{"id": "SUSE_QT3-3048.NASL", "bulletinFamily": "scanner", "title": "openSUSE 10 Security Update : qt3 (qt3-3048)", "description": "qt wrongly accepts overly long UTF-8 sequences due to a bug in the UTF-8 decoder. This may lead to security problems unter certain circumstances. The bug for example allows for script tag injection in konqueror (CVE-2007-0242).", "published": "2007-10-17T00:00:00", "modified": "2018-07-19T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=27413", "reporter": "Tenable", "references": [], "cvelist": ["CVE-2007-0242"], "type": "nessus", "lastseen": "2019-02-21T01:10:12", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:qt3", "p-cpe:/a:novell:opensuse:qt3-devel-32bit", "p-cpe:/a:novell:opensuse:qt3-devel", "p-cpe:/a:novell:opensuse:qt3-static", "cpe:/o:novell:opensuse:10.1", "p-cpe:/a:novell:opensuse:qt3-32bit"], "cvelist": ["CVE-2007-0242"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "qt wrongly accepts overly long UTF-8 sequences due to a bug in the UTF-8 decoder. This may lead to security problems unter certain circumstances. The bug for example allows for script tag injection in konqueror (CVE-2007-0242).", "edition": 3, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "4d2ab3b8e3836613803f09bdaca473f5a6a2183a43aefbcc880503d8626bc5cf", "hashmap": [{"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "5e094778281b2c6531159800e2c382ca", "key": "description"}, {"hash": "e2914120514a29eeccc01e381df164d8", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "74f3849dcf96a76c9c1599b2ccbe7d04", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "4bdea36411da9cbe9c3a9d05d8261582", "key": "cpe"}, {"hash": "f233bf906d15979bcfaa5b92367fbdb3", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "61ac02c3b8b123446a8a26a9e95bb0d5", "key": "href"}, {"hash": "596525af8ebd3562a8bfe249228d7a8e", "key": "cvelist"}, {"hash": "bf2ec34680916cbcd6a51ef42540bf7b", "key": "sourceData"}, {"hash": "fa35df035a7792d7efde43b7a68dc9e3", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=27413", "id": "SUSE_QT3-3048.NASL", "lastseen": "2018-08-02T08:09:58", "modified": "2018-07-19T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "27413", "published": "2007-10-17T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update qt3-3048.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27413);\n script_version (\"1.9\");\n script_cvs_date(\"Date: 2018/07/19 23:54:24\");\n\n script_cve_id(\"CVE-2007-0242\");\n\n script_name(english:\"openSUSE 10 Security Update : qt3 (qt3-3048)\");\n script_summary(english:\"Check for the qt3-3048 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"qt wrongly accepts overly long UTF-8 sequences due to a bug in the\nUTF-8 decoder. This may lead to security problems unter certain\ncircumstances. The bug for example allows for script tag injection in\nkonqueror (CVE-2007-0242).\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qt3 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt3-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt3-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"qt3-3.3.5-58.15.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"qt3-devel-3.3.5-58.15.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"qt3-static-3.3.5-58.14.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"qt3-32bit-3.3.5-58.15.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"qt3-devel-32bit-3.3.5-58.15.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"qt3-3.3.7-14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"qt3-devel-3.3.7-14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"qt3-static-3.3.7-15\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"qt3-32bit-3.3.7-14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"qt3-devel-32bit-3.3.7-14\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt3 / qt3-32bit / qt3-devel / qt3-devel-32bit / qt3-static\");\n}\n", "title": "openSUSE 10 Security Update : qt3 (qt3-3048)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-02T08:09:58"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:qt3", "p-cpe:/a:novell:opensuse:qt3-devel-32bit", "p-cpe:/a:novell:opensuse:qt3-devel", "p-cpe:/a:novell:opensuse:qt3-static", "cpe:/o:novell:opensuse:10.1", "p-cpe:/a:novell:opensuse:qt3-32bit"], "cvelist": ["CVE-2007-0242"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "qt wrongly accepts overly long UTF-8 sequences due to a bug in the UTF-8 decoder. This may lead to security problems unter certain circumstances. The bug for example allows for script tag injection in konqueror (CVE-2007-0242).", "edition": 5, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "4d2ab3b8e3836613803f09bdaca473f5a6a2183a43aefbcc880503d8626bc5cf", "hashmap": [{"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "5e094778281b2c6531159800e2c382ca", "key": "description"}, {"hash": "e2914120514a29eeccc01e381df164d8", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "74f3849dcf96a76c9c1599b2ccbe7d04", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "4bdea36411da9cbe9c3a9d05d8261582", "key": "cpe"}, {"hash": "f233bf906d15979bcfaa5b92367fbdb3", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "61ac02c3b8b123446a8a26a9e95bb0d5", "key": "href"}, {"hash": "596525af8ebd3562a8bfe249228d7a8e", "key": "cvelist"}, {"hash": "bf2ec34680916cbcd6a51ef42540bf7b", "key": "sourceData"}, {"hash": "fa35df035a7792d7efde43b7a68dc9e3", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=27413", "id": "SUSE_QT3-3048.NASL", "lastseen": "2018-09-01T23:57:02", "modified": "2018-07-19T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "27413", "published": "2007-10-17T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update qt3-3048.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27413);\n script_version (\"1.9\");\n script_cvs_date(\"Date: 2018/07/19 23:54:24\");\n\n script_cve_id(\"CVE-2007-0242\");\n\n script_name(english:\"openSUSE 10 Security Update : qt3 (qt3-3048)\");\n script_summary(english:\"Check for the qt3-3048 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"qt wrongly accepts overly long UTF-8 sequences due to a bug in the\nUTF-8 decoder. This may lead to security problems unter certain\ncircumstances. The bug for example allows for script tag injection in\nkonqueror (CVE-2007-0242).\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qt3 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt3-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt3-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"qt3-3.3.5-58.15.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"qt3-devel-3.3.5-58.15.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"qt3-static-3.3.5-58.14.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"qt3-32bit-3.3.5-58.15.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"qt3-devel-32bit-3.3.5-58.15.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"qt3-3.3.7-14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"qt3-devel-3.3.7-14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"qt3-static-3.3.7-15\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"qt3-32bit-3.3.7-14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"qt3-devel-32bit-3.3.7-14\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt3 / qt3-32bit / qt3-devel / qt3-devel-32bit / qt3-static\");\n}\n", "title": "openSUSE 10 Security Update : qt3 (qt3-3048)", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 5, "lastseen": "2018-09-01T23:57:02"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:qt3", "p-cpe:/a:novell:opensuse:qt3-devel-32bit", "p-cpe:/a:novell:opensuse:qt3-devel", "p-cpe:/a:novell:opensuse:qt3-static", "cpe:/o:novell:opensuse:10.1", "p-cpe:/a:novell:opensuse:qt3-32bit"], "cvelist": ["CVE-2007-0242"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "qt wrongly accepts overly long UTF-8 sequences due to a bug in the\nUTF-8 decoder. This may lead to security problems unter certain\ncircumstances. The bug for example allows for script tag injection in\nkonqueror (CVE-2007-0242).", "edition": 6, "enchantments": {"dependencies": {"modified": "2019-01-16T20:07:37", "references": [{"idList": ["OPENVAS:1361412562310830014", "OPENVAS:136141256231058197", "OPENVAS:830288", "OPENVAS:830014", "OPENVAS:840141", "OPENVAS:830287", "OPENVAS:1361412562310830284", "OPENVAS:65339", "OPENVAS:830284", "OPENVAS:58197"], "type": "openvas"}, {"idList": ["DEBIAN_DSA-1292.NASL", "SLACKWARE_SSA_2007-093-03.NASL", "MANDRAKE_MDKSA-2007-074.NASL", "UBUNTU_USN-452-1.NASL", "MANDRAKE_MDKSA-2007-076.NASL", "SUSE_QT-3050.NASL", "MANDRAKE_MDKSA-2007-075.NASL", "SUSE_QT3-3052.NASL", "SUSE_QT-3047.NASL", "SUSE_LIBQT4-3056.NASL"], "type": "nessus"}, {"idList": ["SSA-2007-093-03"], "type": "slackware"}, {"idList": ["DEBIAN:DSA-1292-1:E639E"], "type": "debian"}, {"idList": ["SECURITYVULNS:VULN:7532"], "type": "securityvulns"}, {"idList": ["CESA-2007:0909", "CESA-2007:0883", "CESA-2007:0883-01", "CESA-2011:1324"], "type": "centos"}, {"idList": ["RHSA-2007:0883", "RHSA-2007:0909", "RHSA-2011:1324"], "type": "redhat"}, {"idList": ["USN-452-1"], "type": "ubuntu"}, {"idList": ["ELSA-2011-1324", "ELSA-2007-0909", "ELSA-2007-0883"], "type": "oraclelinux"}, {"idList": ["OSVDB:34679"], "type": "osvdb"}, {"idList": ["CVE-2007-0242"], "type": "cve"}]}, "score": {"value": 2.1, "vector": "NONE"}}, "hash": "c46cb8c44e8b57579ccb483b282d556f635c8340dba4b53582957dba6fa6771b", "hashmap": [{"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "e2914120514a29eeccc01e381df164d8", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "74f3849dcf96a76c9c1599b2ccbe7d04", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "4bdea36411da9cbe9c3a9d05d8261582", "key": "cpe"}, {"hash": "f233bf906d15979bcfaa5b92367fbdb3", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "9609f56434533773b3a779de9ac23a68", "key": "description"}, {"hash": "61ac02c3b8b123446a8a26a9e95bb0d5", "key": "href"}, {"hash": "596525af8ebd3562a8bfe249228d7a8e", "key": "cvelist"}, {"hash": "bf2ec34680916cbcd6a51ef42540bf7b", "key": "sourceData"}, {"hash": "fa35df035a7792d7efde43b7a68dc9e3", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=27413", "id": "SUSE_QT3-3048.NASL", "lastseen": "2019-01-16T20:07:37", "modified": "2018-07-19T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "27413", "published": "2007-10-17T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update qt3-3048.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27413);\n script_version (\"1.9\");\n script_cvs_date(\"Date: 2018/07/19 23:54:24\");\n\n script_cve_id(\"CVE-2007-0242\");\n\n script_name(english:\"openSUSE 10 Security Update : qt3 (qt3-3048)\");\n script_summary(english:\"Check for the qt3-3048 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"qt wrongly accepts overly long UTF-8 sequences due to a bug in the\nUTF-8 decoder. This may lead to security problems unter certain\ncircumstances. The bug for example allows for script tag injection in\nkonqueror (CVE-2007-0242).\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qt3 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt3-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt3-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"qt3-3.3.5-58.15.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"qt3-devel-3.3.5-58.15.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"qt3-static-3.3.5-58.14.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"qt3-32bit-3.3.5-58.15.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"qt3-devel-32bit-3.3.5-58.15.