserialbus-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtserialbus-examples-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtserialport-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtserialport-debuginfo-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtserialport-devel-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"qt5-qtserialport-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtserialport-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtserialport-examples-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtsvg-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtsvg-debuginfo-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtsvg-devel-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"qt5-qtsvg-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtsvg-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtsvg-examples-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qttools-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"qt5-qttools-common-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qttools-common-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qttools-debuginfo-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qttools-devel-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"qt5-qttools-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qttools-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qttools-examples-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qttools-libs-designer-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qttools-libs-designercomponents-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qttools-libs-help-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qttools-static-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"qt5-qttranslations-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qttranslations-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtwayland-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtwayland-debuginfo-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtwayland-devel-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"qt5-qtwayland-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtwayland-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtwayland-examples-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtwebchannel-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtwebchannel-debuginfo-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtwebchannel-devel-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"qt5-qtwebchannel-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtwebchannel-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtwebchannel-examples-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtwebsockets-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtwebsockets-debuginfo-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtwebsockets-devel-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"qt5-qtwebsockets-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtwebsockets-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtwebsockets-examples-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtx11extras-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtx11extras-debuginfo-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtx11extras-devel-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"qt5-qtx11extras-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtx11extras-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtxmlpatterns-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtxmlpatterns-debuginfo-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtxmlpatterns-devel-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"qt5-qtxmlpatterns-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtxmlpatterns-doc-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-qtxmlpatterns-examples-5.9.7-1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"qt5-rpm-macros-5.9.7-2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt5-rpm-macros-5.9.7-2.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt5-assistant / qt5-designer / qt5-doctools / qt5-linguist / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:23:25", "description": "An update is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nQt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt.\n\nThe following packages have been upgraded to a later upstream version:\nqt5-qt3d (5.9.7), qt5-qtbase (5.9.7), qt5-qtcanvas3d (5.9.7), qt5-qtconnectivity (5.9.7), qt5-qtdeclarative (5.9.7), qt5-qtdoc (5.9.7), qt5-qtgraphicaleffects (5.9.7), qt5-qtimageformats (5.9.7), qt5-qtlocation (5.9.7), qt5-qtmultimedia (5.9.7), qt5-qtquickcontrols (5.9.7), qt5-qtquickcontrols2 (5.9.7), qt5-qtscript (5.9.7), qt5-qtsensors (5.9.7), qt5-qtserialbus (5.9.7), qt5-qtserialport (5.9.7), qt5-qtsvg (5.9.7), qt5-qttools (5.9.7), qt5-qttranslations (5.9.7), qt5-qtwayland (5.9.7), qt5-qtwebchannel (5.9.7), qt5-qtwebsockets (5.9.7), qt5-qtx11extras (5.9.7), qt5-qtxmlpatterns (5.9.7). (BZ#1564000, BZ#1564001, BZ#1564002, BZ#1564003, BZ#1564004, BZ#1564006, BZ# 1564007, BZ#1564008, BZ#1564009, BZ#1564010, BZ#1564011, BZ#1564012, BZ# 1564013, BZ#1564014, BZ#1564015, BZ#1564016, BZ#1564017, BZ#1564018, BZ# 1564019, BZ#1564020, BZ#1564021, BZ#1564022, BZ#1564023, BZ#1564024)\n\nSecurity Fix(es) :\n\n* qt5-qtbase: Double free in QXmlStreamReader (CVE-2018-15518)\n\n* qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service (CVE-2018-19869)\n\n* qt5-qtbase: QImage allocation failure in qgifhandler (CVE-2018-19870)\n\n* qt5-qtimageformats: QTgaFile CPU exhaustion (CVE-2018-19871)\n\n* qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file (CVE-2018-19873)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "RHEL 7 : qt5 (RHSA-2019:2135)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15518", "CVE-2018-19869", "CVE-2018-19870", "CVE-2018-19871", "CVE-2018-19873"], "modified": "2020-01-06T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:qt5-assistant", "p-cpe:/a:redhat:enterprise_linux:qt5-designer", "p-cpe:/a:redhat:enterprise_linux:qt5-doctools", "p-cpe:/a:redhat:enterprise_linux:qt5-linguist", "p-cpe:/a:redhat:enterprise_linux:qt5-qdbusviewer", "p-cpe:/a:redhat:enterprise_linux:qt5-qt3d", "p-cpe:/a:redhat:enterprise_linux:qt5-qt3d-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qt5-qt3d-devel", "p-cpe:/a:redhat:enterprise_linux:qt5-qt3d-doc", "p-cpe:/a:redhat:enterprise_linux:qt5-qt3d-examples", "p-cpe:/a:redhat:enterprise_linux:qt5-qtbase", "p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-common", "p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-devel", "p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-doc", "p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-examples", "p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-gui", "p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-mysql", "p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-odbc", "p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-postgresql", "p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-static", "p-cpe:/a:redhat:enterprise_linux:qt5-qtcanvas3d", "p-cpe:/a:redhat:enterprise_linux:qt5-qtcanvas3d-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qt5-qtcanvas3d-doc", "p-cpe:/a:redhat:enterprise_linux:qt5-qtcanvas3d-examples", "p-cpe:/a:redhat:enterprise_linux:qt5-qtconnectivity", "p-cpe:/a:redhat:enterprise_linux:qt5-qtconnectivity-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qt5-qtconnectivity-devel", "p-cpe:/a:redhat:enterprise_linux:qt5-qtconnectivity-doc", "p-cpe:/a:redhat:enterprise_linux:qt5-qtconnectivity-examples", "p-cpe:/a:redhat:enterprise_linux:qt5-qtdeclarative", "p-cpe:/a:redhat:enterprise_linux:qt5-qtdeclarative-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qt5-qtdeclarative-devel", "p-cpe:/a:redhat:enterprise_linux:qt5-qtdeclarative-doc", "p-cpe:/a:redhat:enterprise_linux:qt5-qtdeclarative-examples", "p-cpe:/a:redhat:enterprise_linux:qt5-qtdeclarative-static", "p-cpe:/a:redhat:enterprise_linux:qt5-qtdoc", "p-cpe:/a:redhat:enterprise_linux:qt5-qtgraphicaleffects", "p-cpe:/a:redhat:enterprise_linux:qt5-qtgraphicaleffects-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qt5-qtgraphicaleffects-doc", "p-cpe:/a:redhat:enterprise_linux:qt5-qtimageformats", "p-cpe:/a:redhat:enterprise_linux:qt5-qtimageformats-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qt5-qtimageformats-doc", "p-cpe:/a:redhat:enterprise_linux:qt5-qtlocation", "p-cpe:/a:redhat:enterprise_linux:qt5-qtlocation-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qt5-qtlocation-devel", "p-cpe:/a:redhat:enterprise_linux:qt5-qtlocation-doc", "p-cpe:/a:redhat:enterprise_linux:qt5-qtlocation-examples", "p-cpe:/a:redhat:enterprise_linux:qt5-qtmultimedia", "p-cpe:/a:redhat:enterprise_linux:qt5-qtmultimedia-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qt5-qtmultimedia-devel", "p-cpe:/a:redhat:enterprise_linux:qt5-qtmultimedia-doc", "p-cpe:/a:redhat:enterprise_linux:qt5-qtmultimedia-examples", "p-cpe:/a:redhat:enterprise_linux:qt5-qtquickcontrols", "p-cpe:/a:redhat:enterprise_linux:qt5-qtquickcontrols-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qt5-qtquickcontrols-doc", "p-cpe:/a:redhat:enterprise_linux:qt5-qtquickcontrols-examples", "p-cpe:/a:redhat:enterprise_linux:qt5-qtquickcontrols2", "p-cpe:/a:redhat:enterprise_linux:qt5-qtquickcontrols2-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qt5-qtquickcontrols2-devel", "p-cpe:/a:redhat:enterprise_linux:qt5-qtquickcontrols2-doc", "p-cpe:/a:redhat:enterprise_linux:qt5-qtquickcontrols2-examples", "p-cpe:/a:redhat:enterprise_linux:qt5-qtscript", "p-cpe:/a:redhat:enterprise_linux:qt5-qtscript-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qt5-qtscript-devel", "p-cpe:/a:redhat:enterprise_linux:qt5-qtscript-doc", "p-cpe:/a:redhat:enterprise_linux:qt5-qtscript-examples", "p-cpe:/a:redhat:enterprise_linux:qt5-qtsensors", "p-cpe:/a:redhat:enterprise_linux:qt5-qtsensors-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qt5-qtsensors-devel", "p-cpe:/a:redhat:enterprise_linux:qt5-qtsensors-doc", "p-cpe:/a:redhat:enterprise_linux:qt5-qtsensors-examples", "p-cpe:/a:redhat:enterprise_linux:qt5-qtserialbus", "p-cpe:/a:redhat:enterprise_linux:qt5-qtserialbus-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qt5-qtserialbus-devel", "p-cpe:/a:redhat:enterprise_linux:qt5-qtserialbus-doc", "p-cpe:/a:redhat:enterprise_linux:qt5-qtserialbus-examples", "p-cpe:/a:redhat:enterprise_linux:qt5-qtserialport", "p-cpe:/a:redhat:enterprise_linux:qt5-qtserialport-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qt5-qtserialport-devel", "p-cpe:/a:redhat:enterprise_linux:qt5-qtserialport-doc", "p-cpe:/a:redhat:enterprise_linux:qt5-qtserialport-examples", "p-cpe:/a:redhat:enterprise_linux:qt5-qtsvg", "p-cpe:/a:redhat:enterprise_linux:qt5-qtsvg-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qt5-qtsvg-devel", "p-cpe:/a:redhat:enterprise_linux:qt5-qtsvg-doc", "p-cpe:/a:redhat:enterprise_linux:qt5-qtsvg-examples", "p-cpe:/a:redhat:enterprise_linux:qt5-qttools", "p-cpe:/a:redhat:enterprise_linux:qt5-qttools-common", "p-cpe:/a:redhat:enterprise_linux:qt5-qttools-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qt5-qttools-devel", "p-cpe:/a:redhat:enterprise_linux:qt5-qttools-doc", "p-cpe:/a:redhat:enterprise_linux:qt5-qttools-examples", "p-cpe:/a:redhat:enterprise_linux:qt5-qttools-libs-designer", "p-cpe:/a:redhat:enterprise_linux:qt5-qttools-libs-designercomponents", "p-cpe:/a:redhat:enterprise_linux:qt5-qttools-libs-help", "p-cpe:/a:redhat:enterprise_linux:qt5-qttools-static", "p-cpe:/a:redhat:enterprise_linux:qt5-qttranslations", "p-cpe:/a:redhat:enterprise_linux:qt5-qtwayland", "p-cpe:/a:redhat:enterprise_linux:qt5-qtwayland-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qt5-qtwayland-devel", "p-cpe:/a:redhat:enterprise_linux:qt5-qtwayland-doc", "p-cpe:/a:redhat:enterprise_linux:qt5-qtwayland-examples", "p-cpe:/a:redhat:enterprise_linux:qt5-qtwebchannel", "p-cpe:/a:redhat:enterprise_linux:qt5-qtwebchannel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qt5-qtwebchannel-devel", "p-cpe:/a:redhat:enterprise_linux:qt5-qtwebchannel-doc", "p-cpe:/a:redhat:enterprise_linux:qt5-qtwebchannel-examples", "p-cpe:/a:redhat:enterprise_linux:qt5-qtwebsockets", "p-cpe:/a:redhat:enterprise_linux:qt5-qtwebsockets-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qt5-qtwebsockets-devel", "p-cpe:/a:redhat:enterprise_linux:qt5-qtwebsockets-doc", "p-cpe:/a:redhat:enterprise_linux:qt5-qtwebsockets-examples", "p-cpe:/a:redhat:enterprise_linux:qt5-qtx11extras", "p-cpe:/a:redhat:enterprise_linux:qt5-qtx11extras-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qt5-qtx11extras-devel", "p-cpe:/a:redhat:enterprise_linux:qt5-qtx11extras-doc", "p-cpe:/a:redhat:enterprise_linux:qt5-qtxmlpatterns", "p-cpe:/a:redhat:enterprise_linux:qt5-qtxmlpatterns-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qt5-qtxmlpatterns-devel", "p-cpe:/a:redhat:enterprise_linux:qt5-qtxmlpatterns-doc", "p-cpe:/a:redhat:enterprise_linux:qt5-qtxmlpatterns-examples", "p-cpe:/a:redhat:enterprise_linux:qt5-rpm-macros", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2019-2135.NASL", "href": "https://www.tenable.com/plugins/nessus/127679", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:2135. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127679);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2020/01/06\");\n\n script_cve_id(\"CVE-2018-15518\", \"CVE-2018-19869\", \"CVE-2018-19870\", \"CVE-2018-19871\", \"CVE-2018-19873\");\n script_xref(name:\"RHSA\", value:\"2019:2135\");\n\n script_name(english:\"RHEL 7 : qt5 (RHSA-2019:2135)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nQt is a software toolkit for developing applications. The qt5-base\npackages contain base tools for string, xml, and network handling in\nQt.\n\nThe following packages have been upgraded to a later upstream version:\nqt5-qt3d (5.9.7), qt5-qtbase (5.9.7), qt5-qtcanvas3d (5.9.7),\nqt5-qtconnectivity (5.9.7), qt5-qtdeclarative (5.9.7), qt5-qtdoc\n(5.9.7), qt5-qtgraphicaleffects (5.9.7), qt5-qtimageformats (5.9.7),\nqt5-qtlocation (5.9.7), qt5-qtmultimedia (5.9.7), qt5-qtquickcontrols\n(5.9.7), qt5-qtquickcontrols2 (5.9.7), qt5-qtscript (5.9.7),\nqt5-qtsensors (5.9.7), qt5-qtserialbus (5.9.7), qt5-qtserialport\n(5.9.7), qt5-qtsvg (5.9.7), qt5-qttools (5.9.7), qt5-qttranslations\n(5.9.7), qt5-qtwayland (5.9.7), qt5-qtwebchannel (5.9.7),\nqt5-qtwebsockets (5.9.7), qt5-qtx11extras (5.9.7), qt5-qtxmlpatterns\n(5.9.7). (BZ#1564000, BZ#1564001, BZ#1564002, BZ#1564003, BZ#1564004,\nBZ#1564006, BZ# 1564007, BZ#1564008, BZ#1564009, BZ#1564010,\nBZ#1564011, BZ#1564012, BZ# 1564013, BZ#1564014, BZ#1564015,\nBZ#1564016, BZ#1564017, BZ#1564018, BZ# 1564019, BZ#1564020,\nBZ#1564021, BZ#1564022, BZ#1564023, BZ#1564024)\n\nSecurity Fix(es) :\n\n* qt5-qtbase: Double free in QXmlStreamReader (CVE-2018-15518)\n\n* qt5-qtsvg: Invalid parsing of malformed url reference resulting in a\ndenial of service (CVE-2018-19869)\n\n* qt5-qtbase: QImage allocation failure in qgifhandler\n(CVE-2018-19870)\n\n* qt5-qtimageformats: QTgaFile CPU exhaustion (CVE-2018-19871)\n\n* qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file\n(CVE-2018-19873)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.7 Release Notes linked from the References section.\"\n );\n # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3395ff0b\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:2135\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-15518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-19869\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-19870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-19871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-19873\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-assistant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-designer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-doctools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-linguist\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qdbusviewer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qt3d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qt3d-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qt3d-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qt3d-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qt3d-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtcanvas3d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtcanvas3d-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtcanvas3d-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtcanvas3d-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtconnectivity\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtconnectivity-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtconnectivity-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtconnectivity-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtconnectivity-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtdeclarative\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtdeclarative-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtdeclarative-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtdeclarative-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtdeclarative-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtdeclarative-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtgraphicaleffects\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtgraphicaleffects-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtgraphicaleffects-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtimageformats\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtimageformats-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtimageformats-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtlocation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtlocation-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtlocation-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtlocation-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtlocation-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtmultimedia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtmultimedia-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtmultimedia-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtmultimedia-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtmultimedia-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtquickcontrols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtquickcontrols-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtquickcontrols-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtquickcontrols-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtquickcontrols2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtquickcontrols2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtquickcontrols2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtquickcontrols2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtquickcontrols2-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtscript\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtscript-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtscript-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtscript-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtscript-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtsensors\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtsensors-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtsensors-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtsensors-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtsensors-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtserialbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtserialbus-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtserialbus-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtserialbus-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtserialbus-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtserialport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtserialport-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtserialport-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtserialport-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtserialport-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtsvg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtsvg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtsvg-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtsvg-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtsvg-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qttools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qttools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qttools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qttools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qttools-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qttools-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qttools-libs-designer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qttools-libs-designercomponents\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qttools-libs-help\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qttools-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qttranslations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtwayland\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtwayland-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtwayland-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtwayland-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtwayland-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtwebchannel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtwebchannel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtwebchannel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtwebchannel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtwebchannel-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtwebsockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtwebsockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtwebsockets-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtwebsockets-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtwebsockets-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtx11extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtx11extras-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtx11extras-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtx11extras-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtxmlpatterns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtxmlpatterns-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtxmlpatterns-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtxmlpatterns-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtxmlpatterns-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-rpm-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:2135\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"qt5-assistant-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qt5-assistant-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-designer-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"qt5-doctools-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qt5-doctools-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"qt5-linguist-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qt5-linguist-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"qt5-qdbusviewer-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qt5-qdbusviewer-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qt3d-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qt3d-debuginfo-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qt3d-devel-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qt3d-doc-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"qt5-qt3d-examples-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qt5-qt3d-examples-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtbase-5.9.7-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtbase-common-5.9.7-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtbase-debuginfo-5.9.7-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtbase-devel-5.9.7-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"qt5-qtbase-doc-5.9.7-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qt5-qtbase-doc-5.9.7-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"qt5-qtbase-examples-5.9.7-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qt5-qtbase-examples-5.9.7-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtbase-gui-5.9.7-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtbase-mysql-5.9.7-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtbase-odbc-5.9.7-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtbase-postgresql-5.9.7-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtbase-static-5.9.7-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"qt5-qtcanvas3d-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qt5-qtcanvas3d-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"qt5-qtcanvas3d-debuginfo-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qt5-qtcanvas3d-debuginfo-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtcanvas3d-doc-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"qt5-qtcanvas3d-examples-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qt5-qtcanvas3d-examples-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtconnectivity-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtconnectivity-debuginfo-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtconnectivity-devel-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtconnectivity-doc-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"qt5-qtconnectivity-examples-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qt5-qtconnectivity-examples-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtdeclarative-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtdeclarative-debuginfo-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtdeclarative-devel-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"qt5-qtdeclarative-doc-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qt5-qtdeclarative-doc-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"qt5-qtdeclarative-examples-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qt5-qtdeclarative-examples-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtdeclarative-static-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtdoc-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtgraphicaleffects-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtgraphicaleffects-debuginfo-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtgraphicaleffects-doc-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtimageformats-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtimageformats-debuginfo-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtimageformats-doc-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtlocation-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtlocation-debuginfo-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtlocation-devel-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtlocation-doc-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"qt5-qtlocation-examples-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qt5-qtlocation-examples-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtmultimedia-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtmultimedia-debuginfo-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtmultimedia-devel-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtmultimedia-doc-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtmultimedia-examples-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"qt5-qtquickcontrols-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qt5-qtquickcontrols-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"qt5-qtquickcontrols-debuginfo-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qt5-qtquickcontrols-debuginfo-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtquickcontrols-doc-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"qt5-qtquickcontrols-examples-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qt5-qtquickcontrols-examples-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtquickcontrols2-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtquickcontrols2-debuginfo-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtquickcontrols2-devel-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"qt5-qtquickcontrols2-doc-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qt5-qtquickcontrols2-doc-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"qt5-qtquickcontrols2-examples-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qt5-qtquickcontrols2-examples-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtscript-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtscript-debuginfo-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtscript-devel-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtscript-doc-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"qt5-qtscript-examples-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qt5-qtscript-examples-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtsensors-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtsensors-debuginfo-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtsensors-devel-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtsensors-doc-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtsensors-examples-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtserialbus-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtserialbus-debuginfo-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtserialbus-devel-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtserialbus-doc-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"qt5-qtserialbus-examples-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qt5-qtserialbus-examples-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtserialport-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtserialport-debuginfo-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtserialport-devel-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtserialport-doc-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"qt5-qtserialport-examples-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qt5-qtserialport-examples-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtsvg-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtsvg-debuginfo-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtsvg-devel-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtsvg-doc-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"qt5-qtsvg-examples-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qt5-qtsvg-examples-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"qt5-qttools-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qt5-qttools-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qttools-common-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qttools-debuginfo-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qttools-devel-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qttools-doc-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"qt5-qttools-examples-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qt5-qttools-examples-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qttools-libs-designer-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qttools-libs-designercomponents-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qttools-libs-help-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qttools-static-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qttranslations-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"qt5-qtwayland-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qt5-qtwayland-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"qt5-qtwayland-debuginfo-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qt5-qtwayland-debuginfo-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"qt5-qtwayland-devel-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qt5-qtwayland-devel-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtwayland-doc-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qt5-qtwayland-examples-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtwebchannel-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtwebchannel-debuginfo-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtwebchannel-devel-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtwebchannel-doc-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"qt5-qtwebchannel-examples-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qt5-qtwebchannel-examples-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtwebsockets-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtwebsockets-debuginfo-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtwebsockets-devel-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtwebsockets-doc-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"qt5-qtwebsockets-examples-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qt5-qtwebsockets-examples-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtx11extras-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtx11extras-debuginfo-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtx11extras-devel-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtx11extras-doc-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtxmlpatterns-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtxmlpatterns-debuginfo-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtxmlpatterns-devel-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-qtxmlpatterns-doc-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"qt5-qtxmlpatterns-examples-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qt5-qtxmlpatterns-examples-5.9.7-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt5-rpm-macros-5.9.7-2.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt5-assistant / qt5-designer / qt5-doctools / qt5-linguist / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:09:44", "description": "* qt5-qtbase: Double free in QXmlStreamReader * qt: Malformed PPM image causing division by zero and crash in qppmhandler.cpp * qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service * qt5-qtbase: QImage allocation failure in qgifhandler * qt5-qtimageformats: QTgaFile CPU exhaustion * qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-21T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : qt on SL7.x x86_64 (20200407)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15518", "CVE-2018-19869", "CVE-2018-19870", "CVE-2018-19871", "CVE-2018-19872", "CVE-2018-19873"], "modified": "2020-04-24T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:qt", "p-cpe:/a:fermilab:scientific_linux:qt-assistant", "p-cpe:/a:fermilab:scientific_linux:qt-config", "p-cpe:/a:fermilab:scientific_linux:qt-debuginfo", "p-cpe:/a:fermilab:scientific_linux:qt-demos", "p-cpe:/a:fermilab:scientific_linux:qt-devel", "p-cpe:/a:fermilab:scientific_linux:qt-devel-private", "p-cpe:/a:fermilab:scientific_linux:qt-doc", "p-cpe:/a:fermilab:scientific_linux:qt-examples", "p-cpe:/a:fermilab:scientific_linux:qt-mysql", "p-cpe:/a:fermilab:scientific_linux:qt-odbc", "p-cpe:/a:fermilab:scientific_linux:qt-postgresql", "p-cpe:/a:fermilab:scientific_linux:qt-qdbusviewer", "p-cpe:/a:fermilab:scientific_linux:qt-qvfb", "p-cpe:/a:fermilab:scientific_linux:qt-x11", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20200407_QT_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/135834", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135834);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/24\");\n\n script_cve_id(\"CVE-2018-15518\", \"CVE-2018-19869\", \"CVE-2018-19870\", \"CVE-2018-19871\", \"CVE-2018-19872\", \"CVE-2018-19873\");\n\n script_name(english:\"Scientific Linux Security Update : qt on SL7.x x86_64 (20200407)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"* qt5-qtbase: Double free in QXmlStreamReader * qt: Malformed PPM\nimage causing division by zero and crash in qppmhandler.cpp *\nqt5-qtsvg: Invalid parsing of malformed url reference resulting in a\ndenial of service * qt5-qtbase: QImage allocation failure in\nqgifhandler * qt5-qtimageformats: QTgaFile CPU exhaustion *\nqt5-qtbase: QBmpHandler segmentation fault on malformed BMP file\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2004&L=SCIENTIFIC-LINUX-ERRATA&P=11193\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2394a5e8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt-assistant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt-devel-private\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt-qdbusviewer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt-qvfb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qt-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt-4.8.7-8.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt-assistant-4.8.7-8.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt-config-4.8.7-8.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt-debuginfo-4.8.7-8.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt-demos-4.8.7-8.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt-devel-4.8.7-8.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"qt-devel-private-4.8.7-8.