Lucene search
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2015-6114.NASLHistoryApr 22, 2015 - 12:00 a.m.
Fedora 22 : qt5-qtbase-5.4.1-9.fc22 (2015-6114)
2015-04-2200:00:00
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
23
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.042 Low
EPSS
Percentile
92.3%
Multiple vulnerabilities were found in Qt image format handling of BMP, ICO and GIF files. The issues exposed included denial of service and buffer overflows leading to heap corruption. It is possible the latter could be used to perform remote code execution.
See also http://lists.qt-project.org/pipermail/announce/2015-April/000067.html
Drop backported Qt 5.5 XCB patches, the rebase is incomplete and does not work properly with Qt 5.4
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2015-6114.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(82978);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2015-1858", "CVE-2015-1859", "CVE-2015-1860");
script_xref(name:"FEDORA", value:"2015-6114");
script_name(english:"Fedora 22 : qt5-qtbase-5.4.1-9.fc22 (2015-6114)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Multiple vulnerabilities were found in Qt image format handling of
BMP, ICO and GIF files. The issues exposed included denial of service
and buffer overflows leading to heap corruption. It is possible the
latter could be used to perform remote code execution.
See also
http://lists.qt-project.org/pipermail/announce/2015-April/000067.html
Drop backported Qt 5.5 XCB patches, the rebase is incomplete and does
not work properly with Qt 5.4
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
# http://lists.qt-project.org/pipermail/announce/2015-April/000067.html
script_set_attribute(
attribute:"see_also",
value:"https://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1210673"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1210674"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1210675"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?fa6edcb6"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected qt5-qtbase package."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:qt5-qtbase");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:22");
script_set_attribute(attribute:"patch_publication_date", value:"2015/04/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/22");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^22([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 22.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC22", reference:"qt5-qtbase-5.4.1-9.fc22")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qt5-qtbase");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fedoraproject | fedora | qt5-qtbase | p-cpe:/a:fedoraproject:fedora:qt5-qtbase |
| fedoraproject | fedora | 22 | cpe:/o:fedoraproject:fedora:22 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1858
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1859
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1860
www.nessus.org/u?fa6edcb6
bugzilla.redhat.com/show_bug.cgi?id=1210673
bugzilla.redhat.com/show_bug.cgi?id=1210674
bugzilla.redhat.com/show_bug.cgi?id=1210675
lists.qt-project.org/pipermail/announce/2015-April/000067.html
Related
nessus
nessus
Fedora 22 : qt3-3.3.8b-63.fc22 (2015-6613)
2015-04-27 00:00:00
Fedora 21 : qt3-3.3.8b-63.fc21 (2015-6661)
2015-05-04 00:00:00
Fedora 22 : qt-4.8.6-28.fc22 (2015-6123)
2015-04-24 00:00:00
openvas
openvas
Fedora Update for qt FEDORA-2015-6123
2015-07-07 00:00:00
Fedora Update for qt3 FEDORA-2015-6613
2015-07-07 00:00:00
Fedora Update for qt5-qtbase FEDORA-2015-6114
2015-07-07 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: qt5-qtbase-5.4.1-9.fc22
2015-04-21 19:11:45
[SECURITY] Fedora 22 Update: qt3-3.3.8b-63.fc22
2015-04-24 22:48:40
[SECURITY] Fedora 22 Update: qt-4.8.6-28.fc22
2015-04-23 16:10:14
gentoo
gentoo
QtGui: Multiple vulnerabilities
2016-03-12 00:00:00
freebsd
freebsd
mageia
mageia
Updated qt3 qt4 & qtbase5 packages fix security vulnerabilities
2015-05-06 19:44:10
securityvulns
securityvulns
[slackware-security] qt (SSA:2015-111-13)
2015-05-05 00:00:00
qt multiple security vulnerabilities
2015-05-05 00:00:00
slackware
slackware
[slackware-security] qt
2015-04-22 01:24:32
osv
osv
qt4-x11 - security update
2015-04-30 00:00:00
ubuntu
ubuntu
Qt vulnerabilities
2015-06-03 00:00:00
debian
debian
[SECURITY] [DLA 210-1] qt4-x11 security update
2015-04-30 11:59:25
nvd
nvd
cve
cve
cvelist
cvelist
debiancve
debiancve
ubuntucve
ubuntucve
prion
prion
Buffer overflow
2015-05-12 19:59:00
Buffer overflow
2015-05-12 19:59:00
Buffer overflow
2015-05-12 19:59:00
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.042 Low
EPSS
Percentile
92.3%
Related for FEDORA_2015-6114.NASL