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"qt3-3.3.7-14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"qt3-devel-3.3.7-14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"qt3-static-3.3.7-15\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"qt3-32bit-3.3.7-14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"qt3-devel-32bit-3.3.7-14\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt3 / qt3-32bit / qt3-devel / qt3-devel-32bit / qt3-static\");\n}\n", "title": "openSUSE 10 Security Update : qt3 (qt3-3048)", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 6, "lastseen": "2019-01-16T20:07:37"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2007-0242"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "qt wrongly accepts overly long UTF-8 sequences due to a bug in the UTF-8 decoder. This may lead to security problems unter certain circumstances. The bug for example allows for script tag injection in konqueror (CVE-2007-0242).", "edition": 1, "enchantments": {}, "hash": "2b33ee15d371d921fd245724383686538cc110b0393c28c7c533fe5bb90ea515", "hashmap": [{"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "5e094778281b2c6531159800e2c382ca", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "74f3849dcf96a76c9c1599b2ccbe7d04", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "f233bf906d15979bcfaa5b92367fbdb3", "key": "pluginID"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "61ac02c3b8b123446a8a26a9e95bb0d5", "key": "href"}, {"hash": "596525af8ebd3562a8bfe249228d7a8e", "key": "cvelist"}, {"hash": "50cc5ba86de1d0a82f63735fdbfd3879", "key": "sourceData"}, {"hash": "fa35df035a7792d7efde43b7a68dc9e3", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=27413", "id": "SUSE_QT3-3048.NASL", "lastseen": "2016-09-26T17:25:34", "modified": "2014-06-13T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.2", "pluginID": "27413", "published": "2007-10-17T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update qt3-3048.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27413);\n script_version (\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2014/06/13 20:36:48 $\");\n\n script_cve_id(\"CVE-2007-0242\");\n\n script_name(english:\"openSUSE 10 Security Update : qt3 (qt3-3048)\");\n script_summary(english:\"Check for the qt3-3048 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"qt wrongly accepts overly long UTF-8 sequences due to a bug in the\nUTF-8 decoder. This may lead to security problems unter certain\ncircumstances. The bug for example allows for script tag injection in\nkonqueror (CVE-2007-0242).\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qt3 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt3-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt3-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"qt3-3.3.5-58.15.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"qt3-devel-3.3.5-58.15.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"qt3-static-3.3.5-58.14.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"qt3-32bit-3.3.5-58.15.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"qt3-devel-32bit-3.3.5-58.15.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"qt3-3.3.7-14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"qt3-devel-3.3.7-14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"qt3-static-3.3.7-15\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"qt3-32bit-3.3.7-14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"qt3-devel-32bit-3.3.7-14\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt3 / qt3-32bit / qt3-devel / qt3-devel-32bit / qt3-static\");\n}\n", "title": "openSUSE 10 Security Update : qt3 (qt3-3048)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:25:34"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:qt3", "p-cpe:/a:novell:opensuse:qt3-devel-32bit", "p-cpe:/a:novell:opensuse:qt3-devel", "p-cpe:/a:novell:opensuse:qt3-static", "cpe:/o:novell:opensuse:10.1", "p-cpe:/a:novell:opensuse:qt3-32bit"], "cvelist": ["CVE-2007-0242"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "qt wrongly accepts overly long UTF-8 sequences due to a bug in the UTF-8 decoder. This may lead to security problems unter certain circumstances. The bug for example allows for script tag injection in konqueror (CVE-2007-0242).", "edition": 2, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "e5bc1351142f6554c44da612f15e4e0ce2aeeef192235c453c09afc47bc43418", "hashmap": [{"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "5e094778281b2c6531159800e2c382ca", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "74f3849dcf96a76c9c1599b2ccbe7d04", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "4bdea36411da9cbe9c3a9d05d8261582", "key": "cpe"}, {"hash": "f233bf906d15979bcfaa5b92367fbdb3", "key": "pluginID"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "61ac02c3b8b123446a8a26a9e95bb0d5", "key": "href"}, {"hash": "596525af8ebd3562a8bfe249228d7a8e", "key": "cvelist"}, {"hash": "50cc5ba86de1d0a82f63735fdbfd3879", "key": "sourceData"}, {"hash": "fa35df035a7792d7efde43b7a68dc9e3", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=27413", "id": "SUSE_QT3-3048.NASL", "lastseen": "2017-10-29T13:41:35", "modified": "2014-06-13T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "27413", "published": "2007-10-17T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update qt3-3048.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27413);\n script_version (\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2014/06/13 20:36:48 $\");\n\n script_cve_id(\"CVE-2007-0242\");\n\n script_name(english:\"openSUSE 10 Security Update : qt3 (qt3-3048)\");\n script_summary(english:\"Check for the qt3-3048 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"qt wrongly accepts overly long UTF-8 sequences due to a bug in the\nUTF-8 decoder. This may lead to security problems unter certain\ncircumstances. The bug for example allows for script tag injection in\nkonqueror (CVE-2007-0242).\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qt3 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt3-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt3-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"qt3-3.3.5-58.15.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"qt3-devel-3.3.5-58.15.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"qt3-static-3.3.5-58.14.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"qt3-32bit-3.3.5-58.15.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"qt3-devel-32bit-3.3.5-58.15.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"qt3-3.3.7-14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"qt3-devel-3.3.7-14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"qt3-static-3.3.7-15\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"qt3-32bit-3.3.7-14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"qt3-devel-32bit-3.3.7-14\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt3 / qt3-32bit / qt3-devel / qt3-devel-32bit / qt3-static\");\n}\n", "title": "openSUSE 10 Security Update : qt3 (qt3-3048)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:41:35"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:qt3", "p-cpe:/a:novell:opensuse:qt3-devel-32bit", "p-cpe:/a:novell:opensuse:qt3-devel", "p-cpe:/a:novell:opensuse:qt3-static", "cpe:/o:novell:opensuse:10.1", "p-cpe:/a:novell:opensuse:qt3-32bit"], "cvelist": ["CVE-2007-0242"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "qt wrongly accepts overly long UTF-8 sequences due to a bug in the UTF-8 decoder. This may lead to security problems unter certain circumstances. The bug for example allows for script tag injection in konqueror (CVE-2007-0242).", "edition": 4, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "8a4cbbb5318e90ca0c5ad32ebab673e0c616660ce3c95f1778370425f8e78602", "hashmap": [{"hash": "5e094778281b2c6531159800e2c382ca", "key": "description"}, {"hash": "e2914120514a29eeccc01e381df164d8", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "74f3849dcf96a76c9c1599b2ccbe7d04", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "4bdea36411da9cbe9c3a9d05d8261582", "key": "cpe"}, {"hash": "f233bf906d15979bcfaa5b92367fbdb3", "key": "pluginID"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "61ac02c3b8b123446a8a26a9e95bb0d5", "key": "href"}, {"hash": "596525af8ebd3562a8bfe249228d7a8e", "key": "cvelist"}, {"hash": "bf2ec34680916cbcd6a51ef42540bf7b", "key": "sourceData"}, {"hash": "fa35df035a7792d7efde43b7a68dc9e3", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=27413", "id": "SUSE_QT3-3048.NASL", "lastseen": "2018-08-30T19:49:43", "modified": "2018-07-19T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "27413", "published": "2007-10-17T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update qt3-3048.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27413);\n script_version (\"1.9\");\n script_cvs_date(\"Date: 2018/07/19 23:54:24\");\n\n script_cve_id(\"CVE-2007-0242\");\n\n script_name(english:\"openSUSE 10 Security Update : qt3 (qt3-3048)\");\n script_summary(english:\"Check for the qt3-3048 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"qt wrongly accepts overly long UTF-8 sequences due to a bug in the\nUTF-8 decoder. This may lead to security problems unter certain\ncircumstances. The bug for example allows for script tag injection in\nkonqueror (CVE-2007-0242).\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qt3 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt3-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt3-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"qt3-3.3.5-58.15.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"qt3-devel-3.3.5-58.15.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"qt3-static-3.3.5-58.14.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"qt3-32bit-3.3.5-58.15.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"qt3-devel-32bit-3.3.5-58.15.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"qt3-3.3.7-14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"qt3-devel-3.3.7-14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"qt3-static-3.3.7-15\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"qt3-32bit-3.3.7-14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"qt3-devel-32bit-3.3.7-14\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt3 / qt3-32bit / qt3-devel / qt3-devel-32bit / qt3-static\");\n}\n", "title": "openSUSE 10 Security Update : qt3 (qt3-3048)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:49:43"}], "edition": 7, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "4bdea36411da9cbe9c3a9d05d8261582"}, {"key": "cvelist", "hash": "596525af8ebd3562a8bfe249228d7a8e"}, {"key": "cvss", "hash": "6e9bdd2021503689a2ad9254c9cdf2b3"}, {"key": "description", "hash": "5e094778281b2c6531159800e2c382ca"}, {"key": "href", "hash": "61ac02c3b8b123446a8a26a9e95bb0d5"}, {"key": "modified", "hash": "e2914120514a29eeccc01e381df164d8"}, {"key": "naslFamily", "hash": "71a40666da62ba38d22539c8277870c7"}, {"key": "pluginID", "hash": "f233bf906d15979bcfaa5b92367fbdb3"}, {"key": "published", "hash": "fa35df035a7792d7efde43b7a68dc9e3"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "bf2ec34680916cbcd6a51ef42540bf7b"}, {"key": "title", "hash": "74f3849dcf96a76c9c1599b2ccbe7d04"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "4d2ab3b8e3836613803f09bdaca473f5a6a2183a43aefbcc880503d8626bc5cf", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-0242"]}, {"type": "nessus", "idList": ["MANDRAKE_MDKSA-2007-074.NASL", "MANDRAKE_MDKSA-2007-075.NASL", "SUSE_QT-3050.NASL", "UBUNTU_USN-452-1.NASL", "SUSE_QT3-3052.NASL", "SUSE_LIBQT4-3056.NASL", "SLACKWARE_SSA_2007-093-03.NASL", "SUSE_QT-3047.NASL", "DEBIAN_DSA-1292.NASL", "MANDRAKE_MDKSA-2007-076.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:58197", "OPENVAS:1361412562310830287", "OPENVAS:136141256231058197", "OPENVAS:830288", "OPENVAS:1361412562310830288", "OPENVAS:1361412562310830014", "OPENVAS:830014", "OPENVAS:830287", "OPENVAS:65339", "OPENVAS:830284"]}, {"type": "ubuntu", "idList": ["USN-452-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1292-1:E639E"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7532"]}, {"type": "osvdb", "idList": ["OSVDB:34679"]}, {"type": "slackware", "idList": ["SSA-2007-093-03"]}, {"type": "centos", "idList": ["CESA-2007:0883", "CESA-2007:0883-01", "CESA-2011:1324", "CESA-2007:0909"]}, {"type": "redhat", "idList": ["RHSA-2011:1324", "RHSA-2007:0883", "RHSA-2007:0909"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-1324", "ELSA-2007-0883", "ELSA-2007-0909"]}], "modified": "2019-02-21T01:10:12"}, "score": {"value": 4.4, "vector": "NONE", "modified": "2019-02-21T01:10:12"}, "vulnersScore": 4.4}, "objectVersion": "1.3", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update qt3-3048.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27413);\n script_version (\"1.9\");\n script_cvs_date(\"Date: 2018/07/19 23:54:24\");\n\n script_cve_id(\"CVE-2007-0242\");\n\n script_name(english:\"openSUSE 10 Security Update : qt3 (qt3-3048)\");\n script_summary(english:\"Check for the qt3-3048 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"qt wrongly accepts overly long UTF-8 sequences due to a bug in the\nUTF-8 decoder. This may lead to security problems unter certain\ncircumstances. The bug for example allows for script tag injection in\nkonqueror (CVE-2007-0242).\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qt3 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt3-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt3-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"qt3-3.3.5-58.15.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"qt3-devel-3.3.5-58.15.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"qt3-static-3.3.5-58.14.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"qt3-32bit-3.3.5-58.15.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"qt3-devel-32bit-3.3.5-58.15.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"qt3-3.3.7-14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"qt3-devel-3.3.7-14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"qt3-static-3.3.7-15\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"qt3-32bit-3.3.7-14\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"qt3-devel-32bit-3.3.7-14\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt3 / qt3-32bit / qt3-devel / qt3-devel-32bit / qt3-static\");\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "27413", "cpe": ["cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:qt3", "p-cpe:/a:novell:opensuse:qt3-devel-32bit", "p-cpe:/a:novell:opensuse:qt3-devel", "p-cpe:/a:novell:opensuse:qt3-static", "cpe:/o:novell:opensuse:10.1", "p-cpe:/a:novell:opensuse:qt3-32bit"], "scheme": null}