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"qt-doc-4.8.7-8.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt-examples-4.8.7-8.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt-mysql-4.8.7-8.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt-odbc-4.8.7-8.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt-postgresql-4.8.7-8.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt-qdbusviewer-4.8.7-8.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt-qvfb-4.8.7-8.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt-x11-4.8.7-8.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt / qt-assistant / qt-config / qt-debuginfo / qt-demos / qt-devel / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:10:28", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1172 advisory.\n\n - qt5-qtbase: Double free in QXmlStreamReader (CVE-2018-15518)\n\n - qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service (CVE-2018-19869)\n\n - qt5-qtbase: QImage allocation failure in qgifhandler (CVE-2018-19870)\n\n - qt5-qtimageformats: QTgaFile CPU exhaustion (CVE-2018-19871)\n\n - qt: Malformed PPM image causing division by zero and crash in qppmhandler.cpp (CVE-2018-19872)\n\n - qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file (CVE-2018-19873)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-10T00:00:00", "type": "nessus", "title": "CentOS 7 : qt (CESA-2020:1172)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15518", "CVE-2018-19869", "CVE-2018-19870", "CVE-2018-19871", "CVE-2018-19872", "CVE-2018-19873"], "modified": "2020-06-05T00:00:00", "cpe": ["p-cpe:/a:centos:centos:qt", "p-cpe:/a:centos:centos:qt-assistant", "p-cpe:/a:centos:centos:qt-config", "p-cpe:/a:centos:centos:qt-demos", "p-cpe:/a:centos:centos:qt-devel", "p-cpe:/a:centos:centos:qt-devel-private", "p-cpe:/a:centos:centos:qt-doc", "p-cpe:/a:centos:centos:qt-examples", "p-cpe:/a:centos:centos:qt-mysql", "p-cpe:/a:centos:centos:qt-odbc", "p-cpe:/a:centos:centos:qt-postgresql", "p-cpe:/a:centos:centos:qt-qdbusviewer", "p-cpe:/a:centos:centos:qt-qvfb", "p-cpe:/a:centos:centos:qt-x11", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2020-1172.NASL", "href": "https://www.tenable.com/plugins/nessus/135349", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2020:1172 and \n# CentOS Errata and Security Advisory 2020:1172 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135349);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/05\");\n\n script_cve_id(\"CVE-2018-15518\", \"CVE-2018-19869\", \"CVE-2018-19870\", \"CVE-2018-19871\", \"CVE-2018-19872\", \"CVE-2018-19873\");\n script_xref(name:\"RHSA\", value:\"2020:1172\");\n\n script_name(english:\"CentOS 7 : qt (CESA-2020:1172)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:1172 advisory.\n\n - qt5-qtbase: Double free in QXmlStreamReader\n (CVE-2018-15518)\n\n - qt5-qtsvg: Invalid parsing of malformed url reference\n resulting in a denial of service (CVE-2018-19869)\n\n - qt5-qtbase: QImage allocation failure in qgifhandler\n (CVE-2018-19870)\n\n - qt5-qtimageformats: QTgaFile CPU exhaustion\n (CVE-2018-19871)\n\n - qt: Malformed PPM image causing division by zero and\n crash in qppmhandler.cpp (CVE-2018-19872)\n\n - qt5-qtbase: QBmpHandler segmentation fault on malformed\n BMP file (CVE-2018-19873)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2020-April/012582.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?10286b0f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qt packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-19873\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt-assistant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt-devel-private\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt-qdbusviewer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt-qvfb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt-4.8.7-8.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt-assistant-4.8.7-8.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt-config-4.8.7-8.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt-demos-4.8.7-8.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt-devel-4.8.7-8.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt-devel-private-4.8.7-8.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt-doc-4.8.7-8.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt-examples-4.8.7-8.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt-mysql-4.8.7-8.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt-odbc-4.8.7-8.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt-postgresql-4.8.7-8.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt-qdbusviewer-4.8.7-8.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt-qvfb-4.8.7-8.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt-x11-4.8.7-8.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt / qt-assistant / qt-config / qt-demos / qt-devel / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:16:36", "description": "An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp. (CVE-2018-19869)\n\nAn issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault. (CVE-2018-19870)\n\nAn issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp. (CVE-2018-19872)\n\nQXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.\n(CVE-2018-15518)\n\nAn issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data. (CVE-2018-19873)\n\nAn issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption. (CVE-2018-19871)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-20T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : qt (ALAS-2020-1458)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15518", "CVE-2018-19869", "CVE-2018-19870", "CVE-2018-19871", "CVE-2018-19872", "CVE-2018-19873"], "modified": "2020-07-22T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:qt", "p-cpe:/a:amazon:linux:qt-assistant", "p-cpe:/a:amazon:linux:qt-config", "p-cpe:/a:amazon:linux:qt-debuginfo", "p-cpe:/a:amazon:linux:qt-demos", "p-cpe:/a:amazon:linux:qt-devel", "p-cpe:/a:amazon:linux:qt-devel-private", "p-cpe:/a:amazon:linux:qt-doc", "p-cpe:/a:amazon:linux:qt-examples", "p-cpe:/a:amazon:linux:qt-mysql", "p-cpe:/a:amazon:linux:qt-odbc", "p-cpe:/a:amazon:linux:qt-postgresql", "p-cpe:/a:amazon:linux:qt-qdbusviewer", "p-cpe:/a:amazon:linux:qt-qvfb", "p-cpe:/a:amazon:linux:qt-x11", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2020-1458.NASL", "href": "https://www.tenable.com/plugins/nessus/138624", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1458.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138624);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/22\");\n\n script_cve_id(\"CVE-2018-15518\", \"CVE-2018-19869\", \"CVE-2018-19870\", \"CVE-2018-19871\", \"CVE-2018-19872\", \"CVE-2018-19873\");\n script_xref(name:\"ALAS\", value:\"2020-1458\");\n\n script_name(english:\"Amazon Linux 2 : qt (ALAS-2020-1458)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An issue was discovered in Qt before 5.11.3. A malformed SVG image\ncauses a segmentation fault in qsvghandler.cpp. (CVE-2018-19869)\n\nAn issue was discovered in Qt before 5.11.3. A malformed GIF image\ncauses a NULL pointer dereference in QGifHandler resulting in a\nsegmentation fault. (CVE-2018-19870)\n\nAn issue was discovered in Qt 5.11. A malformed PPM image causes a\ndivision by zero and a crash in qppmhandler.cpp. (CVE-2018-19872)\n\nQXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption\nduring parsing of a specially crafted illegal XML document.\n(CVE-2018-15518)\n\nAn issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer\noverflow via BMP data. (CVE-2018-19873)\n\nAn issue was discovered in Qt before 5.11.3. There is QTgaFile\nUncontrolled Resource Consumption. (CVE-2018-19871)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2020-1458.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Run 'yum update qt' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qt-assistant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qt-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qt-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qt-devel-private\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qt-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qt-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qt-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qt-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qt-qdbusviewer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qt-qvfb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qt-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", reference:\"qt-4.8.5-15.amzn2.0.4\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qt-assistant-4.8.5-15.amzn2.0.4\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qt-config-4.8.5-15.amzn2.0.4\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qt-debuginfo-4.8.5-15.amzn2.0.4\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qt-demos-4.8.5-15.amzn2.0.4\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qt-devel-4.8.5-15.amzn2.0.4\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qt-devel-private-4.8.5-15.amzn2.0.4\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qt-doc-4.8.5-15.amzn2.0.4\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qt-examples-4.8.5-15.amzn2.0.4\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qt-mysql-4.8.5-15.amzn2.0.4\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qt-odbc-4.8.5-15.amzn2.0.4\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qt-postgresql-4.8.5-15.amzn2.0.4\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qt-qdbusviewer-4.8.5-15.amzn2.0.4\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qt-qvfb-4.8.5-15.amzn2.0.4\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qt-x11-4.8.5-15.amzn2.0.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt / qt-assistant / qt-config / qt-debuginfo / qt-demos / qt-devel / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:10:29", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has qt packages installed that are affected by multiple vulnerabilities:\n\n - An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp. (CVE-2018-19872)\n\n - An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault. (CVE-2018-19870)\n\n - An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.\n (CVE-2018-19873)\n\n - An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.\n (CVE-2018-19871)\n\n - QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. (CVE-2018-15518)\n\n - An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp. (CVE-2018-19869)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : qt Multiple Vulnerabilities (NS-SA-2020-0062)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15518", "CVE-2018-19869", "CVE-2018-19870", "CVE-2018-19871", "CVE-2018-19872", "CVE-2018-19873"], "modified": "2020-12-10T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2020-0062_QT.NASL", "href": "https://www.tenable.com/plugins/nessus/143909", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2020-0062. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143909);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/10\");\n\n script_cve_id(\n \"CVE-2018-15518\",\n \"CVE-2018-19869\",\n \"CVE-2018-19870\",\n \"CVE-2018-19871\",\n \"CVE-2018-19872\",\n \"CVE-2018-19873\"\n );\n script_bugtraq_id(106286, 106327, 106338);\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : qt Multiple Vulnerabilities (NS-SA-2020-0062)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has qt packages installed that are affected by\nmultiple vulnerabilities:\n\n - An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in\n qppmhandler.cpp. (CVE-2018-19872)\n\n - An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in\n QGifHandler resulting in a segmentation fault. (CVE-2018-19870)\n\n - An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.\n (CVE-2018-19873)\n\n - An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.\n (CVE-2018-19871)\n\n - QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted\n illegal XML document. (CVE-2018-15518)\n\n - An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in\n qsvghandler.cpp. (CVE-2018-19869)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2020-0062\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL qt packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-19873\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.04': [\n 'qt-4.8.7-8.el7',\n 'qt-assistant-4.8.7-8.el7',\n 'qt-config-4.8.7-8.el7',\n 'qt-debuginfo-4.8.7-8.el7',\n 'qt-demos-4.8.7-8.el7',\n 'qt-devel-4.8.7-8.el7',\n 'qt-devel-private-4.8.7-8.el7',\n 'qt-doc-4.8.7-8.el7',\n 'qt-examples-4.8.7-8.el7',\n 'qt-mysql-4.8.7-8.el7',\n 'qt-odbc-4.8.7-8.el7',\n 'qt-postgresql-4.8.7-8.el7',\n 'qt-qdbusviewer-4.8.7-8.el7',\n 'qt-qvfb-4.8.7-8.el7',\n 'qt-x11-4.8.7-8.el7'\n ],\n 'CGSL MAIN 5.04': [\n 'qt-4.8.7-8.el7',\n 'qt-assistant-4.8.7-8.el7',\n 'qt-config-4.8.7-8.el7',\n 'qt-debuginfo-4.8.7-8.el7',\n 'qt-demos-4.8.7-8.el7',\n 'qt-devel-4.8.7-8.el7',\n 'qt-devel-private-4.8.7-8.el7',\n 'qt-doc-4.8.7-8.el7',\n 'qt-examples-4.8.7-8.el7',\n 'qt-mysql-4.8.7-8.el7',\n 'qt-odbc-4.8.7-8.el7',\n 'qt-postgresql-4.8.7-8.el7',\n 'qt-qdbusviewer-4.8.7-8.el7',\n 'qt-qvfb-4.8.7-8.el7',\n 'qt-x11-4.8.7-8.el7'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'qt');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:10:13", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has qt packages installed that are affected by multiple vulnerabilities:\n\n - An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp. (CVE-2018-19872)\n\n - An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault. (CVE-2018-19870)\n\n - An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.\n (CVE-2018-19873)\n\n - An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.\n (CVE-2018-19871)\n\n - QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. (CVE-2018-15518)\n\n - An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp. (CVE-2018-19869)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : qt Multiple Vulnerabilities (NS-SA-2020-0092)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15518", "CVE-2018-19869", "CVE-2018-19870", "CVE-2018-19871", "CVE-2018-19872", "CVE-2018-19873"], "modified": "2020-12-10T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2020-0092_QT.NASL", "href": "https://www.tenable.com/plugins/nessus/143935", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2020-0092. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143935);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/10\");\n\n script_cve_id(\n \"CVE-2018-15518\",\n \"CVE-2018-19869\",\n \"CVE-2018-19870\",\n \"CVE-2018-19871\",\n \"CVE-2018-19872\",\n \"CVE-2018-19873\"\n );\n script_bugtraq_id(106286, 106327, 106338);\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : qt Multiple Vulnerabilities (NS-SA-2020-0092)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has qt packages installed that are affected by\nmultiple vulnerabilities:\n\n - An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in\n qppmhandler.cpp. (CVE-2018-19872)\n\n - An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in\n QGifHandler resulting in a segmentation fault. (CVE-2018-19870)\n\n - An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.\n (CVE-2018-19873)\n\n - An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.\n (CVE-2018-19871)\n\n - QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted\n illegal XML document. (CVE-2018-15518)\n\n - An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in\n qsvghandler.cpp. (CVE-2018-19869)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2020-0092\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL qt packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-19873\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.05': [\n 'qt-4.8.7-8.el7',\n 'qt-assistant-4.8.7-8.el7',\n 'qt-config-4.8.7-8.el7',\n 'qt-debuginfo-4.8.7-8.el7',\n 'qt-demos-4.8.7-8.el7',\n 'qt-devel-4.8.7-8.el7',\n 'qt-devel-private-4.8.7-8.el7',\n 'qt-doc-4.8.7-8.el7',\n 'qt-examples-4.8.7-8.el7',\n 'qt-mysql-4.8.7-8.el7',\n 'qt-odbc-4.8.7-8.el7',\n 'qt-postgresql-4.8.7-8.el7',\n 'qt-qdbusviewer-4.8.7-8.el7',\n 'qt-qvfb-4.8.7-8.el7',\n 'qt-x11-4.8.7-8.el7'\n ],\n 'CGSL MAIN 5.05': [\n 'qt-4.8.7-8.el7',\n 'qt-assistant-4.8.7-8.el7',\n 'qt-config-4.8.7-8.el7',\n 'qt-debuginfo-4.8.7-8.el7',\n 'qt-demos-4.8.7-8.el7',\n 'qt-devel-4.8.7-8.el7',\n 'qt-devel-private-4.8.7-8.el7',\n 'qt-doc-4.8.7-8.el7',\n 'qt-examples-4.8.7-8.el7',\n 'qt-mysql-4.8.7-8.el7',\n 'qt-odbc-4.8.7-8.el7',\n 'qt-postgresql-4.8.7-8.el7',\n 'qt-qdbusviewer-4.8.7-8.el7',\n 'qt-qvfb-4.8.7-8.el7',\n 'qt-x11-4.8.7-8.el7'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'qt');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-26T14:35:21", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1172 advisory.\n\n - qt5-qtbase: Double free in QXmlStreamReader (CVE-2018-15518)\n\n - qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service (CVE-2018-19869)\n\n - qt5-qtbase: QImage allocation failure in qgifhandler (CVE-2018-19870)\n\n - qt5-qtimageformats: QTgaFile CPU exhaustion (CVE-2018-19871)\n\n - qt: Malformed PPM image causing division by zero and crash in qppmhandler.cpp (CVE-2018-19872)\n\n - qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file (CVE-2018-19873)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-31T00:00:00", "type": "nessus", "title": "RHEL 7 : qt (RHSA-2020:1172)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15518", "CVE-2018-19869", "CVE-2018-19870", "CVE-2018-19871", "CVE-2018-19872", "CVE-2018-19873"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt-mysql:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt-config:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt-odbc:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt-postgresql:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt-demos:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt-doc:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt-examples:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt-x11:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt-assistant:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt-devel-private:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt-qdbusviewer:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt-qvfb:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2020-1172.NASL", "href": "https://www.tenable.com/plugins/nessus/135039", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1172. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135039);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2018-15518\",\n \"CVE-2018-19869\",\n \"CVE-2018-19870\",\n \"CVE-2018-19871\",\n \"CVE-2018-19872\",\n \"CVE-2018-19873\"\n );\n script_bugtraq_id(106286, 106327, 106338);\n script_xref(name:\"RHSA\", value:\"2020:1172\");\n\n script_name(english:\"RHEL 7 : qt (RHSA-2020:1172)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:1172 advisory.\n\n - qt5-qtbase: Double free in QXmlStreamReader (CVE-2018-15518)\n\n - qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service (CVE-2018-19869)\n\n - qt5-qtbase: QImage allocation failure in qgifhandler (CVE-2018-19870)\n\n - qt5-qtimageformats: QTgaFile CPU exhaustion (CVE-2018-19871)\n\n - qt: Malformed PPM image causing division by zero and crash in qppmhandler.cpp (CVE-2018-19872)\n\n - qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file (CVE-2018-19873)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-15518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-19869\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-19870\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-19871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-19872\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-19873\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1172\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1658996\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1658998\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1659000\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1661460\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1661465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1691636\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-19873\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 369, 400, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt-assistant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt-devel-private\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt-qdbusviewer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt-qvfb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt-x11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/os',\n 'content/fastrack/rhel/system-z/7/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/os',\n 'content/fastrack/rhel/system-z/7/s390x/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'qt-4.8.7-8.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'qt-assistant-4.8.7-8.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'qt-assistant-4.8.7-8.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'qt-config-4.8.7-8.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'qt-config-4.8.7-8.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'qt-demos-4.8.7-8.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'qt-demos-4.8.7-8.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'qt-devel-4.8.7-8.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'qt-devel-private-4.8.7-8.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'qt-doc-4.8.7-8.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'qt-examples-4.8.7-8.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'qt-examples-4.8.7-8.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'qt-mysql-4.8.7-8.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'qt-odbc-4.8.7-8.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'qt-postgresql-4.8.7-8.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'qt-qdbusviewer-4.8.7-8.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'qt-qdbusviewer-4.8.7-8.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'qt-qvfb-4.8.7-8.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'qt-qvfb-4.8.7-8.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'qt-x11-4.8.7-8.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'qt / qt-assistant / qt-config / qt-demos / qt-devel / qt-devel-private / etc');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:19:38", "description": "Several vulnerabilities were fixed in qt4-x11, the legacy version of the Qt toolkit.\n\nCVE-2018-15518\n\nDouble-free or corruption in QXmlStreamReader during parsing of a specially crafted illegal XML document.\n\nCVE-2018-19869\n\nA malformed SVG image causes a segmentation fault.\n\nCVE-2018-19870\n\nA malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.\n\nCVE-2018-19871\n\nUncontrolled Resource Consumption in QTgaFile.\n\nCVE-2018-19872\n\nA malformed PPM image causes a crash.\n\nCVE-2018-19873\n\nQBmpHandler segfault on malformed BMP file.\n\nCVE-2020-17507\n\nBuffer over-read in the XBM parser.\n\nFor Debian 9 stretch, these problems have been fixed in version 4:4.8.7+dfsg-11+deb9u1.\n\nWe recommend that you upgrade your qt4-x11 packages.\n\nFor the detailed security status of qt4-x11 please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/qt4-x11\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-09-29T00:00:00", "type": "nessus", "title": "Debian DLA-2377-1 : qt4-x11 security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15518", "CVE-2018-19869", "CVE-2018-19870", "CVE-2018-19871", "CVE-2018-19872", "CVE-2018-19873", "CVE-2020-17507"], "modified": "2020-10-05T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libqt4-dbg", "p-cpe:/a:debian:debian_linux:libqt4-dbus", "p-cpe:/a:debian:debian_linux:libqt4-declarative", "p-cpe:/a:debian:debian_linux:libqt4-declarative-folderlistmodel", "p-cpe:/a:debian:debian_linux:libqt4-declarative-gestures", "p-cpe:/a:debian:debian_linux:libqt4-declarative-particles", "p-cpe:/a:debian:debian_linux:libqt4-declarative-shaders", "p-cpe:/a:debian:debian_linux:libqt4-designer", "p-cpe:/a:debian:debian_linux:libqt4-designer-dbg", "p-cpe:/a:debian:debian_linux:libqt4-dev", "p-cpe:/a:debian:debian_linux:libqt4-dev-bin", "p-cpe:/a:debian:debian_linux:libqt4-help", "p-cpe:/a:debian:debian_linux:libqt4-network", "p-cpe:/a:debian:debian_linux:libqt4-opengl", "p-cpe:/a:debian:debian_linux:libqt4-opengl-dev", "p-cpe:/a:debian:debian_linux:libqt4-phonon", "p-cpe:/a:debian:debian_linux:libqt4-qt3support", "p-cpe:/a:debian:debian_linux:libqt4-qt3support-dbg", "p-cpe:/a:debian:debian_linux:libqt4-script", "p-cpe:/a:debian:debian_linux:libqt4-script-dbg", "p-cpe:/a:debian:debian_linux:libqt4-scripttools", "p-cpe:/a:debian:debian_linux:libqt4-sql", "p-cpe:/a:debian:debian_linux:libqt4-sql-ibase", "p-cpe:/a:debian:debian_linux:libqt4-sql-mysql", "p-cpe:/a:debian:debian_linux:libqt4-sql-odbc", "p-cpe:/a:debian:debian_linux:libqt4-sql-psql", "p-cpe:/a:debian:debian_linux:libqt4-sql-sqlite", "p-cpe:/a:debian:debian_linux:libqt4-sql-sqlite2", "p-cpe:/a:debian:debian_linux:libqt4-sql-tds", "p-cpe:/a:debian:debian_linux:libqt4-svg", "p-cpe:/a:debian:debian_linux:libqt4-test", "p-cpe:/a:debian:debian_linux:libqt4-xml", "p-cpe:/a:debian:debian_linux:libqt4-xmlpatterns", "p-cpe:/a:debian:debian_linux:libqt4-xmlpatterns-dbg", "p-cpe:/a:debian:debian_linux:libqtcore4", "p-cpe:/a:debian:debian_linux:libqtdbus4", "p-cpe:/a:debian:debian_linux:libqtgui4", "p-cpe:/a:debian:debian_linux:qdbus", "p-cpe:/a:debian:debian_linux:qt4-bin-dbg", "p-cpe:/a:debian:debian_linux:qt4-default", "p-cpe:/a:debian:debian_linux:qt4-demos", "p-cpe:/a:debian:debian_linux:qt4-demos-dbg", "p-cpe:/a:debian:debian_linux:qt4-designer", "p-cpe:/a:debian:debian_linux:qt4-dev-tools", "p-cpe:/a:debian:debian_linux:qt4-doc", "p-cpe:/a:debian:debian_linux:qt4-doc-html", "p-cpe:/a:debian:debian_linux:qt4-linguist-tools", "p-cpe:/a:debian:debian_linux:qt4-qmake", "p-cpe:/a:debian:debian_linux:qt4-qmlviewer", "p-cpe:/a:debian:debian_linux:qt4-qtconfig", "p-cpe:/a:debian:debian_linux:qtcore4-l10n", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2377.NASL", "href": "https://www.tenable.com/plugins/nessus/140932", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2377-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(140932);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/05\");\n\n script_cve_id(\"CVE-2018-15518\", \"CVE-2018-19869\", \"CVE-2018-19870\", \"CVE-2018-19871\", \"CVE-2018-19872\", \"CVE-2018-19873\", \"CVE-2020-17507\");\n\n script_name(english:\"Debian DLA-2377-1 : qt4-x11 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities were fixed in qt4-x11, the legacy version of\nthe Qt toolkit.\n\nCVE-2018-15518\n\nDouble-free or corruption in QXmlStreamReader during parsing of a\nspecially crafted illegal XML document.\n\nCVE-2018-19869\n\nA malformed SVG image causes a segmentation fault.\n\nCVE-2018-19870\n\nA malformed GIF image causes a NULL pointer dereference in QGifHandler\nresulting in a segmentation fault.\n\nCVE-2018-19871\n\nUncontrolled Resource Consumption in QTgaFile.\n\nCVE-2018-19872\n\nA malformed PPM image causes a crash.\n\nCVE-2018-19873\n\nQBmpHandler segfault on malformed BMP file.\n\nCVE-2020-17507\n\nBuffer over-read in the XBM parser.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4:4.8.7+dfsg-11+deb9u1.\n\nWe recommend that you upgrade your qt4-x11 packages.\n\nFor the detailed security status of qt4-x11 please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/qt4-x11\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/qt4-x11\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/qt4-x11\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-dbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-declarative\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-declarative-folderlistmodel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-declarative-gestures\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-declarative-particles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-declarative-shaders\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-designer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-designer-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-dev-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-help\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-opengl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-opengl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-phonon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-qt3support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-qt3support-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-script\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-script-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-scripttools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-sql-ibase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-sql-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-sql-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-sql-psql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-sql-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-sql-sqlite2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-sql-tds\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-svg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-xmlpatterns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-xmlpatterns-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqtcore4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqtdbus4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqtgui4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qdbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt4-bin-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt4-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt4-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt4-demos-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt4-designer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt4-dev-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt4-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt4-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt4-linguist-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt4-qmake\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt4-qmlviewer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt4-qtconfig\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qtcore4-l10n\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"libqt4-dbg\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt4-dbus\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt4-declarative\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt4-declarative-folderlistmodel\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt4-declarative-gestures\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt4-declarative-particles\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt4-declarative-shaders\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt4-designer\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt4-designer-dbg\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt4-dev\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt4-dev-bin\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt4-help\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt4-network\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt4-opengl\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt4-opengl-dev\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt4-phonon\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt4-qt3support\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt4-qt3support-dbg\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt4-script\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt4-script-dbg\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt4-scripttools\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt4-sql\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt4-sql-ibase\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt4-sql-mysql\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt4-sql-odbc\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt4-sql-psql\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt4-sql-sqlite\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt4-sql-sqlite2\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt4-sql-tds\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt4-svg\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt4-test\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt4-xml\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt4-xmlpatterns\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt4-xmlpatterns-dbg\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqtcore4\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqtdbus4\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqtgui4\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qdbus\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qt4-bin-dbg\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qt4-default\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qt4-demos\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qt4-demos-dbg\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qt4-designer\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qt4-dev-tools\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qt4-doc\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qt4-doc-html\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qt4-linguist-tools\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qt4-qmake\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qt4-qmlviewer\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qt4-qtconfig\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qtcore4-l10n\", reference:\"4:4.8.7+dfsg-11+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:46:05", "description": "Update to mingw-qt5-*-5.11.3, see http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-securit y-updates/ for details. Update to mingw-sip-4.19.13, see https://www.riverbankcomputing.com/static/Downloads/sip/ChangeLog for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-01-30T00:00:00", "type": "nessus", "title": "Fedora 29 : mingw-python-qt5 / mingw-qt5-qt3d / mingw-qt5-qtactiveqt / etc (2019-3c45bd2cc3)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15518", "CVE-2018-19869", "CVE-2018-19871"], "modified": "2020-02-20T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw-python-qt5", "p-cpe:/a:fedoraproject:fedora:mingw-qt5-qt3d", "p-cpe:/a:fedoraproject:fedora:mingw-qt5-qtactiveqt", "p-cpe:/a:fedoraproject:fedora:mingw-qt5-qtbase", "p-cpe:/a:fedoraproject:fedora:mingw-qt5-qtcharts", "p-cpe:/a:fedoraproject:fedora:mingw-qt5-qtdeclarative", "p-cpe:/a:fedoraproject:fedora:mingw-qt5-qtgraphicaleffects", "p-cpe:/a:fedoraproject:fedora:mingw-qt5-qtimageformats", "p-cpe:/a:fedoraproject:fedora:mingw-qt5-qtlocation", "p-cpe:/a:fedoraproject:fedora:mingw-qt5-qtmultimedia", "p-cpe:/a:fedoraproject:fedora:mingw-qt5-qtquickcontrols", "p-cpe:/a:fedoraproject:fedora:mingw-qt5-qtscript", "p-cpe:/a:fedoraproject:fedora:mingw-qt5-qtsensors", "p-cpe:/a:fedoraproject:fedora:mingw-qt5-qtserialport", "p-cpe:/a:fedoraproject:fedora:mingw-qt5-qtsvg", "p-cpe:/a:fedoraproject:fedora:mingw-qt5-qttools", "p-cpe:/a:fedoraproject:fedora:mingw-qt5-qttranslations", "p-cpe:/a:fedoraproject:fedora:mingw-qt5-qtwebkit", "p-cpe:/a:fedoraproject:fedora:mingw-qt5-qtwebsockets", "p-cpe:/a:fedoraproject:fedora:mingw-qt5-qtwinextras", "p-cpe:/a:fedoraproject:fedora:mingw-qt5-qtxmlpatterns", "p-cpe:/a:fedoraproject:fedora:mingw-sip", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2019-3C45BD2CC3.NASL", "href": "https://www.tenable.com/plugins/nessus/121444", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-3c45bd2cc3.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121444);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/20\");\n\n script_cve_id(\"CVE-2018-15518\", \"CVE-2018-19869\", \"CVE-2018-19871\");\n script_xref(name:\"FEDORA\", value:\"2019-3c45bd2cc3\");\n\n script_name(english:\"Fedora 29 : mingw-python-qt5 / mingw-qt5-qt3d / mingw-qt5-qtactiveqt / etc (2019-3c45bd2cc3)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to mingw-qt5-*-5.11.3, see\nhttp://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-securit\ny-updates/ for details. Update to mingw-sip-4.19.13, see\nhttps://www.riverbankcomputing.com/static/Downloads/sip/ChangeLog for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n # http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?98ae98d6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-3c45bd2cc3\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.riverbankcomputing.com/static/Downloads/sip/ChangeLog\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-python-qt5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-qt5-qt3d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-qt5-qtactiveqt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-qt5-qtbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-qt5-qtcharts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-qt5-qtdeclarative\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-qt5-qtgraphicaleffects\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-qt5-qtimageformats\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-qt5-qtlocation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-qt5-qtmultimedia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-qt5-qtquickcontrols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-qt5-qtscript\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-qt5-qtsensors\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-qt5-qtserialport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-qt5-qtsvg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-qt5-qttools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-qt5-qttranslations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-qt5-qtwebkit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-qt5-qtwebsockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-qt5-qtwinextras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-qt5-qtxmlpatterns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-sip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"mingw-python-qt5-5.11.3-2.