Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2011-2021 Tenable Network Security, Inc.SUSE_11_LIBQTWEBKIT-DEVEL-110908.NASL
HistoryDec 13, 2011 - 12:00 a.m.

SuSE 11.1 Security Update : Qt (SAT Patch Number 5131)

2011-12-1300:00:00
This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.
www.tenable.com
13

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.169 Low

EPSS

Percentile

96.1%

JSON

The following security issues have been fixed :

  • Specially crafted font files could cause a single byte heap based buffer overflow. (CVE-2011-3193)

  • Specially crafted grey scale images could cause a heap-based buffer overflow. (CVE-2011-3194)

  • SSL servers could run into an endless loop (CVE-2010-2621) The update also fixes the following non-security bugs :

  • QFileDialog, to show system files (bnc#669604),

  • matching of SSL certificates mentioning IP addresses (bnc#637293),

  • the font fallback handling (bnc#643848),

  • handling of transparent monochromatic pixmaps (bnc#610578),

  • a crash of QtWebKit with flash player (bnc#613818)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(57112);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2010-2621", "CVE-2011-3193", "CVE-2011-3194");

  script_name(english:"SuSE 11.1 Security Update : Qt (SAT Patch Number 5131)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 11 host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The following security issues have been fixed :

  - Specially crafted font files could cause a single byte
    heap based buffer overflow. (CVE-2011-3193)

  - Specially crafted grey scale images could cause a
    heap-based buffer overflow. (CVE-2011-3194)

  - SSL servers could run into an endless loop
    (CVE-2010-2621) The update also fixes the following
    non-security bugs :

  - QFileDialog, to show system files (bnc#669604),

  - matching of SSL certificates mentioning IP addresses
    (bnc#637293),

  - the font fallback handling (bnc#643848),

  - handling of transparent monochromatic pixmaps
    (bnc#610578),

  - a crash of QtWebKit with flash player (bnc#613818)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=610578"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=613818"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=619089"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=637275"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=637293"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=643848"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=668210"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=669604"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=714984"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-2621.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-3193.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-3194.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply SAT patch number 5131.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libQtWebKit4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libQtWebKit4-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libqt4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libqt4-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libqt4-qt3support");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libqt4-qt3support-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libqt4-sql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libqt4-sql-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libqt4-sql-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libqt4-sql-mysql-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libqt4-sql-postgresql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libqt4-sql-postgresql-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libqt4-sql-sqlite");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libqt4-sql-sqlite-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libqt4-sql-unixODBC");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libqt4-sql-unixODBC-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libqt4-x11");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libqt4-x11-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:qt4-qtscript");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:qt4-x11-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");

  script_set_attribute(attribute:"patch_publication_date", value:"2011/09/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);

pl = get_kb_item("Host/SuSE/patchlevel");
if (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, "SuSE 11.1");


flag = 0;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"libQtWebKit4-4.6.3-5.10.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"libqt4-4.6.3-5.10.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"libqt4-qt3support-4.6.3-5.10.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"libqt4-sql-4.6.3-5.10.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"libqt4-sql-mysql-4.6.3-5.10.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"libqt4-sql-postgresql-4.6.3-5.10.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"libqt4-sql-sqlite-4.6.3-5.10.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"libqt4-sql-unixODBC-4.6.3-5.10.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"libqt4-x11-4.6.3-5.10.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"qt4-qtscript-0.1.0-3.5.7")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libQtWebKit4-4.6.3-5.10.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libQtWebKit4-32bit-4.6.3-5.10.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libqt4-4.6.3-5.10.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libqt4-32bit-4.6.3-5.10.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libqt4-qt3support-4.6.3-5.10.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libqt4-qt3support-32bit-4.6.3-5.10.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libqt4-sql-4.6.3-5.10.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libqt4-sql-32bit-4.6.3-5.10.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libqt4-sql-mysql-4.6.3-5.10.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libqt4-sql-mysql-32bit-4.6.3-5.10.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libqt4-sql-postgresql-4.6.3-5.10.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libqt4-sql-postgresql-32bit-4.6.3-5.10.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libqt4-sql-sqlite-4.6.3-5.10.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libqt4-sql-sqlite-32bit-4.6.3-5.10.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libqt4-sql-unixODBC-4.6.3-5.10.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libqt4-sql-unixODBC-32bit-4.6.3-5.10.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libqt4-x11-4.6.3-5.10.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libqt4-x11-32bit-4.6.3-5.10.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"qt4-qtscript-0.1.0-3.5.7")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"libQtWebKit4-4.6.3-5.10.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"libqt4-4.6.3-5.10.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"libqt4-qt3support-4.6.3-5.10.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"libqt4-sql-4.6.3-5.10.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"libqt4-sql-mysql-4.6.3-5.10.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"libqt4-sql-sqlite-4.6.3-5.10.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"libqt4-x11-4.6.3-5.10.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"qt4-x11-tools-4.6.3-5.10.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"libQtWebKit4-32bit-4.6.3-5.10.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"libqt4-32bit-4.6.3-5.10.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"libqt4-qt3support-32bit-4.6.3-5.10.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"libqt4-sql-32bit-4.6.3-5.10.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"libqt4-x11-32bit-4.6.3-5.10.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"libQtWebKit4-32bit-4.6.3-5.10.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"libqt4-32bit-4.6.3-5.10.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"libqt4-qt3support-32bit-4.6.3-5.10.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"libqt4-sql-32bit-4.6.3-5.10.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"libqt4-x11-32bit-4.6.3-5.10.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:libqtwebkit4
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:libqtwebkit4-32bit
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:libqt4
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:libqt4-32bit
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:libqt4-qt3support
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:libqt4-qt3support-32bit
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:libqt4-sql
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:libqt4-sql-32bit
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:libqt4-sql-mysql
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:libqt4-sql-mysql-32bit
Rows per page:
1-10 of 211