{"cve": [{"lastseen": "2019-05-29T18:08:58", "bulletinFamily": "NVD", "description": "The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.", "modified": "2017-10-11T01:31:00", "id": "CVE-2007-0242", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0242", "published": "2007-04-03T16:19:00", "title": "CVE-2007-0242", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2019-02-21T01:11:48", "bulletinFamily": "scanner", "description": "Andreas Nolden discover a bug in qt3, where the UTF8 decoder does not reject overlong sequences, which can cause '/../' injection or (in the case of konqueror) a '<script>' tag injection.\n\nUpdated packages have been patched to address this issue.", "modified": "2018-07-19T00:00:00", "id": "MANDRAKE_MDKSA-2007-074.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=37804", "published": "2009-04-23T00:00:00", "title": "Mandrake Linux Security Advisory : qt3 (MDKSA-2007:074)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2007:074. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(37804);\n script_version (\"1.12\");\n script_cvs_date(\"Date: 2018/07/19 20:59:14\");\n\n script_cve_id(\"CVE-2007-0242\");\n script_xref(name:\"MDKSA\", value:\"2007:074\");\n\n script_name(english:\"Mandrake Linux Security Advisory : qt3 (MDKSA-2007:074)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Andreas Nolden discover a bug in qt3, where the UTF8 decoder does not\nreject overlong sequences, which can cause '/../' injection or (in the\ncase of konqueror) a '<script>' tag injection.\n\nUpdated packages have been patched to address this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64designercore1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64editor1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64qassistantclient1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64qt3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64qt3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64qt3-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64qt3-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64qt3-psql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64qt3-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64qt3-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libdesignercore1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libeditor1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libqassistantclient1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libqt3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libqt3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libqt3-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libqt3-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libqt3-psql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libqt3-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libqt3-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:qt3-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:qt3-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:qt3-example\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:qt3-tutorial\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64designercore1-3.3.6-18.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64editor1-3.3.6-18.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64qassistantclient1-3.3.6-18.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64qt3-3.3.6-18.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64qt3-devel-3.3.6-18.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64qt3-mysql-3.3.6-18.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64qt3-odbc-3.3.6-18.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64qt3-psql-3.3.6-18.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64qt3-sqlite-3.3.6-18.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64qt3-static-devel-3.3.6-18.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libdesignercore1-3.3.6-18.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libeditor1-3.3.6-18.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libqassistantclient1-3.3.6-18.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libqt3-3.3.6-18.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libqt3-devel-3.3.6-18.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libqt3-mysql-3.3.6-18.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libqt3-odbc-3.3.6-18.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libqt3-psql-3.3.6-18.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libqt3-sqlite-3.3.6-18.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libqt3-static-devel-3.3.6-18.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"qt3-common-3.3.6-18.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"qt3-doc-3.3.6-18.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"qt3-example-3.3.6-18.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"qt3-tutorial-3.3.6-18.2mdv2007.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:09:53", "bulletinFamily": "scanner", "description": "Andreas Nolden discovered a bug in the UTF8 decoding routines in qt4-x11, a C++ GUI library framework, that could allow remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.", "modified": "2018-11-10T00:00:00", "id": "DEBIAN_DSA-1292.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=25229", "published": "2007-05-16T00:00:00", "title": "Debian DSA-1292-1 : qt4-x11 - missing input validation", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1292. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25229);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/11/10 11:49:33\");\n\n script_cve_id(\"CVE-2007-0242\");\n script_bugtraq_id(23269);\n script_xref(name:\"DSA\", value:\"1292\");\n\n script_name(english:\"Debian DSA-1292-1 : qt4-x11 - missing input validation\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Andreas Nolden discovered a bug in the UTF8 decoding routines in\nqt4-x11, a C++ GUI library framework, that could allow remote\nattackers to conduct cross-site scripting (XSS) and directory\ntraversal attacks via long sequences that decode to dangerous\nmetacharacters.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417391\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2007/dsa-1292\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the qt4-x11 package.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 4.2.1-2etch1.\n\nFor the testing and unstable distribution (lenny and sid,\nrespectively), this problem has been fixed in version 4.2.2-2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt4-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/05/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/05/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"libqt4-core\", reference:\"4.2.1-2etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libqt4-debug\", reference:\"4.2.1-2etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libqt4-dev\", reference:\"4.2.1-2etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libqt4-gui\", reference:\"4.2.1-2etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libqt4-qt3support\", reference:\"4.2.1-2etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libqt4-sql\", reference:\"4.2.1-2etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"qt4-designer\", reference:\"4.2.1-2etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"qt4-dev-tools\", reference:\"4.2.1-2etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"qt4-doc\", reference:\"4.2.1-2etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"qt4-qtconfig\", reference:\"4.2.1-2etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:09:50", "bulletinFamily": "scanner", "description": "New qt packages are available for Slackware 10.2, 11.0, and -current to fix a security issue.", "modified": "2018-08-09T00:00:00", "id": "SLACKWARE_SSA_2007-093-03.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=24918", "published": "2007-04-05T00:00:00", "title": "Slackware 10.2 / 11.0 / current : qt (SSA:2007-093-03)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2007-093-03. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(24918);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/08/09 17:06:37\");\n\n script_cve_id(\"CVE-2007-0242\");\n script_xref(name:\"SSA\", value:\"2007-093-03\");\n\n script_name(english:\"Slackware 10.2 / 11.0 / current : qt (SSA:2007-093-03)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New qt packages are available for Slackware 10.2, 11.0, and -current\nto fix a security issue.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.348591\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2edaf585\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qt package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:qt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/04/05\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"10.2\", pkgname:\"qt\", pkgver:\"3.3.4\", pkgarch:\"i486\", pkgnum:\"4_slack10.2\")) flag++;\n\nif (slackware_check(osver:\"11.0\", pkgname:\"qt\", pkgver:\"3.3.8\", pkgarch:\"i486\", pkgnum:\"1_slack11.0\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"qt\", pkgver:\"3.3.8\", pkgarch:\"i486\", pkgnum:\"3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:09:50", "bulletinFamily": "scanner", "description": "A bug was discovered in KJS where UTF8 decoding did not reject overlong sequences. This vulnerability is similar to that discovered by Andreas Nolden in QT3 and QT4, but at this current time there is no known exploit for this issue.\n\nUpdated packages have been patched to address this issue.", "modified": "2018-07-19T00:00:00", "id": "MANDRAKE_MDKSA-2007-076.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=24942", "published": "2007-04-05T00:00:00", "title": "Mandrake Linux Security Advisory : kdelibs (MDKSA-2007:076)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2007:076. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(24942);\n script_version (\"1.14\");\n script_cvs_date(\"Date: 2018/07/19 20:59:14\");\n\n script_cve_id(\"CVE-2007-0242\");\n script_xref(name:\"MDKSA\", value:\"2007:076\");\n\n script_name(english:\"Mandrake Linux Security Advisory : kdelibs (MDKSA-2007:076)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A bug was discovered in KJS where UTF8 decoding did not reject\noverlong sequences. This vulnerability is similar to that discovered\nby Andreas Nolden in QT3 and QT4, but at this current time there is no\nknown exploit for this issue.\n\nUpdated packages have been patched to address this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdelibs-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdelibs-devel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdecore4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64kdecore4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdecore4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libkdecore4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/04/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.0\", reference:\"kdelibs-common-3.5.4-19.5mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"kdelibs-devel-doc-3.5.4-19.5mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64kdecore4-3.5.4-19.5mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64kdecore4-devel-3.5.4-19.5mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libkdecore4-3.5.4-19.5mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libkdecore4-devel-3.5.4-19.5mdv2007.