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"mingw-qt5-qt3d-5.11.3-1.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"mingw-qt5-qtactiveqt-5.11.3-1.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"mingw-qt5-qtbase-5.11.3-1.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"mingw-qt5-qtcharts-5.11.3-1.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"mingw-qt5-qtdeclarative-5.11.3-1.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"mingw-qt5-qtgraphicaleffects-5.11.3-1.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"mingw-qt5-qtimageformats-5.11.3-1.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"mingw-qt5-qtlocation-5.11.3-1.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"mingw-qt5-qtmultimedia-5.11.3-1.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"mingw-qt5-qtquickcontrols-5.11.3-1.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"mingw-qt5-qtscript-5.11.3-1.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"mingw-qt5-qtsensors-5.11.3-1.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"mingw-qt5-qtserialport-5.11.3-1.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"mingw-qt5-qtsvg-5.11.3-1.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"mingw-qt5-qttools-5.11.3-1.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"mingw-qt5-qttranslations-5.11.3-1.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"mingw-qt5-qtwebkit-5.9.4-0.8.gitbd0657f.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"mingw-qt5-qtwebsockets-5.11.3-1.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"mingw-qt5-qtwinextras-5.11.3-1.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"mingw-qt5-qtxmlpatterns-5.11.3-1.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"mingw-sip-4.19.13-2.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-python-qt5 / mingw-qt5-qt3d / mingw-qt5-qtactiveqt / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:37:33", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:3390 advisory.\n\n - qt5-qtbase: Double free in QXmlStreamReader (CVE-2018-15518)\n\n - qt5-qtbase: QImage allocation failure in qgifhandler (CVE-2018-19870)\n\n - qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file (CVE-2018-19873)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-29T00:00:00", "type": "nessus", "title": "CentOS 8 : qt5-qtbase (CESA-2019:3390)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15518", "CVE-2018-19870", "CVE-2018-19873"], "modified": "2021-03-23T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:qt5-assistant", "p-cpe:/a:centos:centos:qt5-designer", "p-cpe:/a:centos:centos:qt5-doctools", "p-cpe:/a:centos:centos:qt5-linguist", "p-cpe:/a:centos:centos:qt5-qdbusviewer", "p-cpe:/a:centos:centos:qt5-qtbase", "p-cpe:/a:centos:centos:qt5-qtbase-common", "p-cpe:/a:centos:centos:qt5-qtbase-devel", "p-cpe:/a:centos:centos:qt5-qtbase-examples", "p-cpe:/a:centos:centos:qt5-qtbase-gui", "p-cpe:/a:centos:centos:qt5-qtbase-mysql", "p-cpe:/a:centos:centos:qt5-qtbase-odbc", "p-cpe:/a:centos:centos:qt5-qtbase-postgresql", "p-cpe:/a:centos:centos:qt5-qtbase-static", "p-cpe:/a:centos:centos:qt5-qttools", "p-cpe:/a:centos:centos:qt5-qttools-common", "p-cpe:/a:centos:centos:qt5-qttools-devel", "p-cpe:/a:centos:centos:qt5-qttools-examples", "p-cpe:/a:centos:centos:qt5-qttools-libs-designer", "p-cpe:/a:centos:centos:qt5-qttools-libs-designercomponents", "p-cpe:/a:centos:centos:qt5-qttools-libs-help", "p-cpe:/a:centos:centos:qt5-qttools-static"], "id": "CENTOS8_RHSA-2019-3390.NASL", "href": "https://www.tenable.com/plugins/nessus/145624", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2019:3390. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145624);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/23\");\n\n script_cve_id(\"CVE-2018-15518\", \"CVE-2018-19870\", \"CVE-2018-19873\");\n script_bugtraq_id(106286, 106327);\n script_xref(name:\"RHSA\", value:\"2019:3390\");\n\n script_name(english:\"CentOS 8 : qt5-qtbase (CESA-2019:3390)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2019:3390 advisory.\n\n - qt5-qtbase: Double free in QXmlStreamReader (CVE-2018-15518)\n\n - qt5-qtbase: QImage allocation failure in qgifhandler (CVE-2018-19870)\n\n - qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file (CVE-2018-19873)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:3390\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-19873\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-assistant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-designer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-doctools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-linguist\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qdbusviewer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtbase-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtbase-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtbase-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtbase-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtbase-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtbase-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtbase-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtbase-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qttools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qttools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qttools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qttools-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qttools-libs-designer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qttools-libs-designercomponents\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qttools-libs-help\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qttools-static\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'qt5-assistant-5.11.1-9.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-assistant-5.11.1-9.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-designer-5.11.1-9.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-designer-5.11.1-9.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-doctools-5.11.1-9.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-doctools-5.11.1-9.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-linguist-5.11.1-9.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-linguist-5.11.1-9.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qdbusviewer-5.11.1-9.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qdbusviewer-5.11.1-9.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-5.11.1-7.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-5.11.1-7.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-common-5.11.1-7.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-common-5.11.1-7.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-devel-5.11.1-7.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-devel-5.11.1-7.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-examples-5.11.1-7.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-examples-5.11.1-7.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-gui-5.11.1-7.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-gui-5.11.1-7.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-mysql-5.11.1-7.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-mysql-5.11.1-7.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-odbc-5.11.1-7.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-odbc-5.11.1-7.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-postgresql-5.11.1-7.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-postgresql-5.11.1-7.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-static-5.11.1-7.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-static-5.11.1-7.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-5.11.1-9.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-5.11.1-9.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-common-5.11.1-9.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-common-5.11.1-9.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-devel-5.11.1-9.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-devel-5.11.1-9.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-examples-5.11.1-9.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-examples-5.11.1-9.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-libs-designer-5.11.1-9.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-libs-designer-5.11.1-9.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-libs-designercomponents-5.11.1-9.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-libs-designercomponents-5.11.1-9.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-libs-help-5.11.1-9.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-libs-help-5.11.1-9.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-static-5.11.1-9.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-static-5.11.1-9.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'qt5-assistant / qt5-designer / qt5-doctools / qt5-linguist / etc');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:47:09", "description": "Multiple issues were fixed in Qt.\n\nCVE-2018-15518 A double-free or corruption during parsing of a specially crafted illegal XML document.\n\nCVE-2018-19870 A malformed GIF image might have caused a NULL pointer dereference in QGifHandler resulting in a segmentation fault.\n\nCVE-2018-19873 QBmpHandler had a buffer overflow via BMP data.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 5.3.2+dfsg-4+deb8u3.\n\nWe recommend that you upgrade your qtbase-opensource-src packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-01-07T00:00:00", "type": "nessus", "title": "Debian DLA-1627-1 : qtbase-opensource-src security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15518", "CVE-2018-19870", "CVE-2018-19873"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libqt5concurrent5", "p-cpe:/a:debian:debian_linux:libqt5core5a", "p-cpe:/a:debian:debian_linux:libqt5dbus5", "p-cpe:/a:debian:debian_linux:libqt5gui5", "p-cpe:/a:debian:debian_linux:libqt5network5", "p-cpe:/a:debian:debian_linux:libqt5opengl5", "p-cpe:/a:debian:debian_linux:libqt5opengl5-dev", "p-cpe:/a:debian:debian_linux:libqt5printsupport5", "p-cpe:/a:debian:debian_linux:libqt5sql5", "p-cpe:/a:debian:debian_linux:libqt5sql5-mysql", "p-cpe:/a:debian:debian_linux:libqt5sql5-odbc", "p-cpe:/a:debian:debian_linux:libqt5sql5-psql", "p-cpe:/a:debian:debian_linux:libqt5sql5-sqlite", "p-cpe:/a:debian:debian_linux:libqt5sql5-tds", "p-cpe:/a:debian:debian_linux:libqt5test5", "p-cpe:/a:debian:debian_linux:libqt5widgets5", "p-cpe:/a:debian:debian_linux:libqt5xml5", "p-cpe:/a:debian:debian_linux:qt5-default", "p-cpe:/a:debian:debian_linux:qt5-qmake", "p-cpe:/a:debian:debian_linux:qtbase5-dbg", "p-cpe:/a:debian:debian_linux:qtbase5-dev", "p-cpe:/a:debian:debian_linux:qtbase5-dev-tools", "p-cpe:/a:debian:debian_linux:qtbase5-dev-tools-dbg", "p-cpe:/a:debian:debian_linux:qtbase5-doc-html", "p-cpe:/a:debian:debian_linux:qtbase5-examples", "p-cpe:/a:debian:debian_linux:qtbase5-examples-dbg", "p-cpe:/a:debian:debian_linux:qtbase5-private-dev", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1627.NASL", "href": "https://www.tenable.com/plugins/nessus/120960", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1627-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120960);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-15518\", \"CVE-2018-19870\", \"CVE-2018-19873\");\n\n script_name(english:\"Debian DLA-1627-1 : qtbase-opensource-src security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple issues were fixed in Qt.\n\nCVE-2018-15518 A double-free or corruption during parsing of a\nspecially crafted illegal XML document.\n\nCVE-2018-19870 A malformed GIF image might have caused a NULL pointer\ndereference in QGifHandler resulting in a segmentation fault.\n\nCVE-2018-19873 QBmpHandler had a buffer overflow via BMP data.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n5.3.2+dfsg-4+deb8u3.\n\nWe recommend that you upgrade your qtbase-opensource-src packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/qtbase-opensource-src\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt5concurrent5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt5core5a\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt5dbus5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt5gui5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt5network5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt5opengl5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt5opengl5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt5printsupport5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt5sql5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt5sql5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt5sql5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt5sql5-psql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt5sql5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt5sql5-tds\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt5test5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt5widgets5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt5xml5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt5-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt5-qmake\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qtbase5-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qtbase5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qtbase5-dev-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qtbase5-dev-tools-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qtbase5-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qtbase5-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qtbase5-examples-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qtbase5-private-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libqt5concurrent5\", reference:\"5.3.2+dfsg-4+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt5core5a\", reference:\"5.3.2+dfsg-4+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt5dbus5\", reference:\"5.3.2+dfsg-4+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt5gui5\", reference:\"5.3.2+dfsg-4+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt5network5\", reference:\"5.3.2+dfsg-4+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt5opengl5\", reference:\"5.3.2+dfsg-4+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt5opengl5-dev\", reference:\"5.3.2+dfsg-4+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt5printsupport5\", reference:\"5.3.2+dfsg-4+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt5sql5\", reference:\"5.3.2+dfsg-4+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt5sql5-mysql\", reference:\"5.3.2+dfsg-4+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt5sql5-odbc\", reference:\"5.3.2+dfsg-4+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt5sql5-psql\", reference:\"5.3.2+dfsg-4+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt5sql5-sqlite\", reference:\"5.3.2+dfsg-4+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt5sql5-tds\", reference:\"5.3.2+dfsg-4+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt5test5\", reference:\"5.3.2+dfsg-4+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt5widgets5\", reference:\"5.3.2+dfsg-4+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libqt5xml5\", reference:\"5.3.2+dfsg-4+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qt5-default\", reference:\"5.3.2+dfsg-4+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qt5-qmake\", reference:\"5.3.2+dfsg-4+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qtbase5-dbg\", reference:\"5.3.2+dfsg-4+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qtbase5-dev\", reference:\"5.3.2+dfsg-4+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qtbase5-dev-tools\", reference:\"5.3.2+dfsg-4+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qtbase5-dev-tools-dbg\", reference:\"5.3.2+dfsg-4+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qtbase5-doc-html\", reference:\"5.3.2+dfsg-4+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qtbase5-examples\", reference:\"5.3.2+dfsg-4+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qtbase5-examples-dbg\", reference:\"5.3.2+dfsg-4+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qtbase5-private-dev\", reference:\"5.3.2+dfsg-4+deb8u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:45:31", "description": "Several issues were discovered in qtbase-opensource-src, a cross-platform C++ application framework, which could lead to denial-of-service via application crash. Additionally, this update fixes a problem affecting vlc, where it would start without a GUI.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-01-29T00:00:00", "type": "nessus", "title": "Debian DSA-4374-1 : qtbase-opensource-src - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15518", "CVE-2018-19870", "CVE-2018-19873"], "modified": "2020-02-20T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:qtbase-opensource-src", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4374.NASL", "href": "https://www.tenable.com/plugins/nessus/121426", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4374. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121426);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/20\");\n\n script_cve_id(\"CVE-2018-15518\", \"CVE-2018-19870\", \"CVE-2018-19873\");\n script_xref(name:\"DSA\", value:\"4374\");\n\n script_name(english:\"Debian DSA-4374-1 : qtbase-opensource-src - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues were discovered in qtbase-opensource-src, a\ncross-platform C++ application framework, which could lead to\ndenial-of-service via application crash. Additionally, this update\nfixes a problem affecting vlc, where it would start without a GUI.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907139\"\n );\n # https://security-tracker.debian.org/tracker/source-package/qtbase-opensource-src\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?daec893f\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/qtbase-opensource-src\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2019/dsa-4374\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the qtbase-opensource-src packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 5.7.1+dfsg-3+deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qtbase-opensource-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"libqt5concurrent5\", reference:\"5.7.1+dfsg-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt5core5a\", reference:\"5.7.1+dfsg-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt5dbus5\", reference:\"5.7.1+dfsg-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt5gui5\", reference:\"5.7.1+dfsg-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt5network5\", reference:\"5.7.1+dfsg-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt5opengl5\", reference:\"5.7.1+dfsg-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt5opengl5-dev\", reference:\"5.7.1+dfsg-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt5printsupport5\", reference:\"5.7.1+dfsg-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt5sql5\", reference:\"5.7.1+dfsg-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt5sql5-ibase\", reference:\"5.7.1+dfsg-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt5sql5-mysql\", reference:\"5.7.1+dfsg-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt5sql5-odbc\", reference:\"5.7.1+dfsg-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt5sql5-psql\", reference:\"5.7.1+dfsg-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt5sql5-sqlite\", reference:\"5.7.1+dfsg-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt5sql5-tds\", reference:\"5.7.1+dfsg-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt5test5\", reference:\"5.7.1+dfsg-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt5widgets5\", reference:\"5.7.1+dfsg-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libqt5xml5\", reference:\"5.7.1+dfsg-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qt5-default\", reference:\"5.7.1+dfsg-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qt5-gtk-platformtheme\", reference:\"5.7.1+dfsg-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qt5-qmake\", reference:\"5.7.1+dfsg-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qtbase5-dev\", reference:\"5.7.1+dfsg-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qtbase5-dev-tools\", reference:\"5.7.1+dfsg-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qtbase5-doc\", reference:\"5.7.1+dfsg-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qtbase5-doc-html\", reference:\"5.7.1+dfsg-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qtbase5-examples\", reference:\"5.7.1+dfsg-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qtbase5-private-dev\", reference:\"5.7.1+dfsg-3+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:32:35", "description": "An update for qt5-qtbase is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nQt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt.\n\nSecurity Fix(es) :\n\n* qt5-qtbase: Double free in QXmlStreamReader (CVE-2018-15518)\n\n* qt5-qtbase: QImage allocation failure in qgifhandler (CVE-2018-19870)\n\n* qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file (CVE-2018-19873)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-11-06T00:00:00", "type": "nessus", "title": "RHEL 8 : qt5-qtbase (RHSA-2019:3390)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15518", "CVE-2018-19870", "CVE-2018-19873"], "modified": "2019-12-17T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:qt5-assistant", "p-cpe:/a:redhat:enterprise_linux:qt5-assistant-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qt5-designer", "p-cpe:/a:redhat:enterprise_linux:qt5-designer-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qt5-doctools", "p-cpe:/a:redhat:enterprise_linux:qt5-doctools-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qt5-linguist", "p-cpe:/a:redhat:enterprise_linux:qt5-linguist-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qt5-qdbusviewer", "p-cpe:/a:redhat:enterprise_linux:qt5-qdbusviewer-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qt5-qtbase", "p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-common", "p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-debugsource", "p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-devel", "p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-devel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-examples", "p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-examples-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-gui", "p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-gui-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-mysql", "p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-mysql-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-odbc", "p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-odbc-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-postgresql", "p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-postgresql-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-static", "p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-tests-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qt5-qttools", "p-cpe:/a:redhat:enterprise_linux:qt5-qttools-common", "p-cpe:/a:redhat:enterprise_linux:qt5-qttools-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qt5-qttools-debugsource", "p-cpe:/a:redhat:enterprise_linux:qt5-qttools-devel", "p-cpe:/a:redhat:enterprise_linux:qt5-qttools-devel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qt5-qttools-examples", "p-cpe:/a:redhat:enterprise_linux:qt5-qttools-examples-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qt5-qttools-libs-designer", "p-cpe:/a:redhat:enterprise_linux:qt5-qttools-libs-designer-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qt5-qttools-libs-designercomponents", "p-cpe:/a:redhat:enterprise_linux:qt5-qttools-libs-designercomponents-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qt5-qttools-libs-help", "p-cpe:/a:redhat:enterprise_linux:qt5-qttools-libs-help-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qt5-qttools-static", "p-cpe:/a:redhat:enterprise_linux:qt5-qttools-tests-debuginfo", "cpe:/o:redhat:enterprise_linux:8"], "id": "REDHAT-RHSA-2019-3390.NASL", "href": "https://www.tenable.com/plugins/nessus/130533", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:3390. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130533);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/17\");\n\n script_cve_id(\"CVE-2018-15518\", \"CVE-2018-19870\", \"CVE-2018-19873\");\n script_xref(name:\"RHSA\", value:\"2019:3390\");\n\n script_name(english:\"RHEL 8 : qt5-qtbase (RHSA-2019:3390)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for qt5-qtbase is now available for Red Hat Enterprise Linux\n8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nQt is a software toolkit for developing applications. The qt5-base\npackages contain base tools for string, xml, and network handling in\nQt.\n\nSecurity Fix(es) :\n\n* qt5-qtbase: Double free in QXmlStreamReader (CVE-2018-15518)\n\n* qt5-qtbase: QImage allocation failure in qgifhandler\n(CVE-2018-19870)\n\n* qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file\n(CVE-2018-19873)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.1 Release Notes linked from the References section.\"\n );\n # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?774148ae\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:3390\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-15518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-19870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-19873\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-assistant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-assistant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-designer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-designer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-doctools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-doctools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-linguist\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-linguist-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qdbusviewer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qdbusviewer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-examples-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-gui-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-postgresql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-tests-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qttools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qttools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qttools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qttools-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qttools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qttools-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qttools-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qttools-examples-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qttools-libs-designer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qttools-libs-designer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qttools-libs-designercomponents\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qttools-libs-designercomponents-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qttools-libs-help\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qttools-libs-help-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qttools-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qttools-tests-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 8.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:3390\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"qt5-assistant-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"qt5-assistant-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"aarch64\", reference:\"qt5-assistant-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"qt5-assistant-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"qt5-assistant-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"qt5-assistant-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"qt5-designer-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"qt5-designer-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"aarch64\", reference:\"qt5-designer-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"qt5-designer-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"qt5-designer-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"qt5-designer-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"qt5-doctools-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"qt5-doctools-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"aarch64\", reference:\"qt5-doctools-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"qt5-doctools-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"qt5-doctools-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"qt5-doctools-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"qt5-linguist-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"qt5-linguist-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"aarch64\", reference:\"qt5-linguist-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"qt5-linguist-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"qt5-linguist-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"qt5-linguist-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"qt5-qdbusviewer-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"qt5-qdbusviewer-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"aarch64\", reference:\"qt5-qdbusviewer-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"qt5-qdbusviewer-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"qt5-qdbusviewer-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"qt5-qdbusviewer-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"qt5-qtbase-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"qt5-qtbase-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"qt5-qtbase-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"qt5-qtbase-common-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"aarch64\", reference:\"qt5-qtbase-debuginfo-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"qt5-qtbase-debuginfo-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"qt5-qtbase-debuginfo-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"qt5-qtbase-debuginfo-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"aarch64\", reference:\"qt5-qtbase-debugsource-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"qt5-qtbase-debugsource-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"qt5-qtbase-debugsource-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"qt5-qtbase-debugsource-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"qt5-qtbase-devel-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"qt5-qtbase-devel-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"qt5-qtbase-devel-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"aarch64\", reference:\"qt5-qtbase-devel-debuginfo-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"qt5-qtbase-devel-debuginfo-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"qt5-qtbase-devel-debuginfo-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"qt5-qtbase-devel-debuginfo-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"qt5-qtbase-examples-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"qt5-qtbase-examples-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"qt5-qtbase-examples-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"aarch64\", reference:\"qt5-qtbase-examples-debuginfo-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"qt5-qtbase-examples-debuginfo-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"qt5-qtbase-examples-debuginfo-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"qt5-qtbase-examples-debuginfo-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"qt5-qtbase-gui-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"qt5-qtbase-gui-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"qt5-qtbase-gui-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"aarch64\", reference:\"qt5-qtbase-gui-debuginfo-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"qt5-qtbase-gui-debuginfo-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"qt5-qtbase-gui-debuginfo-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"qt5-qtbase-gui-debuginfo-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"qt5-qtbase-mysql-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"qt5-qtbase-mysql-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"qt5-qtbase-mysql-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"aarch64\", reference:\"qt5-qtbase-mysql-debuginfo-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"qt5-qtbase-mysql-debuginfo-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"qt5-qtbase-mysql-debuginfo-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"qt5-qtbase-mysql-debuginfo-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"qt5-qtbase-odbc-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"qt5-qtbase-odbc-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"qt5-qtbase-odbc-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"aarch64\", reference:\"qt5-qtbase-odbc-debuginfo-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"qt5-qtbase-odbc-debuginfo-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"qt5-qtbase-odbc-debuginfo-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"qt5-qtbase-odbc-debuginfo-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"qt5-qtbase-postgresql-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"qt5-qtbase-postgresql-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"qt5-qtbase-postgresql-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"aarch64\", reference:\"qt5-qtbase-postgresql-debuginfo-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"qt5-qtbase-postgresql-debuginfo-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"qt5-qtbase-postgresql-debuginfo-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"qt5-qtbase-postgresql-debuginfo-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"aarch64\", reference:\"qt5-qtbase-static-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"qt5-qtbase-static-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"qt5-qtbase-static-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"qt5-qtbase-static-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"aarch64\", reference:\"qt5-qtbase-tests-debuginfo-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"qt5-qtbase-tests-debuginfo-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"qt5-qtbase-tests-debuginfo-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"qt5-qtbase-tests-debuginfo-5.11.1-7.