Related

nessus 30
oraclelinux 6
openvas 42
debian 1
redhat 6
osv 1
ubuntu 1
prion 4
debiancve 3
veracode 2
cve 4
ubuntucve 3
cvelist 3
nvd 4
fedora 2
centos 4
gentoo 2
nessus
nessus
Oracle Linux 6 : qt (ELSA-2011-1323)
2013-07-12 00:00:00
RHEL 6 : qt (RHSA-2011:1323)
2011-09-22 00:00:00
Debian DLA-117-1 : qt4-x11 security update
2015-03-26 00:00:00
oraclelinux
oraclelinux
qt security update
2011-12-14 00:00:00
qt security update
2011-09-21 00:00:00
evolution28-pango security update
2011-09-21 00:00:00
openvas
openvas
RedHat Update for qt RHSA-2011:1323-01
2012-07-09 00:00:00
RedHat Update for qt RHSA-2011:1323-01
2012-07-09 00:00:00
Debian: Security Advisory (DLA-117-1)
2023-03-08 00:00:00
debian
debian
[SECURITY] [DLA 117-1] qt4-x11 security update
2014-12-21 16:26:39
redhat
redhat
(RHSA-2011:1323) Moderate: qt security update
2011-09-21 00:00:00
(RHSA-2011:1328) Moderate: qt security update
2011-09-21 00:00:00
(RHSA-2011:1327) Moderate: frysk security update
2011-09-21 00:00:00
osv
osv
qt4-x11 - security update
2014-12-21 00:00:00
ubuntu
ubuntu
Qt vulnerabilities
2012-07-11 00:00:00
prion
prion
Design/Logic Flaw
2010-07-02 20:30:00
Buffer overflow
2012-06-16 00:55:00
Heap overflow
2012-06-16 00:55:00
debiancve
debiancve
CVE-2010-2621
2010-07-02 20:30:01
CVE-2011-3194
2012-06-16 00:55:04
CVE-2011-3193
2012-06-16 00:55:03
veracode
veracode
Denial Of Service (DoS)
2020-04-10 01:02:50
Denial Of Service (DoS)
2020-04-10 01:02:50
cve
cve
CVE-2010-2621
2010-07-02 20:30:01
CVE-2011-3194
2012-06-16 00:55:04
CVE-2011-3193
2012-06-16 00:55:03
ubuntucve
ubuntucve
CVE-2010-2621
2010-07-02 00:00:00
CVE-2011-3194
2012-06-15 00:00:00
CVE-2011-3193
2012-06-15 00:00:00
cvelist
cvelist
CVE-2011-3194
2012-06-16 00:00:00
CVE-2010-2621
2010-07-02 20:00:00
CVE-2011-3193
2012-06-16 00:00:00
nvd
nvd
CVE-2011-3194
2012-06-16 00:55:04
CVE-2010-2621
2010-07-02 20:30:01
CVE-2011-3193
2012-06-16 00:55:03
fedora
fedora
[SECURITY] Fedora 15 Update: qt-4.7.4-2.fc15
2011-09-26 23:26:36
[SECURITY] Fedora 14 Update: qt-4.7.4-2.fc14
2011-09-25 03:32:05
centos
centos
evolution28 security update
2011-09-22 20:48:41
frysk security update
2011-09-22 20:50:51
pango security update
2011-09-22 03:15:49
gentoo
gentoo
QtGui: User-assisted execution of arbitrary code
2012-06-03 00:00:00
QtCore, QtGui: Multiple vulnerabilities
2013-11-22 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.169 Low

EPSS

Percentile

96.1%

JSON
Related for SUSE_11_LIBQTWEBKIT-DEVEL-110908.NASL
nessus30oraclelinux6openvas42debian1redhat6osv1ubuntu1prion4debiancve3veracode2cve4ubuntucve3cvelist3nvd4fedora2centos4gentoo2