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:10:11", "bulletinFamily": "scanner", "description": "qt wrongly accepts overly long UTF-8 sequences due to a bug in the UTF-8 decoder. This may lead to security problems unter certain circumstances. The bug for example allows for script tag injection in konqueror (CVE-2007-0242).", "modified": "2018-07-19T00:00:00", "id": "SUSE_LIBQT4-3056.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=27332", "published": "2007-10-17T00:00:00", "title": "openSUSE 10 Security Update : libqt4 (libqt4-3056)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libqt4-3056.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27332);\n script_version (\"1.9\");\n script_cvs_date(\"Date: 2018/07/19 23:54:24\");\n\n script_cve_id(\"CVE-2007-0242\");\n\n script_name(english:\"openSUSE 10 Security Update : libqt4 (libqt4-3056)\");\n script_summary(english:\"Check for the libqt4-3056 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"qt wrongly accepts overly long UTF-8 sequences due to a bug in the\nUTF-8 decoder. This may lead to security problems unter certain\ncircumstances. The bug for example allows for script tag injection in\nkonqueror (CVE-2007-0242).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libqt4 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.2\", reference:\"libqt4-4.2.1-20\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"libqt4-devel-4.2.1-20\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"libqt4-x11-4.2.1-20\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libqt4 / libqt4-devel / libqt4-x11\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:10:33", "bulletinFamily": "scanner", "description": "qt wongly accepts overly long UTF-8 sequences due to a bug in the UTF-8 decoder. This may lead to security problems unter certain circumstances. The bug for example allows for script tag injection in konqueror. (CVE-2007-0242)", "modified": "2012-05-17T00:00:00", "id": "SUSE_QT-3047.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=29562", "published": "2007-12-13T00:00:00", "title": "SuSE 10 Security Update : Qt (ZYPP Patch Number 3047)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29562);\n script_version (\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2012/05/17 11:20:15 $\");\n\n script_cve_id(\"CVE-2007-0242\");\n\n script_name(english:\"SuSE 10 Security Update : Qt (ZYPP Patch Number 3047)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"qt wongly accepts overly long UTF-8 sequences due to a bug in the\nUTF-8 decoder. This may lead to security problems unter certain\ncircumstances. The bug for example allows for script tag injection in\nkonqueror. (CVE-2007-0242)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-0242.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 3047.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2012 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"qt-4.1.0-29.11\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, cpu:\"x86_64\", reference:\"qt-32bit-4.1.0-29.11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:10:33", "bulletinFamily": "scanner", "description": "qt wrongly accepts overly long UTF-8 sequences due to a bug in the UTF-8 decoder. This may lead to security problems unter certain circumstances. The bug for example allows for script tag injection in konqueror. (CVE-2007-0242)", "modified": "2012-05-17T00:00:00", "id": "SUSE_QT3-3052.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=29564", "published": "2007-12-13T00:00:00", "title": "SuSE 10 Security Update : Qt3 (ZYPP Patch Number 3052)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29564);\n script_version (\"$Revision: 1.10 $\");\n script_cvs_date(\"$Date: 2012/05/17 11:20:15 $\");\n\n script_cve_id(\"CVE-2007-0242\");\n\n script_name(english:\"SuSE 10 Security Update : Qt3 (ZYPP Patch Number 3052)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"qt wrongly accepts overly long UTF-8 sequences due to a bug in the\nUTF-8 decoder. This may lead to security problems unter certain\ncircumstances. The bug for example allows for script tag injection in\nkonqueror. (CVE-2007-0242)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-0242.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 3052.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2012 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:0, reference:\"qt3-3.3.5-58.15.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:0, reference:\"qt3-devel-3.3.5-58.15.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:0, cpu:\"x86_64\", reference:\"qt3-32bit-3.3.5-58.15.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:0, cpu:\"x86_64\", reference:\"qt3-devel-32bit-3.3.5-58.15.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"qt3-3.3.5-58.15.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"qt3-devel-3.3.5-58.15.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, cpu:\"x86_64\", reference:\"qt3-32bit-3.3.5-58.15.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, cpu:\"x86_64\", reference:\"qt3-devel-32bit-3.3.5-58.15.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:10:12", "bulletinFamily": "scanner", "description": "qt wrongly accepts overly long UTF-8 sequences due to a bug in the UTF-8 decoder. This may lead to security problems unter certain circumstances. The bug for example allows for script tag injection in konqueror (CVE-2007-0242).", "modified": "2018-07-19T00:00:00", "id": "SUSE_QT-3050.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=27411", "published": "2007-10-17T00:00:00", "title": "openSUSE 10 Security Update : qt (qt-3050)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update qt-3050.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27411);\n script_version (\"1.9\");\n script_cvs_date(\"Date: 2018/07/19 23:54:24\");\n\n script_cve_id(\"CVE-2007-0242\");\n\n script_name(english:\"openSUSE 10 Security Update : qt (qt-3050)\");\n script_summary(english:\"Check for the qt-3050 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"qt wrongly accepts overly long UTF-8 sequences due to a bug in the\nUTF-8 decoder. This may lead to security problems unter certain\ncircumstances. The bug for example allows for script tag injection in\nkonqueror (CVE-2007-0242).\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qt packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"qt-4.1.0-29.11\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"qt-devel-4.1.0-29.11\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"qt-32bit-4.1.0-29.11\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt / qt-32bit / qt-devel\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:10:22", "bulletinFamily": "scanner", "description": "The Qt library did not correctly handle truncated UTF8 strings, which could cause some applications to incorrectly filter malicious strings.\nIf a Konqueror user were tricked into visiting a website containing specially crafted strings, normal XSS prevention could be bypassed allowing a remote attacker to steal confidential data.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-28T00:00:00", "id": "UBUNTU_USN-452-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=28049", "published": "2007-11-10T00:00:00", "title": "Ubuntu 5.10 / 6.06 LTS / 6.10 : kdelibs, qt-x11-free vulnerability (USN-452-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-452-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(28049);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/28 11:42:05\");\n\n script_cve_id(\"CVE-2007-0242\");\n script_xref(name:\"USN\", value:\"452-1\");\n\n script_name(english:\"Ubuntu 5.10 / 6.06 LTS / 6.10 : kdelibs, qt-x11-free vulnerability (USN-452-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Qt library did not correctly handle truncated UTF8 strings, which\ncould cause some applications to incorrectly filter malicious strings.\nIf a Konqueror user were tricked into visiting a website containing\nspecially crafted strings, normal XSS prevention could be bypassed\nallowing a remote attacker to steal confidential data.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/452-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kdelibs-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kdelibs-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kdelibs-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kdelibs4-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kdelibs4-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kdelibs4c2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kdelibs4c2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kdelibs4c2a\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libqt3-compat-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libqt3-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libqt3-i18n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libqt3-mt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libqt3-mt-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libqt3-mt-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libqt3-mt-ibase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libqt3-mt-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libqt3-mt-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libqt3-mt-psql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libqt3-mt-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qt-x11-free-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qt3-apps-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qt3-assistant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qt3-designer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qt3-dev-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qt3-dev-tools-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qt3-dev-tools-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qt3-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qt3-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qt3-linguist\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qt3-qtconfig\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(5\\.10|6\\.06|6\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 5.10 / 6.06 / 6.