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"qt5-qttools-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"qt5-qttools-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", reference:\"qt5-qttools-common-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"aarch64\", reference:\"qt5-qttools-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"qt5-qttools-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"qt5-qttools-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"qt5-qttools-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"aarch64\", reference:\"qt5-qttools-debugsource-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"qt5-qttools-debugsource-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"qt5-qttools-debugsource-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"qt5-qttools-debugsource-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"qt5-qttools-devel-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"qt5-qttools-devel-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"qt5-qttools-devel-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"aarch64\", reference:\"qt5-qttools-devel-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"qt5-qttools-devel-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"qt5-qttools-devel-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"qt5-qttools-devel-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"qt5-qttools-examples-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"qt5-qttools-examples-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"qt5-qttools-examples-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"aarch64\", reference:\"qt5-qttools-examples-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"qt5-qttools-examples-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"qt5-qttools-examples-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"qt5-qttools-examples-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"qt5-qttools-libs-designer-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"qt5-qttools-libs-designer-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"qt5-qttools-libs-designer-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"aarch64\", reference:\"qt5-qttools-libs-designer-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"qt5-qttools-libs-designer-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"qt5-qttools-libs-designer-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"qt5-qttools-libs-designer-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"qt5-qttools-libs-designercomponents-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"qt5-qttools-libs-designercomponents-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"qt5-qttools-libs-designercomponents-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"aarch64\", reference:\"qt5-qttools-libs-designercomponents-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"qt5-qttools-libs-designercomponents-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"qt5-qttools-libs-designercomponents-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"qt5-qttools-libs-designercomponents-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"qt5-qttools-libs-help-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"qt5-qttools-libs-help-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"qt5-qttools-libs-help-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"aarch64\", reference:\"qt5-qttools-libs-help-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"qt5-qttools-libs-help-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"qt5-qttools-libs-help-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"qt5-qttools-libs-help-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"aarch64\", reference:\"qt5-qttools-static-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"qt5-qttools-static-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"qt5-qttools-static-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"qt5-qttools-static-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"aarch64\", reference:\"qt5-qttools-tests-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"qt5-qttools-tests-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"qt5-qttools-tests-debuginfo-5.11.1-9.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"qt5-qttools-tests-debuginfo-5.11.1-9.el8\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt5-assistant / qt5-assistant-debuginfo / qt5-designer / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:33:52", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has qt5-qtbase packages installed that are affected by multiple vulnerabilities:\n\n - An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.\n (CVE-2018-19870)\n\n - An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data. (CVE-2018-19873)\n\n - QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. (CVE-2018-15518)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-12-02T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : qt5-qtbase Multiple Vulnerabilities (NS-SA-2019-0217)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15518", "CVE-2018-19870", "CVE-2018-19873"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0217_QT5-QTBASE.NASL", "href": "https://www.tenable.com/plugins/nessus/131414", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0217. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131414);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2018-15518\", \"CVE-2018-19870\", \"CVE-2018-19873\");\n script_bugtraq_id(106286, 106327);\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : qt5-qtbase Multiple Vulnerabilities (NS-SA-2019-0217)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has qt5-qtbase packages installed that are\naffected by multiple vulnerabilities:\n\n - An issue was discovered in Qt before 5.11.3. A malformed\n GIF image causes a NULL pointer dereference in\n QGifHandler resulting in a segmentation fault.\n (CVE-2018-19870)\n\n - An issue was discovered in Qt before 5.11.3. QBmpHandler\n has a buffer overflow via BMP data. (CVE-2018-19873)\n\n - QXmlStream in Qt 5.x before 5.11.3 has a double-free or\n corruption during parsing of a specially crafted illegal\n XML document. (CVE-2018-15518)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0217\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL qt5-qtbase packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-19873\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"qt5-qtbase-5.9.7-2.el7\",\n \"qt5-qtbase-common-5.9.7-2.el7\",\n \"qt5-qtbase-debuginfo-5.9.7-2.el7\",\n \"qt5-qtbase-devel-5.9.7-2.el7\",\n \"qt5-qtbase-doc-5.9.7-2.el7\",\n \"qt5-qtbase-examples-5.9.7-2.el7\",\n \"qt5-qtbase-gui-5.9.7-2.el7\",\n \"qt5-qtbase-mysql-5.9.7-2.el7\",\n \"qt5-qtbase-odbc-5.9.7-2.el7\",\n \"qt5-qtbase-postgresql-5.9.7-2.el7\",\n \"qt5-qtbase-static-5.9.7-2.el7\",\n \"qt5-rpm-macros-5.9.7-2.el7\"\n ],\n \"CGSL MAIN 5.04\": [\n \"qt5-qtbase-5.9.7-2.el7\",\n \"qt5-qtbase-common-5.9.7-2.el7\",\n \"qt5-qtbase-debuginfo-5.9.7-2.el7\",\n \"qt5-qtbase-devel-5.9.7-2.el7\",\n \"qt5-qtbase-doc-5.9.7-2.el7\",\n \"qt5-qtbase-examples-5.9.7-2.el7\",\n \"qt5-qtbase-gui-5.9.7-2.el7\",\n \"qt5-qtbase-mysql-5.9.7-2.el7\",\n \"qt5-qtbase-odbc-5.9.7-2.el7\",\n \"qt5-qtbase-postgresql-5.9.7-2.el7\",\n \"qt5-qtbase-static-5.9.7-2.el7\",\n \"qt5-rpm-macros-5.9.7-2.el7\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt5-qtbase\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:06:30", "description": "An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.(CVE-2018-19870)\n\nQXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.\n(CVE-2018-15518)\n\nAn issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data. (CVE-2018-19873)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-02-28T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : qt5-qtbase (ALAS-2020-1397)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15518", "CVE-2018-19870", "CVE-2018-19873"], "modified": "2020-03-06T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:qt5-qtbase", "p-cpe:/a:amazon:linux:qt5-qtbase-common", "p-cpe:/a:amazon:linux:qt5-qtbase-debuginfo", "p-cpe:/a:amazon:linux:qt5-qtbase-devel", "p-cpe:/a:amazon:linux:qt5-qtbase-doc", "p-cpe:/a:amazon:linux:qt5-qtbase-examples", "p-cpe:/a:amazon:linux:qt5-qtbase-gui", "p-cpe:/a:amazon:linux:qt5-qtbase-mysql", "p-cpe:/a:amazon:linux:qt5-qtbase-odbc", "p-cpe:/a:amazon:linux:qt5-qtbase-postgresql", "p-cpe:/a:amazon:linux:qt5-qtbase-static", "p-cpe:/a:amazon:linux:qt5-rpm-macros", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2020-1397.NASL", "href": "https://www.tenable.com/plugins/nessus/134117", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1397.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(134117);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/06\");\n\n script_cve_id(\"CVE-2018-15518\", \"CVE-2018-19870\", \"CVE-2018-19873\");\n script_xref(name:\"ALAS\", value:\"2020-1397\");\n\n script_name(english:\"Amazon Linux 2 : qt5-qtbase (ALAS-2020-1397)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An issue was discovered in Qt before 5.11.3. A malformed GIF image\ncauses a NULL pointer dereference in QGifHandler resulting in a\nsegmentation fault.(CVE-2018-19870)\n\nQXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption\nduring parsing of a specially crafted illegal XML document.\n(CVE-2018-15518)\n\nAn issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer\noverflow via BMP data. (CVE-2018-19873)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2020-1397.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update qt5-qtbase' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qt5-qtbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qt5-qtbase-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qt5-qtbase-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qt5-qtbase-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qt5-qtbase-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qt5-qtbase-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qt5-qtbase-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qt5-qtbase-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qt5-qtbase-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qt5-qtbase-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qt5-qtbase-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:qt5-rpm-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", reference:\"qt5-qtbase-5.9.2-3.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qt5-qtbase-common-5.9.2-3.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qt5-qtbase-debuginfo-5.9.2-3.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qt5-qtbase-devel-5.9.2-3.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qt5-qtbase-doc-5.9.2-3.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qt5-qtbase-examples-5.9.2-3.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qt5-qtbase-gui-5.9.2-3.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qt5-qtbase-mysql-5.9.2-3.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qt5-qtbase-odbc-5.9.2-3.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qt5-qtbase-postgresql-5.9.2-3.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qt5-qtbase-static-5.9.2-3.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"qt5-rpm-macros-5.9.2-3.amzn2.0.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt5-qtbase / qt5-qtbase-common / qt5-qtbase-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-13T14:51:35", "description": "It was discovered that Qt incorrectly handled certain XML documents. A remote attacker could use this issue with a specially crafted XML document to cause Qt to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-15518)\n\nIt was discovered that Qt incorrectly handled certain GIF images. A remote attacker could use this issue with a specially crafted GIF image to cause Qt to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-19870)\n\nIt was discovered that Qt incorrectly handled certain BMP images. A remote attacker could use this issue with a specially crafted BMP image to cause Qt to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-19873).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-04T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 18.10 : qtbase-opensource-src vulnerabilities (USN-4003-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15518", "CVE-2018-19870", "CVE-2018-19873"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libqt5core5a", "p-cpe:/a:canonical:ubuntu_linux:libqt5gui5", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.10"], "id": "UBUNTU_USN-4003-1.NASL", "href": "https://www.tenable.com/plugins/nessus/125705", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4003-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125705);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2018-15518\", \"CVE-2018-19870\", \"CVE-2018-19873\");\n script_xref(name:\"USN\", value:\"4003-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 18.10 : qtbase-opensource-src vulnerabilities (USN-4003-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that Qt incorrectly handled certain XML documents. A\nremote attacker could use this issue with a specially crafted XML\ndocument to cause Qt to crash, resulting in a denial of service, or\npossibly execute arbitrary code. (CVE-2018-15518)\n\nIt was discovered that Qt incorrectly handled certain GIF images. A\nremote attacker could use this issue with a specially crafted GIF\nimage to cause Qt to crash, resulting in a denial of service, or\npossibly execute arbitrary code. (CVE-2018-19870)\n\nIt was discovered that Qt incorrectly handled certain BMP images. A\nremote attacker could use this issue with a specially crafted BMP\nimage to cause Qt to crash, resulting in a denial of service, or\npossibly execute arbitrary code. (CVE-2018-19873).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4003-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected libqt5core5a and / or libqt5gui5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libqt5core5a\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libqt5gui5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|18\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 18.04 / 18.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libqt5core5a\", pkgver:\"5.5.1+dfsg-16ubuntu7.6\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libqt5gui5\", pkgver:\"5.5.1+dfsg-16ubuntu7.6\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libqt5core5a\", pkgver:\"5.9.5+dfsg-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libqt5gui5\", pkgver:\"5.9.5+dfsg-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"libqt5core5a\", pkgver:\"5.11.1+dfsg-7ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"libqt5gui5\", pkgver:\"5.11.1+dfsg-7ubuntu3.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libqt5core5a / libqt5gui5\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-12T15:31:33", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has qt5-qtbase packages installed that are affected by multiple vulnerabilities:\n\n - An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.\n (CVE-2018-19870)\n\n - An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data. (CVE-2018-19873)\n\n - QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. (CVE-2018-15518)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-12-31T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : qt5-qtbase Multiple Vulnerabilities (NS-SA-2019-0236)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15518", "CVE-2018-19870", "CVE-2018-19873"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0236_QT5-QTBASE.NASL", "href": "https://www.tenable.com/plugins/nessus/132494", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0236. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132494);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2018-15518\", \"CVE-2018-19870\", \"CVE-2018-19873\");\n script_bugtraq_id(106286, 106327);\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : qt5-qtbase Multiple Vulnerabilities (NS-SA-2019-0236)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has qt5-qtbase packages installed that are\naffected by multiple vulnerabilities:\n\n - An issue was discovered in Qt before 5.11.3. A malformed\n GIF image causes a NULL pointer dereference in\n QGifHandler resulting in a segmentation fault.\n (CVE-2018-19870)\n\n - An issue was discovered in Qt before 5.11.3. QBmpHandler\n has a buffer overflow via BMP data. (CVE-2018-19873)\n\n - QXmlStream in Qt 5.x before 5.11.3 has a double-free or\n corruption during parsing of a specially crafted illegal\n XML document. (CVE-2018-15518)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0236\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL qt5-qtbase packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-19873\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.05\": [\n \"qt5-qtbase-5.9.7-2.el7\",\n \"qt5-qtbase-common-5.9.7-2.el7\",\n \"qt5-qtbase-debuginfo-5.9.7-2.el7\",\n \"qt5-qtbase-devel-5.9.7-2.el7\",\n \"qt5-qtbase-doc-5.9.7-2.el7\",\n \"qt5-qtbase-examples-5.9.7-2.el7\",\n \"qt5-qtbase-gui-5.9.7-2.el7\",\n \"qt5-qtbase-mysql-5.9.7-2.el7\",\n \"qt5-qtbase-odbc-5.9.7-2.el7\",\n \"qt5-qtbase-postgresql-5.9.7-2.el7\",\n \"qt5-qtbase-static-5.9.7-2.el7\",\n \"qt5-rpm-macros-5.9.7-2.el7\"\n ],\n \"CGSL MAIN 5.05\": [\n \"qt5-qtbase-5.9.7-2.el7\",\n \"qt5-qtbase-common-5.9.7-2.el7\",\n \"qt5-qtbase-debuginfo-5.9.7-2.el7\",\n \"qt5-qtbase-devel-5.9.7-2.el7\",\n \"qt5-qtbase-doc-5.9.7-2.el7\",\n \"qt5-qtbase-examples-5.9.7-2.el7\",\n \"qt5-qtbase-gui-5.9.7-2.el7\",\n \"qt5-qtbase-mysql-5.9.7-2.el7\",\n \"qt5-qtbase-odbc-5.9.7-2.el7\",\n \"qt5-qtbase-postgresql-5.9.7-2.el7\",\n \"qt5-qtbase-static-5.9.7-2.el7\",\n \"qt5-rpm-macros-5.9.7-2.el7\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt5-qtbase\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:12:09", "description": "This update for libqt4 fixes the following issues :\n\nCVE-2018-15518: Fixed a double free in QXmlStreamReader (bsc#1118595)\n\nCVE-2018-19873: Fixed a segmantation fault via a malformed BMP file (bsc#1118596).\n\nCVE-2018-19869: Fixed an improper checking which might lead to a crach via a malformed url reference (bsc#1118599).\n\nAdded stricter toplevel asm parsing by dropping volatile qualification that has no effect (bsc#1121214).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-20T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : libqt4 (SUSE-SU-2020:1021-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15518", "CVE-2018-19869", "CVE-2018-19873"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libqt4", "p-cpe:/a:novell:suse_linux:libqt4-debuginfo", "p-cpe:/a:novell:suse_linux:libqt4-debugsource", "p-cpe:/a:novell:suse_linux:libqt4-devel-doc-debuginfo", "p-cpe:/a:novell:suse_linux:libqt4-devel-doc-debugsource", "p-cpe:/a:novell:suse_linux:libqt4-qt3support", "p-cpe:/a:novell:suse_linux:libqt4-qt3support-debuginfo", "p-cpe:/a:novell:suse_linux:libqt4-sql", "p-cpe:/a:novell:suse_linux:libqt4-sql-debuginfo", "p-cpe:/a:novell:suse_linux:libqt4-sql-mysql", "p-cpe:/a:novell:suse_linux:libqt4-sql-mysql-debuginfo", "p-cpe:/a:novell:suse_linux:libqt4-sql-plugins-debugsource", "p-cpe:/a:novell:suse_linux:libqt4-sql-sqlite", "p-cpe:/a:novell:suse_linux:libqt4-sql-sqlite-debuginfo", "p-cpe:/a:novell:suse_linux:libqt4-x11", "p-cpe:/a:novell:suse_linux:libqt4-x11-debuginfo", "p-cpe:/a:novell:suse_linux:qt4-x11-tools", "p-cpe:/a:novell:suse_linux:qt4-x11-tools-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-1021-1.NASL", "href": "https://www.tenable.com/plugins/nessus/135753", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1021-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135753);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-15518\", \"CVE-2018-19869\", \"CVE-2018-19873\");\n\n script_name(english:\"SUSE SLES12 Security Update : libqt4 (SUSE-SU-2020:1021-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for libqt4 fixes the following issues :\n\nCVE-2018-15518: Fixed a double free in QXmlStreamReader (bsc#1118595)\n\nCVE-2018-19873: Fixed a segmantation fault via a malformed BMP file\n(bsc#1118596).\n\nCVE-2018-19869: Fixed an improper checking which might lead to a crach\nvia a malformed url reference (bsc#1118599).\n\nAdded stricter toplevel asm parsing by dropping volatile qualification\nthat has no effect (bsc#1121214).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118595\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118596\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-15518/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19869/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19873/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201021-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7eaaa4b3\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP5:zypper in -t patch\nSUSE-SLE-WE-12-SP5-2020-1021=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP4:zypper in -t patch\nSUSE-SLE-WE-12-SP4-2020-1021=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5:zypper in -t\npatch SUSE-SLE-SDK-12-SP5-2020-1021=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2020-1021=1\n\nSUSE Linux Enterprise Server 12-SP5:zypper in -t patch\nSUSE-SLE-SERVER-12-SP5-2020-1021=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2020-1021=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-devel-doc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-devel-doc-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-qt3support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-qt3support-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-sql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-sql-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-sql-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-sql-plugins-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-sql-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-sql-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-x11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qt4-x11-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qt4-x11-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4/5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libqt4-32bit-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libqt4-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libqt4-debuginfo-32bit-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libqt4-debuginfo-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libqt4-debugsource-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libqt4-devel-doc-debuginfo-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libqt4-devel-doc-debugsource-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libqt4-qt3support-32bit-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libqt4-qt3support-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libqt4-qt3support-debuginfo-32bit-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libqt4-qt3support-debuginfo-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libqt4-sql-32bit-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libqt4-sql-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libqt4-sql-debuginfo-32bit-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libqt4-sql-debuginfo-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libqt4-sql-mysql-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libqt4-sql-mysql-debuginfo-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libqt4-sql-plugins-debugsource-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libqt4-sql-sqlite-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libqt4-sql-sqlite-debuginfo-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libqt4-x11-32bit-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libqt4-x11-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libqt4-x11-debuginfo-32bit-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libqt4-x11-debuginfo-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"qt4-x11-tools-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"qt4-x11-tools-debuginfo-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libqt4-32bit-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libqt4-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libqt4-debuginfo-32bit-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libqt4-debuginfo-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libqt4-debugsource-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libqt4-devel-doc-debuginfo-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libqt4-devel-doc-debugsource-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libqt4-qt3support-32bit-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libqt4-qt3support-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libqt4-qt3support-debuginfo-32bit-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libqt4-qt3support-debuginfo-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libqt4-sql-32bit-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libqt4-sql-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libqt4-sql-debuginfo-32bit-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libqt4-sql-debuginfo-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libqt4-sql-mysql-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libqt4-sql-mysql-debuginfo-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libqt4-sql-plugins-debugsource-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libqt4-sql-sqlite-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libqt4-sql-sqlite-debuginfo-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libqt4-x11-32bit-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libqt4-x11-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libqt4-x11-debuginfo-32bit-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libqt4-x11-debuginfo-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"qt4-x11-tools-4.8.7-8.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"qt4-x11-tools-debuginfo-4.8.7-8.13.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libqt4\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-24T14:28:07", "description": "This update for libqt4 fixes the following issues :\n\n - Fix buffer over-read in read_xbm_body (boo#1176315, CVE-2020-17507)\n\n - Fix 'double free or corruption' in QXmlStreamReader (boo#1118595, CVE-2018-15518)\n\n - Fix QBmpHandler segfault on malformed BMP file boo#1118596, CVE-2018-19873)\n\n - Fix crash when parsing malformed url reference (boo#1118599, CVE-2018-19869)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-09-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libqt4 (openSUSE-2020-1452)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15518", "CVE-2018-19869", "CVE-2018-19873", "CVE-2020-17507"], "modified": "2020-09-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libqt4", "p-cpe:/a:novell:opensuse:libqt4-32bit", "p-cpe:/a:novell:opensuse:libqt4-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-debugsource", "p-cpe:/a:novell:opensuse:libqt4-devel", "p-cpe:/a:novell:opensuse:libqt4-devel-32bit", "p-cpe:/a:novell:opensuse:libqt4-devel-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-devel-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-devel-doc-data", "p-cpe:/a:novell:opensuse:libqt4-devel-doc-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-devel-doc-debugsource", "p-cpe:/a:novell:opensuse:libqt4-linguist", "p-cpe:/a:novell:opensuse:libqt4-linguist-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-private-headers-devel", "p-cpe:/a:novell:opensuse:libqt4-qt3support", "p-cpe:/a:novell:opensuse:libqt4-qt3support-32bit", "p-cpe:/a:novell:opensuse:libqt4-qt3support-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql", "p-cpe:/a:novell:opensuse:libqt4-sql-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql-plugins-debugsource", "p-cpe:/a:novell:opensuse:libqt4-sql-postgresql", "p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC", "p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-x11", "p-cpe:/a:novell:opensuse:libqt4-x11-32bit", "p-cpe:/a:novell:opensuse:libqt4-x11-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo", "p-cpe:/a:novell:opensuse:qt4-x11-tools", "p-cpe:/a:novell:opensuse:qt4-x11-tools-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-1452.NASL", "href": "https://www.tenable.com/plugins/nessus/140682", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1452.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(140682);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/23\");\n\n script_cve_id(\"CVE-2018-15518\", \"CVE-2018-19869\", \"CVE-2018-19873\", \"CVE-2020-17507\");\n\n script_name(english:\"openSUSE Security Update : libqt4 (openSUSE-2020-1452)\");\n script_summary(english:\"Check for the openSUSE-2020-1452 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for libqt4 fixes the following issues :\n\n - Fix buffer over-read in read_xbm_body (boo#1176315,\n CVE-2020-17507)\n\n - Fix 'double free or corruption' in QXmlStreamReader\n (boo#1118595, CVE-2018-15518)\n\n - Fix QBmpHandler segfault on malformed BMP file\n boo#1118596, CVE-2018-19873)\n\n - Fix crash when parsing malformed url reference\n (boo#1118599, CVE-2018-19869)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118595\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118596\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1121214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176315\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected libqt4 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-doc-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-doc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-doc-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-linguist\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-linguist-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-plugins-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt4-x11-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt4-x11-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libqt4-4.8.7-lp151.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libqt4-debuginfo-4.8.7-lp151.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libqt4-debugsource-4.8.7-lp151.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libqt4-devel-4.8.7-lp151.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libqt4-devel-debuginfo-4.8.7-lp151.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libqt4-devel-doc-data-4.8.7-lp151.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libqt4-linguist-4.8.7-lp151.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libqt4-linguist-debuginfo-4.8.7-lp151.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libqt4-private-headers-devel-4.8.7-lp151.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libqt4-qt3support-4.8.7-lp151.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libqt4-qt3support-debuginfo-4.8.7-lp151.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libqt4-sql-4.8.7-lp151.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libqt4-sql-debuginfo-4.8.7-lp151.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libqt4-sql-sqlite-4.8.7-lp151.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libqt4-sql-sqlite-debuginfo-4.8.7-lp151.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libqt4-x11-4.8.7-lp151.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libqt4-x11-debuginfo-4.8.7-lp151.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libqt4-32bit-4.8.7-lp151.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libqt4-32bit-debuginfo-4.8.7-lp151.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libqt4-devel-32bit-4.8.7-lp151.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libqt4-devel-32bit-debuginfo-4.8.7-lp151.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libqt4-devel-doc-debuginfo-4.8.7-lp151.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libqt4-devel-doc-debugsource-4.8.7-lp151.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libqt4-qt3support-32bit-4.8.7-lp151.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libqt4-qt3support-32bit-debuginfo-4.8.7-lp151.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libqt4-sql-32bit-4.8.7-lp151.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libqt4-sql-32bit-debuginfo-4.8.7-lp151.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libqt4-sql-plugins-debugsource-4.8.7-lp151.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libqt4-sql-postgresql-4.8.7-lp151.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libqt4-sql-postgresql-debuginfo-4.8.7-lp151.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libqt4-sql-sqlite-32bit-4.8.7-lp151.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libqt4-sql-sqlite-32bit-debuginfo-4.8.7-lp151.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libqt4-sql-unixODBC-4.8.7-lp151.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libqt4-sql-unixODBC-debuginfo-4.8.7-lp151.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libqt4-x11-32bit-4.8.7-lp151.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libqt4-x11-32bit-debuginfo-4.8.7-lp151.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"qt4-x11-tools-4.8.7-lp151.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"qt4-x11-tools-debuginfo-4.8.7-lp151.9.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libqt4-devel-doc-data / libqt4-devel-doc-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-24T14:28:06", "description": "This update for libqt4 fixes the following issues :\n\n - Fix buffer over-read in read_xbm_body (boo#1176315, CVE-2020-17507)\n\n - Fix 'double free or corruption' in QXmlStreamReader (boo#1118595, CVE-2018-15518)\n\n - Fix QBmpHandler segfault on malformed BMP file boo#1118596, CVE-2018-19873)\n\n - Fix crash when parsing malformed url reference (boo#1118599, CVE-2018-19869)\n\nThis update was imported from the openSUSE:Leap:15.1:Update update project.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-09-23T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libqt4 (openSUSE-2020-1501)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15518", "CVE-2018-19869", "CVE-2018-19873", "CVE-2020-17507"], "modified": "2020-09-25T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libqt4", "p-cpe:/a:novell:opensuse:libqt4-32bit", "p-cpe:/a:novell:opensuse:libqt4-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-debugsource", "p-cpe:/a:novell:opensuse:libqt4-devel", "p-cpe:/a:novell:opensuse:libqt4-devel-32bit", "p-cpe:/a:novell:opensuse:libqt4-devel-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-devel-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-devel-doc-data", "p-cpe:/a:novell:opensuse:libqt4-devel-doc-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-devel-doc-debugsource", "p-cpe:/a:novell:opensuse:libqt4-linguist", "p-cpe:/a:novell:opensuse:libqt4-linguist-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-private-headers-devel", "p-cpe:/a:novell:opensuse:libqt4-qt3support", "p-cpe:/a:novell:opensuse:libqt4-qt3support-32bit", "p-cpe:/a:novell:opensuse:libqt4-qt3support-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql", "p-cpe:/a:novell:opensuse:libqt4-sql-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql-plugins-debugsource", "p-cpe:/a:novell:opensuse:libqt4-sql-postgresql", "p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC", "p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-x11", "p-cpe:/a:novell:opensuse:libqt4-x11-32bit", "p-cpe:/a:novell:opensuse:libqt4-x11-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo", "p-cpe:/a:novell:opensuse:qt4-x11-tools", "p-cpe:/a:novell:opensuse:qt4-x11-tools-debuginfo", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-1501.NASL", "href": "https://www.tenable.com/plugins/nessus/140743", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1501.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(140743);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/25\");\n\n script_cve_id(\"CVE-2018-15518\", \"CVE-2018-19869\", \"CVE-2018-19873\", \"CVE-2020-17507\");\n\n script_name(english:\"openSUSE Security Update : libqt4 (openSUSE-2020-1501)\");\n script_summary(english:\"Check for the openSUSE-2020-1501 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for libqt4 fixes the following issues :\n\n - Fix buffer over-read in read_xbm_body (boo#1176315,\n CVE-2020-17507)\n\n - Fix 'double free or corruption' in QXmlStreamReader\n (boo#1118595, CVE-2018-15518)\n\n - Fix QBmpHandler segfault on malformed BMP file\n boo#1118596, CVE-2018-19873)\n\n - Fix crash when parsing malformed url reference\n (boo#1118599, CVE-2018-19869)\n\nThis update was imported from the openSUSE:Leap:15.1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118595\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118596\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1121214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176315\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected libqt4 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-doc-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-doc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-doc-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-linguist\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-linguist-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-plugins-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt4-x11-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt4-x11-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libqt4-4.8.7-lp152.10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libqt4-debuginfo-4.8.7-lp152.10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libqt4-debugsource-4.8.7-lp152.10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libqt4-devel-4.8.7-lp152.10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libqt4-devel-debuginfo-4.8.7-lp152.10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libqt4-devel-doc-data-4.8.7-lp152.10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libqt4-linguist-4.8.7-lp152.10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libqt4-linguist-debuginfo-4.8.7-lp152.10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libqt4-private-headers-devel-4.8.7-lp152.10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libqt4-qt3support-4.8.7-lp152.10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libqt4-qt3support-debuginfo-4.8.7-lp152.10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libqt4-sql-4.8.7-lp152.10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libqt4-sql-debuginfo-4.8.7-lp152.10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libqt4-sql-sqlite-4.8.7-lp152.10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libqt4-sql-sqlite-debuginfo-4.8.7-lp152.10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libqt4-x11-4.8.7-lp152.10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libqt4-x11-debuginfo-4.8.7-lp152.10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libqt4-32bit-4.8.7-lp152.10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libqt4-32bit-debuginfo-4.8.7-lp152.10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libqt4-devel-32bit-4.8.7-lp152.10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libqt4-devel-32bit-debuginfo-4.8.7-lp152.10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libqt4-devel-doc-debuginfo-4.8.7-lp152.10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libqt4-devel-doc-debugsource-4.8.7-lp152.10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libqt4-qt3support-32bit-4.8.7-lp152.10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libqt4-qt3support-32bit-debuginfo-4.8.7-lp152.10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libqt4-sql-32bit-4.8.7-lp152.10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libqt4-sql-32bit-debuginfo-4.8.7-lp152.10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libqt4-sql-plugins-debugsource-4.8.7-lp152.10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libqt4-sql-postgresql-4.8.7-lp152.10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libqt4-sql-postgresql-debuginfo-4.8.7-lp152.10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libqt4-sql-sqlite-32bit-4.8.7-lp152.10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libqt4-sql-sqlite-32bit-debuginfo-4.8.7-lp152.10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libqt4-sql-unixODBC-4.8.7-lp152.10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libqt4-sql-unixODBC-debuginfo-4.8.7-lp152.10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libqt4-x11-32bit-4.8.7-lp152.10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libqt4-x11-32bit-debuginfo-4.8.7-lp152.10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"qt4-x11-tools-4.8.7-lp152.10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"qt4-x11-tools-debuginfo-4.8.7-lp152.10.