Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_11_4_LIBQTWEBKIT-DEVEL-110908.NASL
HistoryJun 13, 2014 - 12:00 a.m.

openSUSE Security Update : libQtWebKit-devel (openSUSE-SU-2011:1120-1)

2014-06-1300:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.049 Low

EPSS

Percentile

92.8%

JSON

Specially crafted font files could cause a single byte heap based buffer overflow (CVE-2011-3193).

Specially crafted grey scale images could cause a heap based buffer overflow (CVE-2011-3194).

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update libQtWebKit-devel-5129.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(75917);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2011-3193", "CVE-2011-3194");

  script_name(english:"openSUSE Security Update : libQtWebKit-devel (openSUSE-SU-2011:1120-1)");
  script_summary(english:"Check for the libQtWebKit-devel-5129 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Specially crafted font files could cause a single byte heap based
buffer overflow (CVE-2011-3193).

Specially crafted grey scale images could cause a heap based buffer
overflow (CVE-2011-3194)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=637275"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=714984"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected libQtWebKit-devel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libQtWebKit-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libQtWebKit4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libQtWebKit4-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libQtWebKit4-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libQtWebKit4-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-devel-doc-data");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-devel-doc-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-devel-doc-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-qt3support");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-qt3support-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-sql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-sql-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-sql-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-sql-mysql-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-sql-mysql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-sql-mysql-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-sql-plugins-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-sql-postgresql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-x11");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-x11-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qt4-x11-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qt4-x11-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.4");

  script_set_attribute(attribute:"patch_publication_date", value:"2011/09/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.4)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.4", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE11.4", reference:"libQtWebKit-devel-4.7.1-8.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"libQtWebKit4-4.7.1-8.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"libQtWebKit4-debuginfo-4.7.1-8.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"libqt4-4.7.1-8.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"libqt4-debuginfo-4.7.1-8.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"libqt4-debugsource-4.7.1-8.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"libqt4-devel-4.7.1-8.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"libqt4-devel-debuginfo-4.7.1-8.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"libqt4-devel-doc-data-4.7.1-8.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"libqt4-devel-doc-debuginfo-4.7.1-8.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"libqt4-devel-doc-debugsource-4.7.1-8.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"libqt4-qt3support-4.7.1-8.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"libqt4-qt3support-debuginfo-4.7.1-8.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"libqt4-sql-4.7.1-8.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"libqt4-sql-debuginfo-4.7.1-8.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"libqt4-sql-mysql-4.7.1-8.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"libqt4-sql-mysql-debuginfo-4.7.1-8.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"libqt4-sql-plugins-debugsource-4.7.1-8.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"libqt4-sql-postgresql-4.7.1-8.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"libqt4-sql-postgresql-debuginfo-4.7.1-8.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"libqt4-sql-sqlite-4.7.1-8.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"libqt4-sql-sqlite-debuginfo-4.7.1-8.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"libqt4-sql-unixODBC-4.7.1-8.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"libqt4-sql-unixODBC-debuginfo-4.7.1-8.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"libqt4-x11-4.7.1-8.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"libqt4-x11-debuginfo-4.7.1-8.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"qt4-x11-tools-4.7.1-8.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"qt4-x11-tools-debuginfo-4.7.1-8.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libQtWebKit4-32bit-4.7.1-8.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libQtWebKit4-debuginfo-32bit-4.7.1-8.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libqt4-32bit-4.7.1-8.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libqt4-debuginfo-32bit-4.7.1-8.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libqt4-qt3support-32bit-4.7.1-8.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libqt4-qt3support-debuginfo-32bit-4.7.1-8.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libqt4-sql-32bit-4.7.1-8.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libqt4-sql-debuginfo-32bit-4.7.1-8.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libqt4-sql-mysql-32bit-4.7.1-8.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libqt4-sql-mysql-debuginfo-32bit-4.7.1-8.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libqt4-sql-postgresql-32bit-4.7.1-8.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libqt4-sql-postgresql-debuginfo-32bit-4.7.1-8.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libqt4-sql-sqlite-32bit-4.7.1-8.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libqt4-sql-sqlite-debuginfo-32bit-4.7.1-8.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libqt4-sql-unixODBC-32bit-4.7.1-8.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libqt4-sql-unixODBC-debuginfo-32bit-4.7.1-8.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libqt4-x11-32bit-4.7.1-8.15.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libqt4-x11-debuginfo-32bit-4.7.1-8.15.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libQtWebKit-devel / libQtWebKit4 / libQtWebKit4-32bit / libqt4 / etc");
}
VendorProductVersionCPE
novellopensuselibqt4-sql-debuginfo-32bitp-cpe:/a:novell:opensuse:libqt4-sql-debuginfo-32bit
novellopensuselibqt4-sql-mysqlp-cpe:/a:novell:opensuse:libqt4-sql-mysql
novellopensuselibqt4-sql-mysql-32bitp-cpe:/a:novell:opensuse:libqt4-sql-mysql-32bit
novellopensuselibqt4-sql-mysql-debuginfop-cpe:/a:novell:opensuse:libqt4-sql-mysql-debuginfo
novellopensuselibqt4-sql-mysql-debuginfo-32bitp-cpe:/a:novell:opensuse:libqt4-sql-mysql-debuginfo-32bit
novellopensuselibqt4-sql-plugins-debugsourcep-cpe:/a:novell:opensuse:libqt4-sql-plugins-debugsource
novellopensuselibqt4-sql-postgresqlp-cpe:/a:novell:opensuse:libqt4-sql-postgresql
novellopensuselibqt4-sql-postgresql-32bitp-cpe:/a:novell:opensuse:libqt4-sql-postgresql-32bit
novellopensuselibqt4-sql-postgresql-debuginfop-cpe:/a:novell:opensuse:libqt4-sql-postgresql-debuginfo
novellopensuselibqt4-sql-postgresql-debuginfo-32bitp-cpe:/a:novell:opensuse:libqt4-sql-postgresql-debuginfo-32bit
Rows per page:
1-10 of 471