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"5.10\", pkgname:\"kdelibs\", pkgver:\"3.4.3-0ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"kdelibs-bin\", pkgver:\"3.4.3-0ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"kdelibs-data\", pkgver:\"3.4.3-0ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"kdelibs4-dev\", pkgver:\"3.4.3-0ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"kdelibs4-doc\", pkgver:\"3.4.3-0ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"kdelibs4c2\", pkgver:\"4:3.4.3-0ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"kdelibs4c2-dbg\", pkgver:\"3.4.3-0ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libqt3-compat-headers\", pkgver:\"3.3.4-8ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libqt3-headers\", pkgver:\"3.3.4-8ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libqt3-i18n\", pkgver:\"3.3.4-8ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libqt3-mt\", pkgver:\"3:3.3.4-8ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libqt3-mt-dbg\", pkgver:\"3.3.4-8ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libqt3-mt-dev\", pkgver:\"3.3.4-8ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libqt3-mt-ibase\", pkgver:\"3.3.4-8ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libqt3-mt-mysql\", pkgver:\"3.3.4-8ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libqt3-mt-odbc\", pkgver:\"3.3.4-8ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libqt3-mt-psql\", pkgver:\"3.3.4-8ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libqt3-mt-sqlite\", pkgver:\"3.3.4-8ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"qt3-apps-dev\", pkgver:\"3.3.4-8ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"qt3-assistant\", pkgver:\"3.3.4-8ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"qt3-designer\", pkgver:\"3.3.4-8ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"qt3-dev-tools\", pkgver:\"3.3.4-8ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"qt3-dev-tools-compat\", pkgver:\"3.3.4-8ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"qt3-dev-tools-embedded\", pkgver:\"3.3.4-8ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"qt3-doc\", pkgver:\"3.3.4-8ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"qt3-examples\", pkgver:\"3.3.4-8ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"qt3-linguist\", pkgver:\"3.3.4-8ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"qt3-qtconfig\", pkgver:\"3.3.4-8ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"kdelibs\", pkgver:\"3.5.2-0ubuntu18.4\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"kdelibs-bin\", pkgver:\"3.5.2-0ubuntu18.4\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"kdelibs-data\", pkgver:\"3.5.2-0ubuntu18.4\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"kdelibs-dbg\", pkgver:\"3.5.2-0ubuntu18.4\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"kdelibs4-dev\", pkgver:\"3.5.2-0ubuntu18.4\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"kdelibs4-doc\", pkgver:\"3.5.2-0ubuntu18.4\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"kdelibs4c2a\", pkgver:\"4:3.5.2-0ubuntu18.4\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libqt3-compat-headers\", pkgver:\"3.3.6-1ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libqt3-headers\", pkgver:\"3.3.6-1ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libqt3-i18n\", pkgver:\"3.3.6-1ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libqt3-mt\", pkgver:\"3:3.3.6-1ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libqt3-mt-dev\", pkgver:\"3.3.6-1ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libqt3-mt-mysql\", pkgver:\"3.3.6-1ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libqt3-mt-odbc\", pkgver:\"3.3.6-1ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libqt3-mt-psql\", pkgver:\"3.3.6-1ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libqt3-mt-sqlite\", pkgver:\"3.3.6-1ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"qt-x11-free-dbg\", pkgver:\"3.3.6-1ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"qt3-apps-dev\", pkgver:\"3.3.6-1ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"qt3-assistant\", pkgver:\"3.3.6-1ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"qt3-designer\", pkgver:\"3.3.6-1ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"qt3-dev-tools\", pkgver:\"3.3.6-1ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"qt3-dev-tools-compat\", pkgver:\"3.3.6-1ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"qt3-dev-tools-embedded\", pkgver:\"3.3.6-1ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"qt3-doc\", pkgver:\"3.3.6-1ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"qt3-examples\", pkgver:\"3.3.6-1ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"qt3-linguist\", pkgver:\"3.3.6-1ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"qt3-qtconfig\", pkgver:\"3.3.6-1ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"kdelibs\", pkgver:\"3.5.5-0ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"kdelibs-data\", pkgver:\"3.5.5-0ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"kdelibs-dbg\", pkgver:\"3.5.5-0ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"kdelibs4-dev\", pkgver:\"3.5.5-0ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"kdelibs4-doc\", pkgver:\"3.5.5-0ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"kdelibs4c2a\", pkgver:\"4:3.5.5-0ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libqt3-compat-headers\", pkgver:\"3.3.6-3ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libqt3-headers\", pkgver:\"3.3.6-3ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libqt3-i18n\", pkgver:\"3.3.6-3ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libqt3-mt\", pkgver:\"3:3.3.6-3ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libqt3-mt-dev\", pkgver:\"3.3.6-3ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libqt3-mt-mysql\", pkgver:\"3.3.6-3ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libqt3-mt-odbc\", pkgver:\"3.3.6-3ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libqt3-mt-psql\", pkgver:\"3.3.6-3ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libqt3-mt-sqlite\", pkgver:\"3.3.6-3ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"qt-x11-free-dbg\", pkgver:\"3.3.6-3ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"qt3-apps-dev\", pkgver:\"3.3.6-3ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"qt3-assistant\", pkgver:\"3.3.6-3ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"qt3-designer\", pkgver:\"3.3.6-3ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"qt3-dev-tools\", pkgver:\"3.3.6-3ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"qt3-dev-tools-compat\", pkgver:\"3.3.6-3ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"qt3-dev-tools-embedded\", pkgver:\"3.3.6-3ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"qt3-doc\", pkgver:\"3.3.6-3ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"qt3-examples\", pkgver:\"3.3.6-3ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"qt3-linguist\", pkgver:\"3.3.6-3ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"qt3-qtconfig\", pkgver:\"3.3.6-3ubuntu3.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kdelibs / kdelibs-bin / kdelibs-data / kdelibs-dbg / kdelibs4-dev / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:11:45", "bulletinFamily": "scanner", "description": "Andreas Nolden discover a bug in qt4, where the UTF8 decoder does not reject overlong sequences, which can cause '/../' injection or (in the case of konqueror) a '<script>' tag injection.\n\nUpdated packages have been patched to address this issue.\n\nUpdate :\n\nPackages for Mandriva Linux 2007.1 are now available.", "modified": "2018-07-19T00:00:00", "id": "MANDRAKE_MDKSA-2007-075.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=37324", "published": "2009-04-23T00:00:00", "title": "Mandrake Linux Security Advisory : qt4 (MDKSA-2007:075-1)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2007:075. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(37324);\n script_version (\"1.10\");\n script_cvs_date(\"Date: 2018/07/19 20:59:14\");\n\n script_cve_id(\"CVE-2007-0242\");\n script_xref(name:\"MDKSA\", value:\"2007:075-1\");\n\n script_name(english:\"Mandrake Linux Security Advisory : qt4 (MDKSA-2007:075-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Andreas Nolden discover a bug in qt4, where the UTF8 decoder does not\nreject overlong sequences, which can cause '/../' injection or (in the\ncase of konqueror) a '<script>' tag injection.\n\nUpdated packages have been patched to address this issue.\n\nUpdate :\n\nPackages for Mandriva Linux 2007.1 are now available.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64qassistant1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64qt3support4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64qt4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64qtcore4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64qtdbus4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64qtdesigner1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64qtgui4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64qtnetwork4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64qtopengl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64qtsql4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64qtsvg4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64qttest4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64qtuitools4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64qtxml4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libqassistant1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libqt3support4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libqt4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libqtcore4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libqtdbus4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libqtdesigner1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libqtgui4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libqtnetwork4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libqtopengl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libqtsql4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libqtsvg4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libqttest4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libqtuitools4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libqtxml4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:qt4-accessibility-plugin-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:qt4-accessibility-plugin-lib64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:qt4-assistant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:qt4-codecs-plugin-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:qt4-codecs-plugin-lib64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:qt4-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:qt4-database-plugin-mysql-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:qt4-database-plugin-mysql-lib64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:qt4-database-plugin-odbc-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:qt4-database-plugin-odbc-lib64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:qt4-database-plugin-pgsql-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:qt4-database-plugin-pgsql-lib64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:qt4-database-plugin-sqlite-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:qt4-database-plugin-sqlite-lib64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:qt4-designer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:qt4-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:qt4-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:qt4-linguist\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:qt4-qvfb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:qt4-tutorial\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64qassistant1-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64qt3support4-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64qt4-devel-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64qtcore4-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64qtdbus4-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64qtdesigner1-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64qtgui4-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64qtnetwork4-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64qtopengl4-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64qtsql4-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64qtsvg4-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64qttest4-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64qtuitools4-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64qtxml4-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libqassistant1-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libqt3support4-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libqt4-devel-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libqtcore4-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libqtdbus4-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libqtdesigner1-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libqtgui4-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libqtnetwork4-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libqtopengl4-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libqtsql4-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libqtsvg4-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libqttest4-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libqtuitools4-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libqtxml4-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"qt4-accessibility-plugin-lib-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"qt4-accessibility-plugin-lib64-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"qt4-assistant-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"qt4-codecs-plugin-lib-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"qt4-codecs-plugin-lib64-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"qt4-common-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"qt4-database-plugin-mysql-lib-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"qt4-database-plugin-mysql-lib64-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"qt4-database-plugin-odbc-lib-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"qt4-database-plugin-odbc-lib64-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"qt4-database-plugin-pgsql-lib-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"qt4-database-plugin-pgsql-lib64-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"qt4-database-plugin-sqlite-lib-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"qt4-database-plugin-sqlite-lib64-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"qt4-designer-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"qt4-doc-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"qt4-examples-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"qt4-linguist-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"qt4-qvfb-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"qt4-tutorial-4.2.3-3.1mdv2007.