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libqt4-devel-doc-data / libqt4-devel-doc-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:48:02", "description": "According to the versions of the qt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.(CVE-2018-19870)\n\n - An issue was discovered in Qt before 5.11.3.\n QBmpHandler has a buffer overflow via BMP data.(CVE-2018-19873)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-22T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : qt (EulerOS-SA-2019-1057)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-19870", "CVE-2018-19873"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:qt", "p-cpe:/a:huawei:euleros:qt-devel", "p-cpe:/a:huawei:euleros:qt-mysql", "p-cpe:/a:huawei:euleros:qt-odbc", "p-cpe:/a:huawei:euleros:qt-postgresql", "p-cpe:/a:huawei:euleros:qt-x11", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1057.NASL", "href": "https://www.tenable.com/plugins/nessus/122384", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122384);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-19870\",\n \"CVE-2018-19873\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : qt (EulerOS-SA-2019-1057)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the qt packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in Qt before 5.11.3. A\n malformed GIF image causes a NULL pointer dereference\n in QGifHandler resulting in a segmentation\n fault.(CVE-2018-19870)\n\n - An issue was discovered in Qt before 5.11.3.\n QBmpHandler has a buffer overflow via BMP\n data.(CVE-2018-19873)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1057\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?26452313\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected qt packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"qt-4.8.5-12.h2\",\n \"qt-devel-4.8.5-12.h2\",\n \"qt-mysql-4.8.5-12.h2\",\n \"qt-odbc-4.8.5-12.h2\",\n \"qt-postgresql-4.8.5-12.h2\",\n \"qt-x11-4.8.5-12.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:51:26", "description": "According to the versions of the qt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.(CVE-2018-19870)\n\n - An issue was discovered in Qt before 5.11.3.\n QBmpHandler has a buffer overflow via BMP data.(CVE-2018-19873)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-03-26T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : qt (EulerOS-SA-2019-1103)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-19870", "CVE-2018-19873"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:qt", "p-cpe:/a:huawei:euleros:qt-devel", "p-cpe:/a:huawei:euleros:qt-mysql", "p-cpe:/a:huawei:euleros:qt-odbc", "p-cpe:/a:huawei:euleros:qt-postgresql", "p-cpe:/a:huawei:euleros:qt-x11", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1103.NASL", "href": "https://www.tenable.com/plugins/nessus/123116", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123116);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-19870\",\n \"CVE-2018-19873\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : qt (EulerOS-SA-2019-1103)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the qt packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in Qt before 5.11.3. A\n malformed GIF image causes a NULL pointer dereference\n in QGifHandler resulting in a segmentation\n fault.(CVE-2018-19870)\n\n - An issue was discovered in Qt before 5.11.3.\n QBmpHandler has a buffer overflow via BMP\n data.(CVE-2018-19873)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1103\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?38d8a337\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected qt packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"qt-4.8.5-13.h2\",\n \"qt-devel-4.8.5-13.h2\",\n \"qt-mysql-4.8.5-13.h2\",\n \"qt-odbc-4.8.5-13.h2\",\n \"qt-postgresql-4.8.5-13.h2\",\n \"qt-x11-4.8.5-13.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:49:03", "description": "According to the versions of the qt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.(CVE-2018-19870)\n\n - An issue was discovered in Qt before 5.11.3.\n QBmpHandler has a buffer overflow via BMP data.(CVE-2018-19873)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-15T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : qt (EulerOS-SA-2019-1042)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-19870", "CVE-2018-19873"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:qt", "p-cpe:/a:huawei:euleros:qt-devel", "p-cpe:/a:huawei:euleros:qt-mysql", "p-cpe:/a:huawei:euleros:qt-odbc", "p-cpe:/a:huawei:euleros:qt-postgresql", "p-cpe:/a:huawei:euleros:qt-x11", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1042.NASL", "href": "https://www.tenable.com/plugins/nessus/122215", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122215);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-19870\",\n \"CVE-2018-19873\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : qt (EulerOS-SA-2019-1042)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the qt packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in Qt before 5.11.3. A\n malformed GIF image causes a NULL pointer dereference\n in QGifHandler resulting in a segmentation\n fault.(CVE-2018-19870)\n\n - An issue was discovered in Qt before 5.11.3.\n QBmpHandler has a buffer overflow via BMP\n data.(CVE-2018-19873)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1042\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?18372483\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected qt packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"qt-4.8.7-2.h2.eulerosv2r7\",\n \"qt-devel-4.8.7-2.h2.eulerosv2r7\",\n \"qt-mysql-4.8.7-2.h2.eulerosv2r7\",\n \"qt-odbc-4.8.7-2.h2.eulerosv2r7\",\n \"qt-postgresql-4.8.7-2.h2.eulerosv2r7\",\n \"qt-x11-4.8.7-2.h2.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:53:26", "description": "This update for libqt5-qtbase fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-15518: Fixed double free in QXmlStreamReader (bsc#1118595)\n\nCVE-2018-19873: Fixed Denial of Service on malformed BMP file in QBmpHandler (bsc#1118596)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-12-31T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : libqt5-qtbase (SUSE-SU-2018:4294-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15518", "CVE-2018-19873"], "modified": "2020-03-23T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libQt5Core5", "p-cpe:/a:novell:suse_linux:libQt5Core5-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5DBus5", "p-cpe:/a:novell:suse_linux:libQt5DBus5-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5Gui5", "p-cpe:/a:novell:suse_linux:libQt5Gui5-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5Widgets5", "p-cpe:/a:novell:suse_linux:libQt5Widgets5-debuginfo", "p-cpe:/a:novell:suse_linux:libqt5-qtbase-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-4294-1.NASL", "href": "https://www.tenable.com/plugins/nessus/119954", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:4294-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119954);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/23\");\n\n script_cve_id(\"CVE-2018-15518\", \"CVE-2018-19873\");\n\n script_name(english:\"SUSE SLES12 Security Update : libqt5-qtbase (SUSE-SU-2018:4294-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libqt5-qtbase fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-15518: Fixed double free in QXmlStreamReader (bsc#1118595)\n\nCVE-2018-19873: Fixed Denial of Service on malformed BMP file in\nQBmpHandler (bsc#1118596)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118595\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118596\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-15518/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19873/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20184294-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?afa06297\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2018-3065=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Core5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Core5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5DBus5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5DBus5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Gui5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Gui5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Widgets5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Widgets5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt5-qtbase-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libQt5Core5-5.3.1-4.7.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libQt5Core5-debuginfo-5.3.1-4.7.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libQt5DBus5-5.3.1-4.7.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libQt5DBus5-debuginfo-5.3.1-4.7.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libQt5Gui5-5.3.1-4.7.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libQt5Gui5-debuginfo-5.3.1-4.7.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libQt5Widgets5-5.3.1-4.7.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libQt5Widgets5-debuginfo-5.3.1-4.7.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libqt5-qtbase-debugsource-5.3.1-4.7.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libqt5-qtbase\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:48:52", "description": "This update for libqt5-qtbase provides the following fixes :\n\nSecurity issues fixed :\n\n - CVE-2018-15518: Fixed double free in QXmlStreamReader (bsc#1118595)\n\n - CVE-2018-19873: Fixed Denial of Service on malformed BMP file in QBmpHandler (bsc#1118596)\n\nNon-security issues fixed :\n\n - Fix dynamic loading of libGL. (bsc#1099874)\n\n - Make sure printer settings are properly remembered.\n (bsc#1096328)\n\n - Add patch to fix fails to load pixmap cursors on XRender less system (bsc#1108889)\n\n - Fix krita pop-up palette not working properly (bsc#1120639)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-28T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libqt5-qtbase (openSUSE-2019-265)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15518", "CVE-2018-19873"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libQt5Bootstrap-devel-static", "p-cpe:/a:novell:opensuse:libQt5Bootstrap-devel-static-32bit", "p-cpe:/a:novell:opensuse:libQt5Concurrent-devel", "p-cpe:/a:novell:opensuse:libQt5Concurrent-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5Concurrent5", "p-cpe:/a:novell:opensuse:libQt5Concurrent5-32bit", "p-cpe:/a:novell:opensuse:libQt5Concurrent5-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Concurrent5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Core-devel", "p-cpe:/a:novell:opensuse:libQt5Core-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5Core-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5Core5", "p-cpe:/a:novell:opensuse:libQt5Core5-32bit", "p-cpe:/a:novell:opensuse:libQt5Core5-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Core5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5DBus-devel", "p-cpe:/a:novell:opensuse:libQt5DBus-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5DBus-devel-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libQt5DBus-devel-debuginfo", "p-cpe:/a:novell:opensuse:libQt5DBus-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5DBus5", "p-cpe:/a:novell:opensuse:libQt5DBus5-32bit", "p-cpe:/a:novell:opensuse:libQt5DBus5-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libQt5DBus5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Gui-devel", "p-cpe:/a:novell:opensuse:libQt5Gui-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5Gui-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5Gui5", "p-cpe:/a:novell:opensuse:libQt5Gui5-32bit", "p-cpe:/a:novell:opensuse:libQt5Gui5-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Gui5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5KmsSupport-devel-static", "p-cpe:/a:novell:opensuse:libQt5KmsSupport-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5Network-devel", "p-cpe:/a:novell:opensuse:libQt5Network-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5Network-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5Network5", "p-cpe:/a:novell:opensuse:libQt5Network5-32bit", "p-cpe:/a:novell:opensuse:libQt5Network5-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Network5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5OpenGL-devel", "p-cpe:/a:novell:opensuse:libQt5OpenGL-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5OpenGL-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5OpenGL5", "p-cpe:/a:novell:opensuse:libQt5OpenGL5-32bit", "p-cpe:/a:novell:opensuse:libQt5OpenGL5-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libQt5OpenGL5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5OpenGLExtensions-devel-static", "p-cpe:/a:novell:opensuse:libQt5OpenGLExtensions-devel-static-32bit", "p-cpe:/a:novell:opensuse:libQt5PlatformHeaders-devel", "p-cpe:/a:novell:opensuse:libQt5PlatformSupport-devel-static", "p-cpe:/a:novell:opensuse:libQt5PlatformSupport-devel-static-32bit", "p-cpe:/a:novell:opensuse:libQt5PlatformSupport-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5PrintSupport-devel", "p-cpe:/a:novell:opensuse:libQt5PrintSupport-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5PrintSupport-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5PrintSupport5", "p-cpe:/a:novell:opensuse:libQt5PrintSupport5-32bit", "p-cpe:/a:novell:opensuse:libQt5PrintSupport5-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libQt5PrintSupport5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Sql-devel", "p-cpe:/a:novell:opensuse:libQt5Sql-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5Sql-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5Sql5", "p-cpe:/a:novell:opensuse:libQt5Sql5-32bit", "p-cpe:/a:novell:opensuse:libQt5Sql5-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Sql5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Sql5-mysql", "p-cpe:/a:novell:opensuse:libQt5Sql5-mysql-32bit", "p-cpe:/a:novell:opensuse:libQt5Sql5-mysql-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Sql5-mysql-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Sql5-postgresql", "p-cpe:/a:novell:opensuse:libQt5Sql5-postgresql-32bit", "p-cpe:/a:novell:opensuse:libQt5Sql5-postgresql-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Sql5-postgresql-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Sql5-sqlite", "p-cpe:/a:novell:opensuse:libQt5Sql5-sqlite-32bit", "p-cpe:/a:novell:opensuse:libQt5Sql5-sqlite-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Sql5-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Sql5-unixODBC", "p-cpe:/a:novell:opensuse:libQt5Sql5-unixODBC-32bit", "p-cpe:/a:novell:opensuse:libQt5Sql5-unixODBC-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Sql5-unixODBC-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Test-devel", "p-cpe:/a:novell:opensuse:libQt5Test-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5Test-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5Test5", "p-cpe:/a:novell:opensuse:libQt5Test5-32bit", "p-cpe:/a:novell:opensuse:libQt5Test5-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Test5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Widgets-devel", "p-cpe:/a:novell:opensuse:libQt5Widgets-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5Widgets-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5Widgets5", "p-cpe:/a:novell:opensuse:libQt5Widgets5-32bit", "p-cpe:/a:novell:opensuse:libQt5Widgets5-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Widgets5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Xml-devel", "p-cpe:/a:novell:opensuse:libQt5Xml-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5Xml5", "p-cpe:/a:novell:opensuse:libQt5Xml5-32bit", "p-cpe:/a:novell:opensuse:libQt5Xml5-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Xml5-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtbase-common-devel", "p-cpe:/a:novell:opensuse:libqt5-qtbase-common-devel-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtbase-debugsource", "p-cpe:/a:novell:opensuse:libqt5-qtbase-devel", "p-cpe:/a:novell:opensuse:libqt5-qtbase-examples", "p-cpe:/a:novell:opensuse:libqt5-qtbase-examples-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtbase-examples-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtbase-examples-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtbase-platformtheme-gtk3", "p-cpe:/a:novell:opensuse:libqt5-qtbase-platformtheme-gtk3-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtbase-private-headers-devel", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-265.NASL", "href": "https://www.tenable.com/plugins/nessus/122498", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-265.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122498);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-15518\", \"CVE-2018-19873\");\n\n script_name(english:\"openSUSE Security Update : libqt5-qtbase (openSUSE-2019-265)\");\n script_summary(english:\"Check for the openSUSE-2019-265 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libqt5-qtbase provides the following fixes :\n\nSecurity issues fixed :\n\n - CVE-2018-15518: Fixed double free in QXmlStreamReader\n (bsc#1118595)\n\n - CVE-2018-19873: Fixed Denial of Service on malformed BMP\n file in QBmpHandler (bsc#1118596)\n\nNon-security issues fixed :\n\n - Fix dynamic loading of libGL. (bsc#1099874)\n\n - Make sure printer settings are properly remembered.\n (bsc#1096328)\n\n - Add patch to fix fails to load pixmap cursors on XRender\n less system (bsc#1108889)\n\n - Fix krita pop-up palette not working properly\n (bsc#1120639)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1096328\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1099874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1108889\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118595\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118596\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120639\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libqt5-qtbase packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Bootstrap-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Bootstrap-devel-static-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Concurrent-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Concurrent-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Concurrent5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Concurrent5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Concurrent5-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Concurrent5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Core-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Core-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Core-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Core5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Core5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Core5-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Core5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5DBus-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5DBus-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5DBus-devel-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5DBus-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5DBus-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5DBus5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5DBus5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5DBus5-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5DBus5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Gui-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Gui-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Gui-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Gui5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Gui5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Gui5-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Gui5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5KmsSupport-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5KmsSupport-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Network-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Network-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Network-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Network5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Network5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Network5-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Network5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5OpenGL-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5OpenGL-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5OpenGL-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5OpenGL5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5OpenGL5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5OpenGL5-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5OpenGL5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5OpenGLExtensions-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5OpenGLExtensions-devel-static-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5PlatformHeaders-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5PlatformSupport-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5PlatformSupport-devel-static-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5PlatformSupport-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5PrintSupport-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5PrintSupport-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5PrintSupport-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5PrintSupport5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5PrintSupport5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5PrintSupport5-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5PrintSupport5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-mysql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-mysql-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-postgresql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-postgresql-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-postgresql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-sqlite-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-sqlite-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-unixODBC\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-unixODBC-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-unixODBC-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-unixODBC-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Test-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Test-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Test-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Test5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Test5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Test5-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Test5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Widgets-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Widgets-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Widgets-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Widgets5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Widgets5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Widgets5-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Widgets5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Xml-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Xml-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Xml5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Xml5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Xml5-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Xml5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-common-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-common-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-examples-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-examples-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-examples-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-platformtheme-gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-platformtheme-gtk3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5Bootstrap-devel-static-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5Concurrent-devel-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5Concurrent5-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5Concurrent5-debuginfo-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5Core-devel-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5Core-private-headers-devel-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5Core5-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5Core5-debuginfo-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5DBus-devel-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5DBus-devel-debuginfo-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5DBus-private-headers-devel-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5DBus5-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5DBus5-debuginfo-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5Gui-devel-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5Gui-private-headers-devel-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5Gui5-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5Gui5-debuginfo-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5KmsSupport-devel-static-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5KmsSupport-private-headers-devel-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5Network-devel-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5Network-private-headers-devel-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5Network5-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5Network5-debuginfo-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5OpenGL-devel-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5OpenGL-private-headers-devel-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5OpenGL5-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5OpenGL5-debuginfo-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5OpenGLExtensions-devel-static-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5PlatformHeaders-devel-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5PlatformSupport-devel-static-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5PlatformSupport-private-headers-devel-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5PrintSupport-devel-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5PrintSupport-private-headers-devel-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5PrintSupport5-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5PrintSupport5-debuginfo-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5Sql-devel-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5Sql-private-headers-devel-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5Sql5-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5Sql5-debuginfo-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5Sql5-mysql-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5Sql5-mysql-debuginfo-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5Sql5-postgresql-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5Sql5-postgresql-debuginfo-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5Sql5-sqlite-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5Sql5-sqlite-debuginfo-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5Sql5-unixODBC-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5Sql5-unixODBC-debuginfo-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5Test-devel-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5Test-private-headers-devel-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5Test5-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5Test5-debuginfo-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5Widgets-devel-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5Widgets-private-headers-devel-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5Widgets5-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5Widgets5-debuginfo-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5Xml-devel-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5Xml5-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libQt5Xml5-debuginfo-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libqt5-qtbase-common-devel-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libqt5-qtbase-common-devel-debuginfo-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libqt5-qtbase-debugsource-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libqt5-qtbase-devel-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libqt5-qtbase-examples-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libqt5-qtbase-examples-debuginfo-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libqt5-qtbase-platformtheme-gtk3-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libqt5-qtbase-platformtheme-gtk3-debuginfo-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libqt5-qtbase-private-headers-devel-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libQt5Bootstrap-devel-static-32bit-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libQt5Concurrent-devel-32bit-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libQt5Concurrent5-32bit-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libQt5Concurrent5-32bit-debuginfo-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libQt5Core-devel-32bit-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libQt5Core5-32bit-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libQt5Core5-32bit-debuginfo-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libQt5DBus-devel-32bit-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libQt5DBus-devel-32bit-debuginfo-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libQt5DBus5-32bit-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libQt5DBus5-32bit-debuginfo-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libQt5Gui-devel-32bit-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libQt5Gui5-32bit-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libQt5Gui5-32bit-debuginfo-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libQt5Network-devel-32bit-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libQt5Network5-32bit-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libQt5Network5-32bit-debuginfo-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libQt5OpenGL-devel-32bit-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libQt5OpenGL5-32bit-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libQt5OpenGL5-32bit-debuginfo-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libQt5OpenGLExtensions-devel-static-32bit-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libQt5PlatformSupport-devel-static-32bit-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libQt5PrintSupport-devel-32bit-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libQt5PrintSupport5-32bit-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libQt5PrintSupport5-32bit-debuginfo-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libQt5Sql-devel-32bit-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libQt5Sql5-32bit-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libQt5Sql5-32bit-debuginfo-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libQt5Sql5-mysql-32bit-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libQt5Sql5-mysql-32bit-debuginfo-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libQt5Sql5-postgresql-32bit-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libQt5Sql5-postgresql-32bit-debuginfo-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libQt5Sql5-sqlite-32bit-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libQt5Sql5-sqlite-32bit-debuginfo-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libQt5Sql5-unixODBC-32bit-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libQt5Sql5-unixODBC-32bit-debuginfo-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libQt5Test-devel-32bit-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libQt5Test5-32bit-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libQt5Test5-32bit-debuginfo-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libQt5Widgets-devel-32bit-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libQt5Widgets5-32bit-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libQt5Widgets5-32bit-debuginfo-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libQt5Xml-devel-32bit-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libQt5Xml5-32bit-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libQt5Xml5-32bit-debuginfo-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libqt5-qtbase-examples-32bit-5.9.4-lp150.5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libqt5-qtbase-examples-32bit-debuginfo-5.9.4-lp150.5.