Related

oraclelinux 6
nessus 29
openvas 40
debian 1
redhat 6
osv 1
ubuntu 1
veracode 2
cve 2
ubuntucve 2
debiancve 2
fedora 2
nvd 2
prion 2
cvelist 2
centos 4
gentoo 2
oraclelinux
oraclelinux
qt security update
2011-09-21 00:00:00
qt security update
2011-12-14 00:00:00
frysk security update
2011-09-21 00:00:00
nessus
nessus
Scientific Linux Security Update : qt on SL6.x i386/x86_64
2012-08-01 00:00:00
RHEL 6 : qt (RHSA-2011:1328)
2011-09-22 00:00:00
Oracle Linux 6 : qt (ELSA-2011-1323)
2013-07-12 00:00:00
openvas
openvas
RedHat Update for qt RHSA-2011:1323-01
2012-07-09 00:00:00
Debian: Security Advisory (DLA-117-1)
2023-03-08 00:00:00
Oracle: Security Advisory (ELSA-2011-1328)
2015-10-06 00:00:00
debian
debian
[SECURITY] [DLA 117-1] qt4-x11 security update
2014-12-21 16:26:39
redhat
redhat
(RHSA-2011:1328) Moderate: qt security update
2011-09-21 00:00:00
(RHSA-2011:1323) Moderate: qt security update
2011-09-21 00:00:00
(RHSA-2011:1325) Moderate: evolution28-pango security update
2011-09-21 00:00:00
osv
osv
qt4-x11 - security update
2014-12-21 00:00:00
ubuntu
ubuntu
Qt vulnerabilities
2012-07-11 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 01:02:50
Denial Of Service (DoS)
2020-04-10 01:02:50
cve
cve
CVE-2011-3194
2012-06-16 00:55:04
CVE-2011-3193
2012-06-16 00:55:03
ubuntucve
ubuntucve
CVE-2011-3194
2012-06-15 00:00:00
CVE-2011-3193
2012-06-15 00:00:00
debiancve
debiancve
CVE-2011-3194
2012-06-16 00:55:04
CVE-2011-3193
2012-06-16 00:55:03
fedora
fedora
[SECURITY] Fedora 15 Update: qt-4.7.4-2.fc15
2011-09-26 23:26:36
[SECURITY] Fedora 14 Update: qt-4.7.4-2.fc14
2011-09-25 03:32:05
nvd
nvd
CVE-2011-3194
2012-06-16 00:55:04
CVE-2011-3193
2012-06-16 00:55:03
prion
prion
Buffer overflow
2012-06-16 00:55:00
Heap overflow
2012-06-16 00:55:00
cvelist
cvelist
CVE-2011-3193
2012-06-16 00:00:00
CVE-2011-3194
2012-06-16 00:00:00
centos
centos
pango security update
2011-09-22 03:15:49
evolution28 security update
2011-09-22 20:48:41
frysk security update
2011-09-22 20:50:51
gentoo
gentoo
QtGui: User-assisted execution of arbitrary code
2012-06-03 00:00:00
QtCore, QtGui: Multiple vulnerabilities
2013-11-22 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.049 Low

EPSS

Percentile

92.8%

JSON
Related for SUSE_11_4_LIBQTWEBKIT-DEVEL-110908.NASL
oraclelinux6nessus29openvas40debian1redhat6osv1ubuntu1veracode2cve2ubuntucve2debiancve2fedora2nvd2prion2cvelist2centos4gentoo2