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "openvas": [{"lastseen": "2017-07-24T12:56:40", "bulletinFamily": "scanner", "description": "Check for the Version of kdelibs", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=830287", "id": "OPENVAS:830287", "title": "Mandriva Update for kdelibs MDKSA-2007:076 (kdelibs)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for kdelibs MDKSA-2007:076 (kdelibs)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A bug was discovered in KJS where UTF8 decoding did not reject\n overlong sequences. This vulnerability is similar to that discovered\n by Andreas Nolden in QT3 and QT4, but at this current time there is\n no known exploit for this issue.\n\n Updated packages have been patched to address this issue.\";\n\ntag_affected = \"kdelibs on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-04/msg00002.php\");\n script_id(830287);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:53:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"MDKSA\", value: \"2007:076\");\n script_cve_id(\"CVE-2007-0242\");\n script_name( \"Mandriva Update for kdelibs MDKSA-2007:076 (kdelibs)\");\n\n script_summary(\"Check for the Version of kdelibs\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"kdelibs-common\", rpm:\"kdelibs-common~3.5.4~19.5mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdelibs-devel-doc\", rpm:\"kdelibs-devel-doc~3.5.4~19.5mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkdecore4\", rpm:\"libkdecore4~3.5.4~19.5mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkdecore4-devel\", rpm:\"libkdecore4-devel~3.5.4~19.5mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdelibs\", rpm:\"kdelibs~3.5.4~19.5mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64kdecore4\", rpm:\"lib64kdecore4~3.5.4~19.5mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64kdecore4-devel\", rpm:\"lib64kdecore4-devel~3.5.4~19.5mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:11", "bulletinFamily": "scanner", "description": "The remote host is missing an update as announced\nvia advisory SSA:2007-093-03.", "modified": "2019-03-15T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:136141256231058197", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231058197", "title": "Slackware Advisory SSA:2007-093-03 qt", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2007_093_03.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.58197\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2007-0242\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2007-093-03 qt\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(10\\.2|11\\.0)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2007-093-03\");\n\n script_tag(name:\"insight\", value:\"New qt packages are available for Slackware 10.2, 11.0, and -current to\nfix a security issue.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2007-093-03.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"qt\", ver:\"3.3.4-i486-4_slack10.2\", rls:\"SLK10.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"qt\", ver:\"3.3.8-i486-1_slack11.0\", rls:\"SLK11.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2018-04-09T11:40:14", "bulletinFamily": "scanner", "description": "Check for the Version of kdelibs", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830287", "id": "OPENVAS:1361412562310830287", "title": "Mandriva Update for kdelibs MDKSA-2007:076 (kdelibs)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for kdelibs MDKSA-2007:076 (kdelibs)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A bug was discovered in KJS where UTF8 decoding did not reject\n overlong sequences. This vulnerability is similar to that discovered\n by Andreas Nolden in QT3 and QT4, but at this current time there is\n no known exploit for this issue.\n\n Updated packages have been patched to address this issue.\";\n\ntag_affected = \"kdelibs on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-04/msg00002.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830287\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:53:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"MDKSA\", value: \"2007:076\");\n script_cve_id(\"CVE-2007-0242\");\n script_name( \"Mandriva Update for kdelibs MDKSA-2007:076 (kdelibs)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of kdelibs\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"kdelibs-common\", rpm:\"kdelibs-common~3.5.4~19.5mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdelibs-devel-doc\", rpm:\"kdelibs-devel-doc~3.5.4~19.5mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkdecore4\", rpm:\"libkdecore4~3.5.4~19.5mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libkdecore4-devel\", rpm:\"libkdecore4-devel~3.5.4~19.5mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdelibs\", rpm:\"kdelibs~3.5.4~19.5mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64kdecore4\", rpm:\"lib64kdecore4~3.5.4~19.5mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64kdecore4-devel\", rpm:\"lib64kdecore4-devel~3.5.4~19.5mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:51:04", "bulletinFamily": "scanner", "description": "The remote host is missing an update as announced\nvia advisory SSA:2007-093-03.", "modified": "2017-07-07T00:00:00", "published": "2012-09-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=58197", "id": "OPENVAS:58197", "title": "Slackware Advisory SSA:2007-093-03 qt", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2007_093_03.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New qt packages are available for Slackware 10.2, 11.0, and -current to\nfix a security issue.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2007-093-03.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2007-093-03\";\n \nif(description)\n{\n script_id(58197);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2007-0242\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2007-093-03 qt \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"qt\", ver:\"3.3.4-i486-4_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"qt\", ver:\"3.3.8-i486-1_slack11.0\", rls:\"SLK11.0\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-09T11:39:27", "bulletinFamily": "scanner", "description": "Check for the Version of qt3", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830288", "id": "OPENVAS:1361412562310830288", "type": "openvas", "title": "Mandriva Update for qt3 MDKSA-2007:074 (qt3)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for qt3 MDKSA-2007:074 (qt3)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Andreas Nolden discover a bug in qt3, where the UTF8 decoder does\n not reject overlong sequences, which can cause &quot;/../&quot; injection or\n (in the case of konqueror) a &quot;&lt;script&gt;&quot; tag injection.\n\n Updated packages have been patched to address this issue.\";\n\ntag_affected = \"qt3 on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-04/msg00001.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830288\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:53:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"MDKSA\", value: \"2007:074\");\n script_cve_id(\"CVE-2007-0242\");\n script_name( \"Mandriva Update for qt3 MDKSA-2007:074 (qt3)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of qt3\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libdesignercore1\", rpm:\"libdesignercore1~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libeditor1\", rpm:\"libeditor1~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqassistantclient1\", rpm:\"libqassistantclient1~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt3\", rpm:\"libqt3~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt3-devel\", rpm:\"libqt3-devel~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt3-mysql\", rpm:\"libqt3-mysql~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt3-odbc\", rpm:\"libqt3-odbc~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt3-psql\", rpm:\"libqt3-psql~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt3-sqlite\", rpm:\"libqt3-sqlite~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt3-static-devel\", rpm:\"libqt3-static-devel~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt3-common\", rpm:\"qt3-common~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt3-doc\", rpm:\"qt3-doc~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt3-example\", rpm:\"qt3-example~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt3-tutorial\", rpm:\"qt3-tutorial~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt3\", rpm:\"qt3~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64designercore1\", rpm:\"lib64designercore1~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64editor1\", rpm:\"lib64editor1~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64qassistantclient1\", rpm:\"lib64qassistantclient1~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64qt3\", rpm:\"lib64qt3~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64qt3-devel\", rpm:\"lib64qt3-devel~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64qt3-mysql\", rpm:\"lib64qt3-mysql~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64qt3-odbc\", rpm:\"lib64qt3-odbc~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64qt3-psql\", rpm:\"lib64qt3-psql~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64qt3-sqlite\", rpm:\"lib64qt3-sqlite~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64qt3-static-devel\", rpm:\"lib64qt3-static-devel~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:56:22", "bulletinFamily": "scanner", "description": "Check for the Version of qt3", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=830288", "id": "OPENVAS:830288", "title": "Mandriva Update for qt3 MDKSA-2007:074 (qt3)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for qt3 MDKSA-2007:074 (qt3)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Andreas Nolden discover a bug in qt3, where the UTF8 decoder does\n not reject overlong sequences, which can cause &quot;/../&quot; injection or\n (in the case of konqueror) a &quot;&lt;script&gt;&quot; tag injection.\n\n Updated packages have been patched to address this issue.\";\n\ntag_affected = \"qt3 on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-04/msg00001.php\");\n script_id(830288);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:53:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"MDKSA\", value: \"2007:074\");\n script_cve_id(\"CVE-2007-0242\");\n script_name( \"Mandriva Update for qt3 MDKSA-2007:074 (qt3)\");\n\n script_summary(\"Check for the Version of qt3\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libdesignercore1\", rpm:\"libdesignercore1~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libeditor1\", rpm:\"libeditor1~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqassistantclient1\", rpm:\"libqassistantclient1~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt3\", rpm:\"libqt3~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt3-devel\", rpm:\"libqt3-devel~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt3-mysql\", rpm:\"libqt3-mysql~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt3-odbc\", rpm:\"libqt3-odbc~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt3-psql\", rpm:\"libqt3-psql~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt3-sqlite\", rpm:\"libqt3-sqlite~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt3-static-devel\", rpm:\"libqt3-static-devel~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt3-common\", rpm:\"qt3-common~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt3-doc\", rpm:\"qt3-doc~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt3-example\", rpm:\"qt3-example~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt3-tutorial\", rpm:\"qt3-tutorial~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt3\", rpm:\"qt3~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64designercore1\", rpm:\"lib64designercore1~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64editor1\", rpm:\"lib64editor1~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64qassistantclient1\", rpm:\"lib64qassistantclient1~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64qt3\", rpm:\"lib64qt3~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64qt3-devel\", rpm:\"lib64qt3-devel~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64qt3-mysql\", rpm:\"lib64qt3-mysql~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64qt3-odbc\", rpm:\"lib64qt3-odbc~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64qt3-psql\", rpm:\"lib64qt3-psql~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64qt3-sqlite\", rpm:\"lib64qt3-sqlite~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64qt3-static-devel\", rpm:\"lib64qt3-static-devel~3.3.6~18.