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libQt5Bootstrap-devel-static-32bit / libQt5Bootstrap-devel-static / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:54:34", "description": "This update for libqt5-qtbase fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-15518: Fixed double free in QXmlStreamReader (bsc#1118595)\n\nCVE-2018-19873: Fixed Denial of Service on malformed BMP file in QBmpHandler (bsc#1118596)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-12-19T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : libqt5-qtbase (SUSE-SU-2018:4183-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15518", "CVE-2018-19873"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libQt5Concurrent5", "p-cpe:/a:novell:suse_linux:libQt5Concurrent5-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5Core5", "p-cpe:/a:novell:suse_linux:libQt5Core5-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5DBus5", "p-cpe:/a:novell:suse_linux:libQt5DBus5-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5Gui5", "p-cpe:/a:novell:suse_linux:libQt5Gui5-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5Network5", "p-cpe:/a:novell:suse_linux:libQt5Network5-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5OpenGL5", "p-cpe:/a:novell:suse_linux:libQt5OpenGL5-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5PrintSupport5", "p-cpe:/a:novell:suse_linux:libQt5PrintSupport5-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5Sql5", "p-cpe:/a:novell:suse_linux:libQt5Sql5-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5Sql5-mysql", "p-cpe:/a:novell:suse_linux:libQt5Sql5-mysql-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5Sql5-postgresql", "p-cpe:/a:novell:suse_linux:libQt5Sql5-postgresql-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5Sql5-sqlite", "p-cpe:/a:novell:suse_linux:libQt5Sql5-sqlite-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5Sql5-unixODBC", "p-cpe:/a:novell:suse_linux:libQt5Sql5-unixODBC-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5Test5", "p-cpe:/a:novell:suse_linux:libQt5Test5-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5Widgets5", "p-cpe:/a:novell:suse_linux:libQt5Widgets5-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5Xml5", "p-cpe:/a:novell:suse_linux:libQt5Xml5-debuginfo", "p-cpe:/a:novell:suse_linux:libqt5-qtbase-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-4183-1.NASL", "href": "https://www.tenable.com/plugins/nessus/119762", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:4183-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119762);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-15518\", \"CVE-2018-19873\");\n\n script_name(english:\"SUSE SLES12 Security Update : libqt5-qtbase (SUSE-SU-2018:4183-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for libqt5-qtbase fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-15518: Fixed double free in QXmlStreamReader (bsc#1118595)\n\nCVE-2018-19873: Fixed Denial of Service on malformed BMP file in\nQBmpHandler (bsc#1118596)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118595\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118596\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-15518/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19873/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20184183-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fc6e7c31\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2018-2981=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2018-2981=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-2981=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2018-2981=1\n\nSUSE Enterprise Storage 4:zypper in -t patch\nSUSE-Storage-4-2018-2981=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Concurrent5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Concurrent5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Core5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Core5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5DBus5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5DBus5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Gui5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Gui5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Network5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Network5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5OpenGL5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5OpenGL5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5PrintSupport5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5PrintSupport5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Sql5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Sql5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Sql5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Sql5-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Sql5-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Sql5-postgresql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Sql5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Sql5-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Sql5-unixODBC\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Sql5-unixODBC-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Test5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Test5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Widgets5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Widgets5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Xml5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Xml5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt5-qtbase-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libQt5Concurrent5-5.6.1-17.6.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libQt5Concurrent5-debuginfo-5.6.1-17.6.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libQt5Core5-5.6.1-17.6.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libQt5Core5-debuginfo-5.6.1-17.6.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libQt5DBus5-5.6.1-17.6.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libQt5DBus5-debuginfo-5.6.1-17.6.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libQt5Gui5-5.6.1-17.6.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libQt5Gui5-debuginfo-5.6.1-17.6.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libQt5Network5-5.6.1-17.6.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libQt5Network5-debuginfo-5.6.1-17.6.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libQt5OpenGL5-5.6.1-17.6.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libQt5OpenGL5-debuginfo-5.6.1-17.6.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libQt5PrintSupport5-5.6.1-17.6.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libQt5PrintSupport5-debuginfo-5.6.1-17.6.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libQt5Sql5-5.6.1-17.6.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libQt5Sql5-debuginfo-5.6.1-17.6.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libQt5Sql5-mysql-5.6.1-17.6.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libQt5Sql5-mysql-debuginfo-5.6.1-17.6.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libQt5Sql5-postgresql-5.6.1-17.6.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libQt5Sql5-postgresql-debuginfo-5.6.1-17.6.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libQt5Sql5-sqlite-5.6.1-17.6.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libQt5Sql5-sqlite-debuginfo-5.6.1-17.6.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libQt5Sql5-unixODBC-5.6.1-17.6.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libQt5Sql5-unixODBC-debuginfo-5.6.1-17.6.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libQt5Test5-5.6.1-17.6.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libQt5Test5-debuginfo-5.6.1-17.6.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libQt5Widgets5-5.6.1-17.6.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libQt5Widgets5-debuginfo-5.6.1-17.6.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libQt5Xml5-5.6.1-17.6.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libQt5Xml5-debuginfo-5.6.1-17.6.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libqt5-qtbase-debugsource-5.6.1-17.6.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libqt5-qtbase\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:54:33", "description": "This update for libqt5-qtbase fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-15518: Fixed double free in QXmlStreamReader (bsc#1118595)\n\nCVE-2018-19873: Fixed Denial of Service on malformed BMP file in QBmpHandler (bsc#1118596)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-12-21T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : libqt5-qtbase (SUSE-SU-2018:4210-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15518", "CVE-2018-19873"], "modified": "2020-03-27T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libQt5Core5", "p-cpe:/a:novell:suse_linux:libQt5Core5-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5DBus5", "p-cpe:/a:novell:suse_linux:libQt5DBus5-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5Gui5", "p-cpe:/a:novell:suse_linux:libQt5Gui5-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5Network5", "p-cpe:/a:novell:suse_linux:libQt5Network5-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5Widgets5", "p-cpe:/a:novell:suse_linux:libQt5Widgets5-debuginfo", "p-cpe:/a:novell:suse_linux:libqt5-qtbase-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-4210-1.NASL", "href": "https://www.tenable.com/plugins/nessus/119825", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:4210-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119825);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/27\");\n\n script_cve_id(\"CVE-2018-15518\", \"CVE-2018-19873\");\n\n script_name(english:\"SUSE SLES12 Security Update : libqt5-qtbase (SUSE-SU-2018:4210-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libqt5-qtbase fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-15518: Fixed double free in QXmlStreamReader (bsc#1118595)\n\nCVE-2018-19873: Fixed Denial of Service on malformed BMP file in\nQBmpHandler (bsc#1118596)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118595\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118596\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-15518/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19873/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20184210-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d03463ea\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2018-3013=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Core5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Core5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5DBus5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5DBus5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Gui5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Gui5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Network5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Network5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Widgets5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Widgets5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt5-qtbase-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libQt5Core5-5.5.1-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libQt5Core5-debuginfo-5.5.1-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libQt5DBus5-5.5.1-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libQt5DBus5-debuginfo-5.5.1-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libQt5Gui5-5.5.1-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libQt5Gui5-debuginfo-5.5.1-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libQt5Network5-5.5.1-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libQt5Network5-debuginfo-5.5.1-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libQt5Widgets5-5.5.1-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libQt5Widgets5-debuginfo-5.5.1-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libqt5-qtbase-debugsource-5.5.1-8.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libqt5-qtbase\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:54:23", "description": "This update for libqt5-qtbase fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-15518: Fixed double free in QXmlStreamReader (bsc#1118595)\n\n - CVE-2018-19873: Fixed Denial of Service on malformed BMP file in QBmpHandler (bsc#1118596)\n\nThis update was imported from the SUSE:SLE-12-SP3:Update update project.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-12-24T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libqt5-qtbase (openSUSE-2018-1592)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15518", "CVE-2018-19873"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libQt5Bootstrap-devel-static", "p-cpe:/a:novell:opensuse:libQt5Bootstrap-devel-static-32bit", "p-cpe:/a:novell:opensuse:libQt5Concurrent-devel", "p-cpe:/a:novell:opensuse:libQt5Concurrent-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5Concurrent5", "p-cpe:/a:novell:opensuse:libQt5Concurrent5-32bit", "p-cpe:/a:novell:opensuse:libQt5Concurrent5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Concurrent5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Core-devel", "p-cpe:/a:novell:opensuse:libQt5Core-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5Core-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5Core5", "p-cpe:/a:novell:opensuse:libQt5Core5-32bit", "p-cpe:/a:novell:opensuse:libQt5Core5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Core5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5DBus-devel", "p-cpe:/a:novell:opensuse:libQt5DBus-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5DBus-devel-debuginfo", "p-cpe:/a:novell:opensuse:libQt5DBus-devel-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5DBus-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5DBus5", "p-cpe:/a:novell:opensuse:libQt5DBus5-32bit", "p-cpe:/a:novell:opensuse:libQt5DBus5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5DBus5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Gui-devel", "p-cpe:/a:novell:opensuse:libQt5Gui-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5Gui-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5Gui5", "p-cpe:/a:novell:opensuse:libQt5Gui5-32bit", "p-cpe:/a:novell:opensuse:libQt5Gui5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Gui5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Network-devel", "p-cpe:/a:novell:opensuse:libQt5Network-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5Network-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5Network5", "p-cpe:/a:novell:opensuse:libQt5Network5-32bit", "p-cpe:/a:novell:opensuse:libQt5Network5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Network5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5OpenGL-devel", "p-cpe:/a:novell:opensuse:libQt5OpenGL-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5OpenGL-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5OpenGL5", "p-cpe:/a:novell:opensuse:libQt5OpenGL5-32bit", "p-cpe:/a:novell:opensuse:libQt5OpenGL5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5OpenGL5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5OpenGLExtensions-devel-static", "p-cpe:/a:novell:opensuse:libQt5OpenGLExtensions-devel-static-32bit", "p-cpe:/a:novell:opensuse:libQt5PlatformHeaders-devel", "p-cpe:/a:novell:opensuse:libQt5PlatformSupport-devel-static", "p-cpe:/a:novell:opensuse:libQt5PlatformSupport-devel-static-32bit", "p-cpe:/a:novell:opensuse:libQt5PlatformSupport-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5PrintSupport-devel", "p-cpe:/a:novell:opensuse:libQt5PrintSupport-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5PrintSupport-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5PrintSupport5", "p-cpe:/a:novell:opensuse:libQt5PrintSupport5-32bit", "p-cpe:/a:novell:opensuse:libQt5PrintSupport5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5PrintSupport5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Sql-devel", "p-cpe:/a:novell:opensuse:libQt5Sql-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5Sql-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5Sql5", "p-cpe:/a:novell:opensuse:libQt5Sql5-32bit", "p-cpe:/a:novell:opensuse:libQt5Sql5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Sql5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Sql5-mysql", "p-cpe:/a:novell:opensuse:libQt5Sql5-mysql-32bit", "p-cpe:/a:novell:opensuse:libQt5Sql5-mysql-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Sql5-mysql-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Sql5-postgresql", "p-cpe:/a:novell:opensuse:libQt5Sql5-postgresql-32bit", "p-cpe:/a:novell:opensuse:libQt5Sql5-postgresql-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Sql5-postgresql-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Sql5-sqlite", "p-cpe:/a:novell:opensuse:libQt5Sql5-sqlite-32bit", "p-cpe:/a:novell:opensuse:libQt5Sql5-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Sql5-sqlite-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Sql5-unixODBC", "p-cpe:/a:novell:opensuse:libQt5Sql5-unixODBC-32bit", "p-cpe:/a:novell:opensuse:libQt5Sql5-unixODBC-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Sql5-unixODBC-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Test-devel", "p-cpe:/a:novell:opensuse:libQt5Test-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5Test-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5Test5", "p-cpe:/a:novell:opensuse:libQt5Test5-32bit", "p-cpe:/a:novell:opensuse:libQt5Test5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Test5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Widgets-devel", "p-cpe:/a:novell:opensuse:libQt5Widgets-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5Widgets-private-headers-devel", "p-cpe:/a:novell:opensuse:libQt5Widgets5", "p-cpe:/a:novell:opensuse:libQt5Widgets5-32bit", "p-cpe:/a:novell:opensuse:libQt5Widgets5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Widgets5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Xml-devel", "p-cpe:/a:novell:opensuse:libQt5Xml-devel-32bit", "p-cpe:/a:novell:opensuse:libQt5Xml5", "p-cpe:/a:novell:opensuse:libQt5Xml5-32bit", "p-cpe:/a:novell:opensuse:libQt5Xml5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Xml5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtbase-common-devel", "p-cpe:/a:novell:opensuse:libqt5-qtbase-common-devel-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtbase-debugsource", "p-cpe:/a:novell:opensuse:libqt5-qtbase-devel", "p-cpe:/a:novell:opensuse:libqt5-qtbase-examples", "p-cpe:/a:novell:opensuse:libqt5-qtbase-examples-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtbase-examples-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtbase-examples-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtbase-private-headers-devel", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-1592.NASL", "href": "https://www.tenable.com/plugins/nessus/119860", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1592.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119860);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-15518\", \"CVE-2018-19873\");\n\n script_name(english:\"openSUSE Security Update : libqt5-qtbase (openSUSE-2018-1592)\");\n script_summary(english:\"Check for the openSUSE-2018-1592 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libqt5-qtbase fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-15518: Fixed double free in QXmlStreamReader\n (bsc#1118595)\n\n - CVE-2018-19873: Fixed Denial of Service on malformed BMP\n file in QBmpHandler (bsc#1118596)\n\nThis update was imported from the SUSE:SLE-12-SP3:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118595\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118596\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libqt5-qtbase packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Bootstrap-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Bootstrap-devel-static-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Concurrent-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Concurrent-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Concurrent5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Concurrent5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Concurrent5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Concurrent5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Core-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Core-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Core-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Core5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Core5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Core5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Core5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5DBus-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5DBus-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5DBus-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5DBus-devel-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5DBus-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5DBus5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5DBus5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5DBus5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5DBus5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Gui-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Gui-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Gui-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Gui5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Gui5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Gui5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Gui5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Network-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Network-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Network-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Network5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Network5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Network5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Network5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5OpenGL-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5OpenGL-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5OpenGL-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5OpenGL5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5OpenGL5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5OpenGL5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5OpenGL5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5OpenGLExtensions-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5OpenGLExtensions-devel-static-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5PlatformHeaders-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5PlatformSupport-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5PlatformSupport-devel-static-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5PlatformSupport-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5PrintSupport-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5PrintSupport-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5PrintSupport-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5PrintSupport5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5PrintSupport5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5PrintSupport5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5PrintSupport5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-mysql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-mysql-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-postgresql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-postgresql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-postgresql-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-sqlite-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-sqlite-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-unixODBC\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-unixODBC-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-unixODBC-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-unixODBC-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Test-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Test-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Test-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Test5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Test5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Test5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Test5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Widgets-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Widgets-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Widgets-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Widgets5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Widgets5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Widgets5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Widgets5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Xml-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Xml-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Xml5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Xml5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Xml5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Xml5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-common-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-common-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-examples-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-examples-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-examples-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5Bootstrap-devel-static-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5Concurrent-devel-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5Concurrent5-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5Concurrent5-debuginfo-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5Core-devel-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5Core-private-headers-devel-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5Core5-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5Core5-debuginfo-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5DBus-devel-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5DBus-devel-debuginfo-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5DBus-private-headers-devel-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5DBus5-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5DBus5-debuginfo-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5Gui-devel-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5Gui-private-headers-devel-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5Gui5-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5Gui5-debuginfo-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5Network-devel-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5Network-private-headers-devel-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5Network5-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5Network5-debuginfo-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5OpenGL-devel-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5OpenGL-private-headers-devel-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5OpenGL5-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5OpenGL5-debuginfo-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5OpenGLExtensions-devel-static-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5PlatformHeaders-devel-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5PlatformSupport-devel-static-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5PlatformSupport-private-headers-devel-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5PrintSupport-devel-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5PrintSupport-private-headers-devel-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5PrintSupport5-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5PrintSupport5-debuginfo-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5Sql-devel-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5Sql-private-headers-devel-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5Sql5-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5Sql5-debuginfo-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5Sql5-mysql-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5Sql5-mysql-debuginfo-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5Sql5-postgresql-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5Sql5-postgresql-debuginfo-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5Sql5-sqlite-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5Sql5-sqlite-debuginfo-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5Sql5-unixODBC-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5Sql5-unixODBC-debuginfo-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5Test-devel-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5Test-private-headers-devel-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5Test5-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5Test5-debuginfo-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5Widgets-devel-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5Widgets-private-headers-devel-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5Widgets5-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5Widgets5-debuginfo-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5Xml-devel-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5Xml5-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libQt5Xml5-debuginfo-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libqt5-qtbase-common-devel-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libqt5-qtbase-common-devel-debuginfo-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libqt5-qtbase-debugsource-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libqt5-qtbase-devel-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libqt5-qtbase-examples-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libqt5-qtbase-examples-debuginfo-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libqt5-qtbase-private-headers-devel-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libQt5Bootstrap-devel-static-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libQt5Concurrent-devel-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libQt5Concurrent5-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libQt5Concurrent5-debuginfo-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libQt5Core-devel-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libQt5Core5-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libQt5Core5-debuginfo-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libQt5DBus-devel-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libQt5DBus-devel-debuginfo-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libQt5DBus5-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libQt5DBus5-debuginfo-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libQt5Gui-devel-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libQt5Gui5-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libQt5Gui5-debuginfo-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libQt5Network-devel-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libQt5Network5-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libQt5Network5-debuginfo-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libQt5OpenGL-devel-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libQt5OpenGL5-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libQt5OpenGL5-debuginfo-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libQt5OpenGLExtensions-devel-static-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libQt5PlatformSupport-devel-static-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libQt5PrintSupport-devel-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libQt5PrintSupport5-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libQt5PrintSupport5-debuginfo-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libQt5Sql-devel-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libQt5Sql5-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libQt5Sql5-debuginfo-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libQt5Sql5-mysql-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libQt5Sql5-mysql-debuginfo-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libQt5Sql5-postgresql-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libQt5Sql5-postgresql-debuginfo-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libQt5Sql5-sqlite-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libQt5Sql5-sqlite-debuginfo-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libQt5Sql5-unixODBC-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libQt5Sql5-unixODBC-debuginfo-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libQt5Test-devel-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libQt5Test5-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libQt5Test5-debuginfo-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libQt5Widgets-devel-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libQt5Widgets5-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libQt5Widgets5-debuginfo-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libQt5Xml-devel-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libQt5Xml5-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libQt5Xml5-debuginfo-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libqt5-qtbase-examples-32bit-5.6.2-7.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libqt5-qtbase-examples-debuginfo-32bit-5.6.2-7.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libQt5Bootstrap-devel-static-32bit / libQt5Bootstrap-devel-static / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:54:31", "description": "This update for libqt5-qtbase fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-15518: Fixed double free in QXmlStreamReader (bsc#1118595)\n\nCVE-2018-19873: Fixed Denial of Service on malformed BMP file in QBmpHandler (bsc#1118596)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-12-19T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : libqt5-qtbase (SUSE-SU-2018:4179-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15518", "CVE-2018-19873"], "modified": "2020-03-27T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libQt5Concurrent5", "p-cpe:/a:novell:suse_linux:libQt5Concurrent5-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5Core5", "p-cpe:/a:novell:suse_linux:libQt5Core5-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5DBus5", "p-cpe:/a:novell:suse_linux:libQt5DBus5-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5Gui5", "p-cpe:/a:novell:suse_linux:libQt5Gui5-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5Network5", "p-cpe:/a:novell:suse_linux:libQt5Network5-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5OpenGL5", "p-cpe:/a:novell:suse_linux:libQt5OpenGL5-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5PrintSupport5", "p-cpe:/a:novell:suse_linux:libQt5PrintSupport5-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5Sql5", "p-cpe:/a:novell:suse_linux:libQt5Sql5-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5Sql5-mysql", "p-cpe:/a:novell:suse_linux:libQt5Sql5-mysql-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5Sql5-postgresql", "p-cpe:/a:novell:suse_linux:libQt5Sql5-postgresql-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5Sql5-sqlite", "p-cpe:/a:novell:suse_linux:libQt5Sql5-sqlite-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5Sql5-unixODBC", "p-cpe:/a:novell:suse_linux:libQt5Sql5-unixODBC-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5Test5", "p-cpe:/a:novell:suse_linux:libQt5Test5-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5Widgets5", "p-cpe:/a:novell:suse_linux:libQt5Widgets5-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5Xml5", "p-cpe:/a:novell:suse_linux:libQt5Xml5-debuginfo", "p-cpe:/a:novell:suse_linux:libqt5-qtbase-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-4179-1.NASL", "href": "https://www.tenable.com/plugins/nessus/119760", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:4179-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119760);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/27\");\n\n script_cve_id(\"CVE-2018-15518\", \"CVE-2018-19873\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : libqt5-qtbase (SUSE-SU-2018:4179-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libqt5-qtbase fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-15518: Fixed double free in QXmlStreamReader (bsc#1118595)\n\nCVE-2018-19873: Fixed Denial of Service on malformed BMP file in\nQBmpHandler (bsc#1118596)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118595\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118596\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-15518/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19873/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20184179-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9cd8b2d7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2018-2977=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-2977=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2018-2977=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-2977=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2018-2977=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-2977=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Concurrent5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Concurrent5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Core5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Core5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5DBus5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5DBus5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Gui5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Gui5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Network5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Network5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5OpenGL5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5OpenGL5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5PrintSupport5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5PrintSupport5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Sql5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Sql5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Sql5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Sql5-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Sql5-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Sql5-postgresql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Sql5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Sql5-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Sql5-unixODBC\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Sql5-unixODBC-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Test5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Test5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Widgets5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Widgets5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Xml5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Xml5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt5-qtbase-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3/4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libQt5Concurrent5-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libQt5Concurrent5-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libQt5Core5-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libQt5Core5-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libQt5DBus5-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libQt5DBus5-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libQt5Gui5-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libQt5Gui5-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libQt5Network5-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libQt5Network5-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libQt5OpenGL5-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libQt5OpenGL5-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libQt5PrintSupport5-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libQt5PrintSupport5-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libQt5Sql5-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libQt5Sql5-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libQt5Sql5-mysql-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libQt5Sql5-mysql-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libQt5Sql5-postgresql-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libQt5Sql5-postgresql-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libQt5Sql5-sqlite-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libQt5Sql5-sqlite-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libQt5Sql5-unixODBC-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libQt5Sql5-unixODBC-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libQt5Test5-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libQt5Test5-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libQt5Widgets5-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libQt5Widgets5-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libQt5Xml5-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libQt5Xml5-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libqt5-qtbase-debugsource-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libQt5Concurrent5-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libQt5Concurrent5-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libQt5Core5-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libQt5Core5-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libQt5DBus5-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libQt5DBus5-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libQt5Gui5-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libQt5Gui5-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libQt5Network5-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libQt5Network5-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libQt5OpenGL5-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libQt5OpenGL5-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libQt5PrintSupport5-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libQt5PrintSupport5-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libQt5Sql5-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libQt5Sql5-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libQt5Sql5-mysql-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libQt5Sql5-mysql-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libQt5Sql5-postgresql-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libQt5Sql5-postgresql-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libQt5Sql5-sqlite-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libQt5Sql5-sqlite-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libQt5Sql5-unixODBC-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libQt5Sql5-unixODBC-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libQt5Test5-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libQt5Test5-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libQt5Widgets5-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libQt5Widgets5-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libQt5Xml5-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libQt5Xml5-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libqt5-qtbase-debugsource-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libQt5Concurrent5-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libQt5Concurrent5-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libQt5Core5-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libQt5Core5-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libQt5DBus5-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libQt5DBus5-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libQt5Gui5-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libQt5Gui5-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libQt5Network5-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libQt5Network5-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libQt5OpenGL5-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libQt5OpenGL5-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libQt5PrintSupport5-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libQt5PrintSupport5-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libQt5Sql5-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libQt5Sql5-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libQt5Sql5-mysql-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libQt5Sql5-mysql-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libQt5Sql5-postgresql-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libQt5Sql5-postgresql-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libQt5Sql5-sqlite-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libQt5Sql5-sqlite-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libQt5Sql5-unixODBC-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libQt5Sql5-unixODBC-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libQt5Test5-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libQt5Test5-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libQt5Widgets5-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libQt5Widgets5-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libQt5Xml5-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libQt5Xml5-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libqt5-qtbase-debugsource-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libQt5Concurrent5-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libQt5Concurrent5-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libQt5Core5-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libQt5Core5-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libQt5DBus5-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libQt5DBus5-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libQt5Gui5-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libQt5Gui5-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libQt5Network5-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libQt5Network5-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libQt5OpenGL5-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libQt5OpenGL5-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libQt5PrintSupport5-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libQt5PrintSupport5-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libQt5Sql5-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libQt5Sql5-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libQt5Sql5-mysql-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libQt5Sql5-mysql-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libQt5Sql5-postgresql-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libQt5Sql5-postgresql-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libQt5Sql5-sqlite-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libQt5Sql5-sqlite-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libQt5Sql5-unixODBC-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libQt5Sql5-unixODBC-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libQt5Test5-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libQt5Test5-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libQt5Widgets5-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libQt5Widgets5-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libQt5Xml5-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libQt5Xml5-debuginfo-5.6.2-6.15.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libqt5-qtbase-debugsource-5.6.2-6.15.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libqt5-qtbase\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:49:17", "description": "This update for libqt5-qtbase provides the following fixes :\n\nSecurity issues fixed :\n\nCVE-2018-15518: Fixed double free in QXmlStreamReader (bsc#1118595)\n\nCVE-2018-19873: Fixed Denial of Service on malformed BMP file in QBmpHandler (bsc#1118596)\n\nNon-security issues fixed: Fix dynamic loading of libGL. (bsc#1099874)\n\nMake sure printer settings are properly remembered. (bsc#1096328)\n\nAdd patch to fix fails to load pixmap cursors on XRender less system (bsc#1108889)\n\nFix krita pop-up palette not working properly (bsc#1120639)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-20T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : libqt5-qtbase (SUSE-SU-2019:0447-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15518", "CVE-2018-19873"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libQt5Bootstrap-devel-static", "p-cpe:/a:novell:suse_linux:libQt5Concurrent-devel", "p-cpe:/a:novell:suse_linux:libQt5Concurrent5", "p-cpe:/a:novell:suse_linux:libQt5Concurrent5-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5Core-devel", "p-cpe:/a:novell:suse_linux:libQt5Core5", "p-cpe:/a:novell:suse_linux:libQt5Core5-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5DBus-devel", "p-cpe:/a:novell:suse_linux:libQt5DBus-devel-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5DBus5", "p-cpe:/a:novell:suse_linux:libQt5DBus5-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5Gui-devel", "p-cpe:/a:novell:suse_linux:libQt5Gui5", "p-cpe:/a:novell:suse_linux:libQt5Gui5-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5KmsSupport-devel-static", "p-cpe:/a:novell:suse_linux:libQt5Network-devel", "p-cpe:/a:novell:suse_linux:libQt5Network5", "p-cpe:/a:novell:suse_linux:libQt5Network5-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5OpenGL-devel", "p-cpe:/a:novell:suse_linux:libQt5OpenGL5", "p-cpe:/a:novell:suse_linux:libQt5OpenGL5-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5OpenGLExtensions-devel-static", "p-cpe:/a:novell:suse_linux:libQt5PlatformHeaders-devel", "p-cpe:/a:novell:suse_linux:libQt5PlatformSupport-devel-static", "p-cpe:/a:novell:suse_linux:libQt5PrintSupport-devel", "p-cpe:/a:novell:suse_linux:libQt5PrintSupport5", "p-cpe:/a:novell:suse_linux:libQt5PrintSupport5-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5Sql-devel", "p-cpe:/a:novell:suse_linux:libQt5Sql5", "p-cpe:/a:novell:suse_linux:libQt5Sql5-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5Sql5-mysql", "p-cpe:/a:novell:suse_linux:libQt5Sql5-mysql-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5Sql5-postgresql", "p-cpe:/a:novell:suse_linux:libQt5Sql5-postgresql-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5Sql5-sqlite", "p-cpe:/a:novell:suse_linux:libQt5Sql5-sqlite-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5Sql5-unixODBC", "p-cpe:/a:novell:suse_linux:libQt5Sql5-unixODBC-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5Test-devel", "p-cpe:/a:novell:suse_linux:libQt5Test5", "p-cpe:/a:novell:suse_linux:libQt5Test5-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5Widgets-devel", "p-cpe:/a:novell:suse_linux:libQt5Widgets5", "p-cpe:/a:novell:suse_linux:libQt5Widgets5-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5Xml-devel", "p-cpe:/a:novell:suse_linux:libQt5Xml5", "p-cpe:/a:novell:suse_linux:libQt5Xml5-debuginfo", "p-cpe:/a:novell:suse_linux:libqt5-qtbase-common-devel", "p-cpe:/a:novell:suse_linux:libqt5-qtbase-common-devel-debuginfo", "p-cpe:/a:novell:suse_linux:libqt5-qtbase-debugsource", "p-cpe:/a:novell:suse_linux:libqt5-qtbase-devel", "p-cpe:/a:novell:suse_linux:libqt5-qtbase-examples", "p-cpe:/a:novell:suse_linux:libqt5-qtbase-examples-debuginfo", "p-cpe:/a:novell:suse_linux:libqt5-qtbase-platformtheme-gtk3", "p-cpe:/a:novell:suse_linux:libqt5-qtbase-platformtheme-gtk3-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-0447-1.NASL", "href": "https://www.tenable.com/plugins/nessus/122344", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0447-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122344);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-15518\", \"CVE-2018-19873\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : libqt5-qtbase (SUSE-SU-2019:0447-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for libqt5-qtbase provides the following fixes :\n\nSecurity issues fixed :\n\nCVE-2018-15518: Fixed double free in QXmlStreamReader (bsc#1118595)\n\nCVE-2018-19873: Fixed Denial of Service on malformed BMP file in\nQBmpHandler (bsc#1118596)\n\nNon-security issues fixed: Fix dynamic loading of libGL. (bsc#1099874)\n\nMake sure printer settings are properly remembered. (bsc#1096328)\n\nAdd patch to fix fails to load pixmap cursors on XRender less system\n(bsc#1108889)\n\nFix krita pop-up palette not working properly (bsc#1120639)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1096328\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108889\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118595\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118596\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120639\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-15518/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19873/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190447-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?56633ed1\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2019-447=1\n\nSUSE Linux Enterprise Module for Desktop Applications 15:zypper in -t\npatch SUSE-SLE-Module-Desktop-Applications-15-2019-447=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2019-447=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Bootstrap-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Concurrent-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Concurrent5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Concurrent5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Core-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Core5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Core5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5DBus-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5DBus-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5DBus5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5DBus5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Gui-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Gui5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Gui5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5KmsSupport-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Network-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Network5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Network5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5OpenGL-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5OpenGL5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5OpenGL5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5OpenGLExtensions-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5PlatformHeaders-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5PlatformSupport-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5PrintSupport-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5PrintSupport5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5PrintSupport5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Sql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Sql5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Sql5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Sql5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Sql5-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Sql5-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Sql5-postgresql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Sql5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Sql5-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Sql5-unixODBC\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Sql5-unixODBC-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Test-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Test5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Test5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Widgets-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Widgets5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Widgets5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Xml-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Xml5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Xml5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt5-qtbase-common-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt5-qtbase-common-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt5-qtbase-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt5-qtbase-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt5-qtbase-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt5-qtbase-examples-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt5-qtbase-platformtheme-gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt5-qtbase-platformtheme-gtk3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5Bootstrap-devel-static-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5Concurrent-devel-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5Concurrent5-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5Concurrent5-debuginfo-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5Core-devel-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5Core5-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5Core5-debuginfo-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5DBus-devel-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5DBus-devel-debuginfo-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5DBus5-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5DBus5-debuginfo-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5Gui-devel-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5Gui5-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5Gui5-debuginfo-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5KmsSupport-devel-static-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5Network-devel-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5Network5-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5Network5-debuginfo-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5OpenGL-devel-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5OpenGL5-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5OpenGL5-debuginfo-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5OpenGLExtensions-devel-static-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5PlatformHeaders-devel-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5PlatformSupport-devel-static-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5PrintSupport-devel-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5PrintSupport5-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5PrintSupport5-debuginfo-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5Sql-devel-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5Sql5-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5Sql5-debuginfo-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5Sql5-mysql-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5Sql5-mysql-debuginfo-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5Sql5-postgresql-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5Sql5-postgresql-debuginfo-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5Sql5-sqlite-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5Sql5-sqlite-debuginfo-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5Sql5-unixODBC-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5Sql5-unixODBC-debuginfo-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5Test-devel-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5Test5-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5Test5-debuginfo-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5Widgets-devel-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5Widgets5-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5Widgets5-debuginfo-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5Xml-devel-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5Xml5-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libQt5Xml5-debuginfo-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libqt5-qtbase-common-devel-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libqt5-qtbase-common-devel-debuginfo-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libqt5-qtbase-debugsource-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libqt5-qtbase-devel-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libqt5-qtbase-examples-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libqt5-qtbase-examples-debuginfo-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libqt5-qtbase-platformtheme-gtk3-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libqt5-qtbase-platformtheme-gtk3-debuginfo-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5Bootstrap-devel-static-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5Concurrent-devel-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5Concurrent5-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5Concurrent5-debuginfo-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5Core-devel-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5Core5-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5Core5-debuginfo-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5DBus-devel-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5DBus-devel-debuginfo-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5DBus5-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5DBus5-debuginfo-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5Gui-devel-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5Gui5-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5Gui5-debuginfo-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5KmsSupport-devel-static-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5Network-devel-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5Network5-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5Network5-debuginfo-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5OpenGL-devel-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5OpenGL5-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5OpenGL5-debuginfo-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5OpenGLExtensions-devel-static-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5PlatformHeaders-devel-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5PlatformSupport-devel-static-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5PrintSupport-devel-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5PrintSupport5-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5PrintSupport5-debuginfo-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5Sql-devel-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5Sql5-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5Sql5-debuginfo-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5Sql5-mysql-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5Sql5-mysql-debuginfo-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5Sql5-postgresql-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5Sql5-postgresql-debuginfo-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5Sql5-sqlite-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5Sql5-sqlite-debuginfo-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5Sql5-unixODBC-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5Sql5-unixODBC-debuginfo-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5Test-devel-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5Test5-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5Test5-debuginfo-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5Widgets-devel-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5Widgets5-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5Widgets5-debuginfo-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5Xml-devel-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5Xml5-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libQt5Xml5-debuginfo-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libqt5-qtbase-common-devel-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libqt5-qtbase-common-devel-debuginfo-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libqt5-qtbase-debugsource-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libqt5-qtbase-devel-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libqt5-qtbase-examples-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libqt5-qtbase-examples-debuginfo-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libqt5-qtbase-platformtheme-gtk3-5.9.4-8.11.13\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libqt5-qtbase-platformtheme-gtk3-debuginfo-5.9.4-8.11.13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libqt5-qtbase\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-25T23:52:21", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2020:1665 advisory.\n\n - An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp. (CVE-2018-19869)\n\n - An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.\n (CVE-2018-19871)\n\n - An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp. (CVE-2018-19872)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : qt5 (ALSA-2020:1665)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-19869", "CVE-2018-19871", "CVE-2018-19872"], "modified": "2022-05-06T00:00:00", "cpe": ["p-cpe:/a:alma:linux:python3-qt5-devel", "p-cpe:/a:alma:linux:qt5-devel", "p-cpe:/a:alma:linux:qt5-qtdeclarative-static", "p-cpe:/a:alma:linux:qt5-qtquickcontrols2-devel", "p-cpe:/a:alma:linux:qt5-qtwayland-devel", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2020-1665.NASL", "href": "https://www.tenable.com/plugins/nessus/157627", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2020:1665.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157627);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\"CVE-2018-19869\", \"CVE-2018-19871\", \"CVE-2018-19872\");\n script_xref(name:\"ALSA\", value:\"2020:1665\");\n\n script_name(english:\"AlmaLinux 8 : qt5 (ALSA-2020:1665)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2020:1665 advisory.\n\n - An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in\n qsvghandler.cpp. (CVE-2018-19869)\n\n - An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.\n (CVE-2018-19871)\n\n - An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in\n qppmhandler.cpp. (CVE-2018-19872)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2020-1665.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-19872\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-19871\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-qt5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtdeclarative-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtquickcontrols2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtwayland-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'python3-qt5-devel-5.13.1-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qt5-devel-5.13.1-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-devel-5.12.5-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdeclarative-static-5.12.5-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdeclarative-static-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols2-devel-5.12.5-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols2-devel-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwayland-devel-5.12.5-1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwayland-devel-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python3-qt5-devel / qt5-devel / qt5-qtdeclarative-static / etc');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-25T14:30:36", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:1665 advisory.\n\n - qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service (CVE-2018-19869)\n\n - qt5-qtimageformats: QTgaFile CPU exhaustion (CVE-2018-19871)\n\n - qt: Malformed PPM image causing division by zero and crash in qppmhandler.cpp (CVE-2018-19872)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-02-01T00:00:00", "type": "nessus", "title": "CentOS 8 : qt5 (CESA-2020:1665)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-19869", "CVE-2018-19871", "CVE-2018-19872"], "modified": "2022-05-10T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:python-qt5-rpm-macros", "p-cpe:/a:centos:centos:python3-pyqt5-sip", "p-cpe:/a:centos:centos:python3-qt5", "p-cpe:/a:centos:centos:python3-qt5-base", "p-cpe:/a:centos:centos:python3-qt5-devel", "p-cpe:/a:centos:centos:python3-sip-devel", "p-cpe:/a:centos:centos:qgnomeplatform", "p-cpe:/a:centos:centos:qt5-devel", "p-cpe:/a:centos:centos:qt5-qt3d", "p-cpe:/a:centos:centos:qt5-qt3d-devel", "p-cpe:/a:centos:centos:qt5-qt3d-examples", "p-cpe:/a:centos:centos:qt5-qtbase", "p-cpe:/a:centos:centos:qt5-qtbase-common", "p-cpe:/a:centos:centos:qt5-qtbase-devel", "p-cpe:/a:centos:centos:qt5-qtbase-examples", "p-cpe:/a:centos:centos:qt5-qtbase-gui", "p-cpe:/a:centos:centos:qt5-qtbase-mysql", "p-cpe:/a:centos:centos:qt5-qtbase-odbc", "p-cpe:/a:centos:centos:qt5-qtbase-postgresql", "p-cpe:/a:centos:centos:qt5-qtbase-private-devel", "p-cpe:/a:centos:centos:qt5-qtbase-static", "p-cpe:/a:centos:centos:qt5-qtcanvas3d", "p-cpe:/a:centos:centos:qt5-qtcanvas3d-examples", "p-cpe:/a:centos:centos:qt5-qtconnectivity", "p-cpe:/a:centos:centos:qt5-qtconnectivity-devel", "p-cpe:/a:centos:centos:qt5-qtconnectivity-examples", "p-cpe:/a:centos:centos:qt5-qtdeclarative", "p-cpe:/a:centos:centos:qt5-qtdeclarative-devel", "p-cpe:/a:centos:centos:qt5-qtdeclarative-examples", "p-cpe:/a:centos:centos:qt5-qtdeclarative-static", "p-cpe:/a:centos:centos:qt5-qtdoc", "p-cpe:/a:centos:centos:qt5-qtgraphicaleffects", "p-cpe:/a:centos:centos:qt5-qtimageformats", "p-cpe:/a:centos:centos:qt5-qtlocation", "p-cpe:/a:centos:centos:qt5-qtlocation-devel", "p-cpe:/a:centos:centos:qt5-qtlocation-examples", "p-cpe:/a:centos:centos:qt5-qtmultimedia", "p-cpe:/a:centos:centos:qt5-qtmultimedia-devel", "p-cpe:/a:centos:centos:qt5-qtmultimedia-examples", "p-cpe:/a:centos:centos:qt5-qtquickcontrols", "p-cpe:/a:centos:centos:qt5-qtquickcontrols-examples", "p-cpe:/a:centos:centos:qt5-qtquickcontrols2", "p-cpe:/a:centos:centos:qt5-qtquickcontrols2-devel", "p-cpe:/a:centos:centos:qt5-qtquickcontrols2-examples", "p-cpe:/a:centos:centos:qt5-qtscript", "p-cpe:/a:centos:centos:qt5-qtscript-devel", "p-cpe:/a:centos:centos:qt5-qtscript-examples", "p-cpe:/a:centos:centos:qt5-qtsensors", "p-cpe:/a:centos:centos:qt5-qtsensors-devel", "p-cpe:/a:centos:centos:qt5-qtsensors-examples", "p-cpe:/a:centos:centos:qt5-qtserialbus", "p-cpe:/a:centos:centos:qt5-qtserialbus-examples", "p-cpe:/a:centos:centos:qt5-qtserialport", "p-cpe:/a:centos:centos:qt5-qtserialport-devel", "p-cpe:/a:centos:centos:qt5-qtserialport-examples", "p-cpe:/a:centos:centos:qt5-qtsvg", "p-cpe:/a:centos:centos:qt5-qtsvg-devel", "p-cpe:/a:centos:centos:qt5-qtsvg-examples", "p-cpe:/a:centos:centos:qt5-qttranslations", "p-cpe:/a:centos:centos:qt5-qtwayland", "p-cpe:/a:centos:centos:qt5-qtwayland-devel", "p-cpe:/a:centos:centos:qt5-qtwayland-examples", "p-cpe:/a:centos:centos:qt5-qtwebchannel", "p-cpe:/a:centos:centos:qt5-qtwebchannel-devel", "p-cpe:/a:centos:centos:qt5-qtwebchannel-examples", "p-cpe:/a:centos:centos:qt5-qtwebsockets", "p-cpe:/a:centos:centos:qt5-qtwebsockets-devel", "p-cpe:/a:centos:centos:qt5-qtwebsockets-examples", "p-cpe:/a:centos:centos:qt5-qtx11extras", "p-cpe:/a:centos:centos:qt5-qtx11extras-devel", "p-cpe:/a:centos:centos:qt5-qtxmlpatterns", "p-cpe:/a:centos:centos:qt5-qtxmlpatterns-devel", "p-cpe:/a:centos:centos:qt5-qtxmlpatterns-examples", "p-cpe:/a:centos:centos:qt5-rpm-macros", "p-cpe:/a:centos:centos:qt5-srpm-macros", "p-cpe:/a:centos:centos:sip"], "id": "CENTOS8_RHSA-2020-1665.NASL", "href": "https://www.tenable.com/plugins/nessus/145955", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2020:1665. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145955);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\"CVE-2018-19869\", \"CVE-2018-19871\", \"CVE-2018-19872\");\n script_bugtraq_id(106338);\n script_xref(name:\"RHSA\", value:\"2020:1665\");\n\n script_name(english:\"CentOS 8 : qt5 (CESA-2020:1665)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2020:1665 advisory.\n\n - qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service (CVE-2018-19869)\n\n - qt5-qtimageformats: QTgaFile CPU exhaustion (CVE-2018-19871)\n\n - qt: Malformed PPM image causing division by zero and crash in qppmhandler.cpp (CVE-2018-19872)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1665\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-19872\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-19871\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-qt5-rpm-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-pyqt5-sip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-qt5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-qt5-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-qt5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-sip-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qgnomeplatform\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qt3d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qt3d-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qt3d-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtbase-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtbase-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtbase-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtbase-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtbase-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtbase-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtbase-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtbase-private-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtbase-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtcanvas3d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtcanvas3d-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtconnectivity\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtconnectivity-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtconnectivity-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtdeclarative\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtdeclarative-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtdeclarative-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtdeclarative-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtgraphicaleffects\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtimageformats\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtlocation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtlocation-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtlocation-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtmultimedia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtmultimedia-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtmultimedia-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtquickcontrols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtquickcontrols-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtquickcontrols2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtquickcontrols2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtquickcontrols2-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtscript\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtscript-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtscript-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtsensors\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtsensors-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtsensors-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtserialbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtserialbus-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtserialport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtserialport-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtserialport-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtsvg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtsvg-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtsvg-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qttranslations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtwayland\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtwayland-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtwayland-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtwebchannel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtwebchannel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtwebchannel-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtwebsockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtwebsockets-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtwebsockets-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtx11extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtx11extras-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtxmlpatterns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtxmlpatterns-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtxmlpatterns-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-rpm-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-srpm-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:sip\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'python-qt5-rpm-macros-5.13.1-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-qt5-rpm-macros-5.13.1-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-pyqt5-sip-4.19.19-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-pyqt5-sip-4.19.19-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qt5-5.13.1-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qt5-5.13.1-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qt5-base-5.13.1-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qt5-base-5.13.1-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qt5-devel-5.13.1-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qt5-devel-5.13.1-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-sip-devel-4.19.19-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-sip-devel-4.19.19-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qgnomeplatform-0.4-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qgnomeplatform-0.4-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-devel-5.12.5-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-devel-5.12.5-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qt3d-5.12.5-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qt3d-5.12.5-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qt3d-devel-5.12.5-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qt3d-devel-5.12.5-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qt3d-examples-5.12.5-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qt3d-examples-5.12.5-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-5.12.5-4.