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:55:59", "bulletinFamily": "scanner", "description": "Check for the Version of qt4", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=830014", "id": "OPENVAS:830014", "title": "Mandriva Update for qt4 MDKSA-2007:075 (qt4)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for qt4 MDKSA-2007:075 (qt4)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Andreas Nolden discover a bug in qt4, where the UTF8 decoder does\n not reject overlong sequences, which can cause &quot;/../&quot; injection or\n (in the case of konqueror) a &quot;&lt;script&gt;&quot; tag injection.\n\n Updated packages have been patched to address this issue.\";\n\ntag_affected = \"qt4 on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-04/msg00003.php\");\n script_id(830014);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:53:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"MDKSA\", value: \"2007:075\");\n script_cve_id(\"CVE-2007-0242\");\n script_name( \"Mandriva Update for qt4 MDKSA-2007:075 (qt4)\");\n\n script_summary(\"Check for the Version of qt4\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libqassistant1\", rpm:\"libqassistant1~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt3support4\", rpm:\"libqt3support4~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4-devel\", rpm:\"libqt4-devel~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqtcore4\", rpm:\"libqtcore4~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqtdesigner1\", rpm:\"libqtdesigner1~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqtgui4\", rpm:\"libqtgui4~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqtnetwork4\", rpm:\"libqtnetwork4~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqtopengl4\", rpm:\"libqtopengl4~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqtsql4\", rpm:\"libqtsql4~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqtsvg4\", rpm:\"libqtsvg4~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqttest4\", rpm:\"libqttest4~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqtuitools4\", rpm:\"libqtuitools4~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqtxml4\", rpm:\"libqtxml4~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt4-accessibility-plugin-lib\", rpm:\"qt4-accessibility-plugin-lib~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt4-assistant\", rpm:\"qt4-assistant~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt4-common\", rpm:\"qt4-common~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt4-database-plugin-mysql-lib\", rpm:\"qt4-database-plugin-mysql-lib~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt4-database-plugin-odbc-lib\", rpm:\"qt4-database-plugin-odbc-lib~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt4-database-plugin-pgsql-lib\", rpm:\"qt4-database-plugin-pgsql-lib~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt4-database-plugin-sqlite-lib\", rpm:\"qt4-database-plugin-sqlite-lib~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt4-designer\", rpm:\"qt4-designer~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt4-doc\", rpm:\"qt4-doc~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt4-examples\", rpm:\"qt4-examples~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt4-linguist\", rpm:\"qt4-linguist~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt4-tutorial\", rpm:\"qt4-tutorial~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt4\", rpm:\"qt4~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64qassistant1\", rpm:\"lib64qassistant1~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64qt3support4\", rpm:\"lib64qt3support4~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64qt4-devel\", rpm:\"lib64qt4-devel~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64qtcore4\", rpm:\"lib64qtcore4~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64qtdesigner1\", rpm:\"lib64qtdesigner1~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64qtgui4\", rpm:\"lib64qtgui4~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64qtnetwork4\", rpm:\"lib64qtnetwork4~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64qtopengl4\", rpm:\"lib64qtopengl4~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64qtsql4\", rpm:\"lib64qtsql4~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64qtsvg4\", rpm:\"lib64qtsvg4~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64qttest4\", rpm:\"lib64qttest4~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64qtuitools4\", rpm:\"lib64qtuitools4~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64qtxml4\", rpm:\"lib64qtxml4~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt4-accessibility-plugin-lib64\", rpm:\"qt4-accessibility-plugin-lib64~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt4-database-plugin-mysql-lib64\", rpm:\"qt4-database-plugin-mysql-lib64~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt4-database-plugin-odbc-lib64\", rpm:\"qt4-database-plugin-odbc-lib64~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt4-database-plugin-pgsql-lib64\", rpm:\"qt4-database-plugin-pgsql-lib64~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt4-database-plugin-sqlite-lib64\", rpm:\"qt4-database-plugin-sqlite-lib64~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-09T11:38:23", "bulletinFamily": "scanner", "description": "Check for the Version of qt4", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830014", "id": "OPENVAS:1361412562310830014", "type": "openvas", "title": "Mandriva Update for qt4 MDKSA-2007:075 (qt4)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for qt4 MDKSA-2007:075 (qt4)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Andreas Nolden discover a bug in qt4, where the UTF8 decoder does\n not reject overlong sequences, which can cause &quot;/../&quot; injection or\n (in the case of konqueror) a &quot;&lt;script&gt;&quot; tag injection.\n\n Updated packages have been patched to address this issue.\";\n\ntag_affected = \"qt4 on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-04/msg00003.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830014\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:53:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"MDKSA\", value: \"2007:075\");\n script_cve_id(\"CVE-2007-0242\");\n script_name( \"Mandriva Update for qt4 MDKSA-2007:075 (qt4)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of qt4\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libqassistant1\", rpm:\"libqassistant1~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt3support4\", rpm:\"libqt3support4~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqt4-devel\", rpm:\"libqt4-devel~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqtcore4\", rpm:\"libqtcore4~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqtdesigner1\", rpm:\"libqtdesigner1~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqtgui4\", rpm:\"libqtgui4~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqtnetwork4\", rpm:\"libqtnetwork4~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqtopengl4\", rpm:\"libqtopengl4~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqtsql4\", rpm:\"libqtsql4~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqtsvg4\", rpm:\"libqtsvg4~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqttest4\", rpm:\"libqttest4~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqtuitools4\", rpm:\"libqtuitools4~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libqtxml4\", rpm:\"libqtxml4~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt4-accessibility-plugin-lib\", rpm:\"qt4-accessibility-plugin-lib~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt4-assistant\", rpm:\"qt4-assistant~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt4-common\", rpm:\"qt4-common~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt4-database-plugin-mysql-lib\", rpm:\"qt4-database-plugin-mysql-lib~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt4-database-plugin-odbc-lib\", rpm:\"qt4-database-plugin-odbc-lib~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt4-database-plugin-pgsql-lib\", rpm:\"qt4-database-plugin-pgsql-lib~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt4-database-plugin-sqlite-lib\", rpm:\"qt4-database-plugin-sqlite-lib~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt4-designer\", rpm:\"qt4-designer~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt4-doc\", rpm:\"qt4-doc~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt4-examples\", rpm:\"qt4-examples~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt4-linguist\", rpm:\"qt4-linguist~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt4-tutorial\", rpm:\"qt4-tutorial~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt4\", rpm:\"qt4~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64qassistant1\", rpm:\"lib64qassistant1~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64qt3support4\", rpm:\"lib64qt3support4~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64qt4-devel\", rpm:\"lib64qt4-devel~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64qtcore4\", rpm:\"lib64qtcore4~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64qtdesigner1\", rpm:\"lib64qtdesigner1~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64qtgui4\", rpm:\"lib64qtgui4~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64qtnetwork4\", rpm:\"lib64qtnetwork4~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64qtopengl4\", rpm:\"lib64qtopengl4~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64qtsql4\", rpm:\"lib64qtsql4~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64qtsvg4\", rpm:\"lib64qtsvg4~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64qttest4\", rpm:\"lib64qttest4~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64qtuitools4\", rpm:\"lib64qtuitools4~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64qtxml4\", rpm:\"lib64qtxml4~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt4-accessibility-plugin-lib64\", rpm:\"qt4-accessibility-plugin-lib64~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt4-database-plugin-mysql-lib64\", rpm:\"qt4-database-plugin-mysql-lib64~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt4-database-plugin-odbc-lib64\", rpm:\"qt4-database-plugin-odbc-lib64~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt4-database-plugin-pgsql-lib64\", rpm:\"qt4-database-plugin-pgsql-lib64~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt4-database-plugin-sqlite-lib64\", rpm:\"qt4-database-plugin-sqlite-lib64~4.1.4~12.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-12-04T11:29:05", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-452-1", "modified": "2017-12-01T00:00:00", "published": "2009-03-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840141", "id": "OPENVAS:840141", "title": "Ubuntu Update for kdelibs, qt-x11-free vulnerability USN-452-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_452_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for kdelibs, qt-x11-free vulnerability USN-452-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Qt library did not correctly handle truncated UTF8 strings, which\n could cause some applications to incorrectly filter malicious strings.