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-5.12.5-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-common-5.12.5-4.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-common-5.12.5-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-devel-5.12.5-4.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-devel-5.12.5-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-examples-5.12.5-4.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-examples-5.12.5-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-gui-5.12.5-4.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-gui-5.12.5-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-mysql-5.12.5-4.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-mysql-5.12.5-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-odbc-5.12.5-4.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-odbc-5.12.5-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-postgresql-5.12.5-4.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-postgresql-5.12.5-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-private-devel-5.12.5-4.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-private-devel-5.12.5-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-static-5.12.5-4.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-static-5.12.5-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtcanvas3d-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtcanvas3d-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtcanvas3d-examples-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtcanvas3d-examples-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtconnectivity-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtconnectivity-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtconnectivity-devel-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtconnectivity-devel-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtconnectivity-examples-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtconnectivity-examples-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdeclarative-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdeclarative-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdeclarative-devel-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdeclarative-devel-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdeclarative-examples-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdeclarative-examples-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdeclarative-static-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdeclarative-static-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdoc-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdoc-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtgraphicaleffects-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtgraphicaleffects-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtimageformats-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtimageformats-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtlocation-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtlocation-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtlocation-devel-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtlocation-devel-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtlocation-examples-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtlocation-examples-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtmultimedia-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtmultimedia-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtmultimedia-devel-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtmultimedia-devel-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtmultimedia-examples-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtmultimedia-examples-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols-examples-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols-examples-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols2-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols2-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols2-devel-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols2-devel-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols2-examples-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols2-examples-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtscript-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtscript-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtscript-devel-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtscript-devel-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtscript-examples-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtscript-examples-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsensors-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsensors-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsensors-devel-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsensors-devel-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsensors-examples-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsensors-examples-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialbus-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialbus-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialbus-examples-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialbus-examples-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialport-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialport-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialport-devel-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialport-devel-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialport-examples-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialport-examples-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsvg-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsvg-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsvg-devel-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsvg-devel-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsvg-examples-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsvg-examples-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttranslations-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttranslations-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwayland-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwayland-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwayland-devel-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwayland-devel-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwayland-examples-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwayland-examples-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebchannel-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebchannel-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebchannel-devel-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebchannel-devel-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebchannel-examples-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebchannel-examples-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebsockets-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebsockets-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebsockets-devel-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebsockets-devel-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebsockets-examples-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebsockets-examples-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtx11extras-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtx11extras-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtx11extras-devel-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtx11extras-devel-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtxmlpatterns-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtxmlpatterns-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtxmlpatterns-devel-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtxmlpatterns-devel-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtxmlpatterns-examples-5.12.5-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtxmlpatterns-examples-5.12.5-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-rpm-macros-5.12.5-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-rpm-macros-5.12.5-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-srpm-macros-5.12.5-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-srpm-macros-5.12.5-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sip-4.19.19-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sip-4.19.19-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python-qt5-rpm-macros / python3-pyqt5-sip / python3-qt5 / etc');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-26T14:36:40", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1665 advisory.\n\n - qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service (CVE-2018-19869)\n\n - qt5-qtimageformats: QTgaFile CPU exhaustion (CVE-2018-19871)\n\n - qt: Malformed PPM image causing division by zero and crash in qppmhandler.cpp (CVE-2018-19872)\n\n - qt5-qtbase: Out-of-bounds access in generateDirectionalRuns() function in qtextengine.cpp (CVE-2019-18281)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-04-29T00:00:00", "type": "nessus", "title": "RHEL 8 : qt5 (RHSA-2020:1665)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-19869", "CVE-2018-19871", "CVE-2018-19872", "CVE-2019-18281"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_aus:8.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_e4s:8.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_eus:8.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_tus:8.2:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-assistant:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-designer:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-doctools:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-linguist:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qdbusviewer:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtbase:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtbase-common:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtbase-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtbase-examples:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtbase-gui:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtbase-mysql:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtbase-odbc:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtbase-postgresql:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtbase-static:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qttools:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qttools-common:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qttools-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qttools-examples:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qttools-libs-designer:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qttools-libs-designercomponents:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qttools-libs-help:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qttools-static:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:python-qt5-rpm-macros:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:python3-pyqt5-sip:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:python3-qt5:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:python3-qt5-base:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:python3-qt5-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:python3-sip-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qgnomeplatform:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qt3d:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qt3d-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qt3d-examples:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtbase-private-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtcanvas3d:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtcanvas3d-examples:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtconnectivity:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtconnectivity-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtconnectivity-examples:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtdeclarative:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtdeclarative-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtdeclarative-examples:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtdeclarative-static:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtdoc:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtgraphicaleffects:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtimageformats:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtlocation:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtlocation-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtlocation-examples:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtmultimedia:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtmultimedia-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtmultimedia-examples:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtquickcontrols:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtquickcontrols-examples:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtquickcontrols2:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtquickcontrols2-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtquickcontrols2-examples:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtscript:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtscript-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtscript-examples:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtsensors:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtsensors-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtsensors-examples:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtserialbus:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtserialbus-examples:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtserialport:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtserialport-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtserialport-examples:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtsvg:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtsvg-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtsvg-examples:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qttranslations:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtwayland:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtwayland-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtwayland-examples:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtwebchannel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtwebchannel-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtwebchannel-examples:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtwebsockets:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtwebsockets-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtwebsockets-examples:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtx11extras:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtx11extras-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtxmlpatterns:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtxmlpatterns-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-qtxmlpatterns-examples:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-rpm-macros:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:qt5-srpm-macros:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:sip:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_eus:8.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_aus:8.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_e4s:8.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_tus:8.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_aus:8.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_e4s:8.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_eus:8.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_tus:8.6:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2020-1665.NASL", "href": "https://www.tenable.com/plugins/nessus/136117", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1665. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136117);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2018-19869\", \"CVE-2018-19871\", \"CVE-2018-19872\");\n script_bugtraq_id(106338);\n script_xref(name:\"RHSA\", value:\"2020:1665\");\n\n script_name(english:\"RHEL 8 : qt5 (RHSA-2020:1665)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:1665 advisory.\n\n - qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service (CVE-2018-19869)\n\n - qt5-qtimageformats: QTgaFile CPU exhaustion (CVE-2018-19871)\n\n - qt: Malformed PPM image causing division by zero and crash in qppmhandler.cpp (CVE-2018-19872)\n\n - qt5-qtbase: Out-of-bounds access in generateDirectionalRuns() function in qtextengine.cpp (CVE-2019-18281)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-19869\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-19871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-19872\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-18281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1661460\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1661465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1691636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764742\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-19872\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-19871\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 119, 369, 400);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-qt5-rpm-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-pyqt5-sip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-qt5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-qt5-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-qt5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-sip-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qgnomeplatform\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-assistant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-designer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-doctools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-linguist\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qdbusviewer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qt3d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qt3d-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qt3d-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-private-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtcanvas3d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtcanvas3d-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtconnectivity\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtconnectivity-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtconnectivity-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtdeclarative\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtdeclarative-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtdeclarative-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtdeclarative-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtgraphicaleffects\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtimageformats\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtlocation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtlocation-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtlocation-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtmultimedia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtmultimedia-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtmultimedia-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtquickcontrols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtquickcontrols-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtquickcontrols2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtquickcontrols2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtquickcontrols2-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtscript\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtscript-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtscript-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtsensors\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtsensors-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtsensors-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtserialbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtserialbus-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtserialport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtserialport-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtserialport-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtsvg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtsvg-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtsvg-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qttools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qttools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qttools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qttools-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qttools-libs-designer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qttools-libs-designercomponents\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qttools-libs-help\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qttools-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qttranslations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtwayland\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtwayland-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtwayland-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtwebchannel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtwebchannel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtwebchannel-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtwebsockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtwebsockets-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtwebsockets-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtx11extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtx11extras-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtxmlpatterns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtxmlpatterns-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtxmlpatterns-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-rpm-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-srpm-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sip\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/appstream/debug',\n 'content/eus/rhel8/8.2/aarch64/appstream/os',\n 'content/eus/rhel8/8.2/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/baseos/debug',\n 'content/eus/rhel8/8.2/aarch64/baseos/os',\n 'content/eus/rhel8/8.2/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.2/aarch64/highavailability/os',\n 'content/eus/rhel8/8.2/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.2/aarch64/supplementary/os',\n 'content/eus/rhel8/8.2/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'python-qt5-rpm-macros-5.13.1-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-pyqt5-sip-4.19.19-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qt5-5.13.1-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qt5-base-5.13.1-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qt5-devel-5.13.1-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-sip-devel-4.19.19-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qgnomeplatform-0.4-3.el8', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qgnomeplatform-0.4-3.el8', 'sp':'2', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qgnomeplatform-0.4-3.el8', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-assistant-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-designer-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-devel-5.12.5-3.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-doctools-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-linguist-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qdbusviewer-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qt3d-5.12.5-2.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qt3d-devel-5.12.5-2.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qt3d-examples-5.12.5-2.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-5.12.5-4.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-common-5.12.5-4.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-devel-5.12.5-4.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-examples-5.12.5-4.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-gui-5.12.5-4.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-mysql-5.12.5-4.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-odbc-5.12.5-4.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-postgresql-5.12.5-4.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-private-devel-5.12.5-4.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-static-5.12.5-4.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtcanvas3d-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtcanvas3d-examples-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtconnectivity-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtconnectivity-devel-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtconnectivity-examples-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdeclarative-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdeclarative-devel-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdeclarative-examples-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdeclarative-static-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdoc-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtgraphicaleffects-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtimageformats-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtlocation-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtlocation-devel-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtlocation-examples-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtmultimedia-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtmultimedia-devel-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtmultimedia-examples-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols-examples-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols2-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols2-devel-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols2-examples-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtscript-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtscript-devel-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtscript-examples-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsensors-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsensors-devel-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsensors-examples-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialbus-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialbus-examples-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialport-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialport-devel-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialport-examples-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsvg-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsvg-devel-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsvg-examples-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-common-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-devel-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-examples-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-libs-designer-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-libs-designercomponents-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-libs-help-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-static-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttranslations-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwayland-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwayland-devel-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwayland-examples-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebchannel-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebchannel-devel-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebchannel-examples-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebsockets-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebsockets-devel-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebsockets-examples-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtx11extras-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtx11extras-devel-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtxmlpatterns-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtxmlpatterns-devel-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtxmlpatterns-examples-5.12.5-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-rpm-macros-5.12.5-3.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-srpm-macros-5.12.5-3.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sip-4.19.19-1.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'python-qt5-rpm-macros-5.13.1-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-pyqt5-sip-4.19.19-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qt5-5.13.1-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qt5-base-5.13.1-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qt5-devel-5.13.1-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-sip-devel-4.19.19-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qgnomeplatform-0.4-3.el8', 'sp':'4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qgnomeplatform-0.4-3.el8', 'sp':'4', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qgnomeplatform-0.4-3.el8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-assistant-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-designer-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-devel-5.12.5-3.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-doctools-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-linguist-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qdbusviewer-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qt3d-5.12.5-2.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qt3d-devel-5.12.5-2.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qt3d-examples-5.12.5-2.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-5.12.5-4.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-common-5.12.5-4.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-devel-5.12.5-4.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-examples-5.12.5-4.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-gui-5.12.5-4.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-mysql-5.12.5-4.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-odbc-5.12.5-4.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-postgresql-5.12.5-4.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-private-devel-5.12.5-4.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-static-5.12.5-4.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtcanvas3d-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtcanvas3d-examples-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtconnectivity-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtconnectivity-devel-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtconnectivity-examples-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdeclarative-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdeclarative-devel-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdeclarative-examples-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdeclarative-static-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdoc-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtgraphicaleffects-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtimageformats-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtlocation-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtlocation-devel-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtlocation-examples-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtmultimedia-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtmultimedia-devel-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtmultimedia-examples-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols-examples-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols2-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols2-devel-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols2-examples-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtscript-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtscript-devel-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtscript-examples-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsensors-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsensors-devel-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsensors-examples-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialbus-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialbus-examples-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialport-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialport-devel-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialport-examples-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsvg-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsvg-devel-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsvg-examples-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-common-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-devel-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-examples-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-libs-designer-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-libs-designercomponents-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-libs-help-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-static-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttranslations-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwayland-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwayland-devel-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwayland-examples-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebchannel-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebchannel-devel-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebchannel-examples-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebsockets-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebsockets-devel-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebsockets-examples-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtx11extras-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtx11extras-devel-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtxmlpatterns-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtxmlpatterns-devel-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtxmlpatterns-examples-5.12.5-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-rpm-macros-5.12.5-3.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-srpm-macros-5.12.5-3.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sip-4.19.19-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'conten

Debian DLA-1786-1 : qt4-x11 security update

Description

Related