\n If a Konqueror user were tricked into visiting a web site containing\n specially crafted strings, normal XSS prevention could be bypassed\n allowing a remote attacker to steal confidential data.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-452-1\";\ntag_affected = \"kdelibs, qt-x11-free vulnerability on Ubuntu 5.10 ,\n Ubuntu 6.06 LTS ,\n Ubuntu 6.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-452-1/\");\n script_id(840141);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:55:18 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"USN\", value: \"452-1\");\n script_cve_id(\"CVE-2007-0242\");\n script_name( \"Ubuntu Update for kdelibs, qt-x11-free vulnerability USN-452-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"kdelibs-bin\", ver:\"3.5.2-0ubuntu18.4\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kdelibs-dbg\", ver:\"3.5.2-0ubuntu18.4\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kdelibs4-dev\", ver:\"3.5.2-0ubuntu18.4\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kdelibs4c2a\", ver:\"3.5.2-0ubuntu18.4\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt3-compat-headers\", ver:\"3.3.6-1ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt3-headers\", ver:\"3.3.6-1ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt3-mt-dev\", ver:\"3.3.6-1ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt3-mt-mysql\", ver:\"3.3.6-1ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt3-mt-odbc\", ver:\"3.3.6-1ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt3-mt-psql\", ver:\"3.3.6-1ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt3-mt-sqlite\", ver:\"3.3.6-1ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt3-mt\", ver:\"3.3.6-1ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qt-x11-free-dbg\", ver:\"3.3.6-1ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qt3-apps-dev\", ver:\"3.3.6-1ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qt3-assistant\", ver:\"3.3.6-1ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qt3-designer\", ver:\"3.3.6-1ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qt3-dev-tools-compat\", ver:\"3.3.6-1ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qt3-dev-tools-embedded\", ver:\"3.3.6-1ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qt3-dev-tools\", ver:\"3.3.6-1ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qt3-linguist\", ver:\"3.3.6-1ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qt3-qtconfig\", ver:\"3.3.6-1ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kdelibs-data\", ver:\"3.5.2-0ubuntu18.4\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kdelibs4-doc\", ver:\"3.5.2-0ubuntu18.4\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kdelibs\", ver:\"3.5.2-0ubuntu18.4\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt3-i18n\", ver:\"3.3.6-1ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qt3-doc\", ver:\"3.3.6-1ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qt3-examples\", ver:\"3.3.6-1ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"kdelibs-dbg\", ver:\"3.5.5-0ubuntu3.4\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kdelibs4-dev\", ver:\"3.5.5-0ubuntu3.4\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kdelibs4c2a\", ver:\"3.5.5-0ubuntu3.4\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt3-compat-headers\", ver:\"3.3.6-3ubuntu3.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt3-headers\", ver:\"3.3.6-3ubuntu3.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt3-mt-dev\", ver:\"3.3.6-3ubuntu3.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt3-mt-mysql\", ver:\"3.3.6-3ubuntu3.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt3-mt-odbc\", ver:\"3.3.6-3ubuntu3.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt3-mt-psql\", ver:\"3.3.6-3ubuntu3.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt3-mt-sqlite\", ver:\"3.3.6-3ubuntu3.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt3-mt\", ver:\"3.3.6-3ubuntu3.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qt-x11-free-dbg\", ver:\"3.3.6-3ubuntu3.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qt3-apps-dev\", ver:\"3.3.6-3ubuntu3.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qt3-assistant\", ver:\"3.3.6-3ubuntu3.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qt3-designer\", ver:\"3.3.6-3ubuntu3.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qt3-dev-tools-compat\", ver:\"3.3.6-3ubuntu3.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qt3-dev-tools-embedded\", ver:\"3.3.6-3ubuntu3.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qt3-dev-tools\", ver:\"3.3.6-3ubuntu3.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qt3-linguist\", ver:\"3.3.6-3ubuntu3.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qt3-qtconfig\", ver:\"3.3.6-3ubuntu3.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kdelibs-data\", ver:\"3.5.5-0ubuntu3.4\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kdelibs4-doc\", ver:\"3.5.5-0ubuntu3.4\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kdelibs\", ver:\"3.5.5-0ubuntu3.4\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt3-i18n\", ver:\"3.3.6-3ubuntu3.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qt3-doc\", ver:\"3.3.6-3ubuntu3.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qt3-examples\", ver:\"3.3.6-3ubuntu3.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU5.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"kdelibs-bin\", ver:\"3.4.3-0ubuntu2.4\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kdelibs4-dev\", ver:\"3.4.3-0ubuntu2.4\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kdelibs4c2-dbg\", ver:\"3.4.3-0ubuntu2.4\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kdelibs4c2\", ver:\"3.4.3-0ubuntu2.4\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt3-compat-headers\", ver:\"3.3.4-8ubuntu5.2\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt3-headers\", ver:\"3.3.4-8ubuntu5.2\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt3-mt-dbg\", ver:\"3.3.4-8ubuntu5.2\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt3-mt-dev\", ver:\"3.3.4-8ubuntu5.2\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt3-mt-ibase\", ver:\"3.3.4-8ubuntu5.2\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt3-mt-mysql\", ver:\"3.3.4-8ubuntu5.2\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt3-mt-odbc\", ver:\"3.3.4-8ubuntu5.2\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt3-mt-psql\", ver:\"3.3.4-8ubuntu5.2\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt3-mt-sqlite\", ver:\"3.3.4-8ubuntu5.2\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt3-mt\", ver:\"3.3.4-8ubuntu5.2\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qt3-apps-dev\", ver:\"3.3.4-8ubuntu5.2\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qt3-assistant\", ver:\"3.3.4-8ubuntu5.2\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qt3-designer\", ver:\"3.3.4-8ubuntu5.2\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qt3-dev-tools-compat\", ver:\"3.3.4-8ubuntu5.2\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qt3-dev-tools-embedded\", ver:\"3.3.4-8ubuntu5.2\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qt3-dev-tools\", ver:\"3.3.4-8ubuntu5.2\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qt3-linguist\", ver:\"3.3.4-8ubuntu5.2\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qt3-qtconfig\", ver:\"3.3.4-8ubuntu5.2\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kdelibs-data\", ver:\"3.4.3-0ubuntu2.4\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kdelibs4-doc\", ver:\"3.4.3-0ubuntu2.4\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kdelibs\", ver:\"3.4.3-0ubuntu2.4\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt3-i18n\", ver:\"3.3.4-8ubuntu5.2\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qt3-doc\", ver:\"3.3.4-8ubuntu5.2\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qt3-examples\", ver:\"3.3.4-8ubuntu5.2\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-06T11:39:30", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n qt3-devel\n qt3\n qt3-non-mt\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5013213 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065339", "id": "OPENVAS:136141256231065339", "type": "openvas", "title": "SLES9: Security update for Qt3", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5013213.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for Qt3\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n qt3-devel\n qt3\n qt3-non-mt\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5013213 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65339\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-0242\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"SLES9: Security update for Qt3\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"qt3-devel\", rpm:\"qt3-devel~3.3.1~36.27\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Secunia Advisory ID:24726](https://secuniaresearch.flexerasoftware.com/advisories/24726/)\n[Secunia Advisory ID:24797](https://secuniaresearch.flexerasoftware.com/advisories/24797/)\n[Secunia Advisory ID:26857](https://secuniaresearch.flexerasoftware.com/advisories/26857/)\n[Secunia Advisory ID:27275](https://secuniaresearch.flexerasoftware.com/advisories/27275/)\n[Secunia Advisory ID:24699](https://secuniaresearch.flexerasoftware.com/advisories/24699/)\n[Secunia Advisory ID:25263](https://secuniaresearch.flexerasoftware.com/advisories/25263/)\n[Secunia Advisory ID:24727](https://secuniaresearch.flexerasoftware.com/advisories/24727/)\n[Secunia Advisory ID:24889](https://secuniaresearch.flexerasoftware.com/advisories/24889/)\n[Secunia Advisory ID:26782](https://secuniaresearch.flexerasoftware.com/advisories/26782/)\n[Secunia Advisory ID:26804](https://secuniaresearch.flexerasoftware.com/advisories/26804/)\n[Secunia Advisory ID:27108](https://secuniaresearch.flexerasoftware.com/advisories/27108/)\n[Secunia Advisory ID:24705](https://secuniaresearch.flexerasoftware.com/advisories/24705/)\n[Secunia Advisory ID:24759](https://secuniaresearch.flexerasoftware.com/advisories/24759/)\n[Secunia Advisory ID:24847](https://secuniaresearch.flexerasoftware.com/advisories/24847/)\nRedHat RHSA: RHSA-2007:0883\nRedHat RHSA: RHSA-2007:0909\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:076\nOther Advisory URL: http://www.ubuntu.com/usn/usn-452-1\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2007-Apr/0002.html\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc\nOther Advisory URL: http://www.trolltech.com/company/newsroom/announcements/press.2007-03-30.9172215350\nOther Advisory URL: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.348591\nOther Advisory URL: http://support.novell.com/techcenter/psdb/39ea4b325a7da742cb8b6995fa585b14.html\nOther Advisory URL: http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00048.html\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:074\nOther Advisory URL: https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00310.html\nOther Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-April/000170.html\nISS X-Force ID: 33397\nFrSIRT Advisory: ADV-2007-1212\n[CVE-2007-0242](https://vulners.com/cve/CVE-2007-0242)\nBugtraq ID: 23269\n", "modified": "2007-03-30T19:03:58", "published": "2007-03-30T19:03:58", "href": "https://vulners.com/osvdb/OSVDB:34679", "id": "OSVDB:34679", "title": "Qt codecs/qutfcodec.cpp UTF-8 Decoder Long Sequence XSS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "slackware": [{"lastseen": "2019-05-30T07:37:23", "bulletinFamily": "unix", "description": "New qt packages are available for Slackware 10.2, 11.0, and -current to\nfix a security issue.\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0242\n\n\nHere are the details from the Slackware 11.0 ChangeLog:\n\npatches/packages/qt-3.3.8-i486-1_slack11.0.tgz:\n Patched an issue where the Qt UTF 8 decoder may in some instances fail to\n reject overlong sequences, possibly allowing &quot;/../&quot; path injection or XSS\n errors.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0242\n (* Security fix *)\n\nWhere to find the new packages:\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/qt-3.3.4-i486-4_slack10.2.tgz\n\nUpdated package for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/qt-3.3.8-i486-1_slack11.0.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/qt-3.3.8-i486-3.tgz\n\n\nMD5 signatures:\n\nSlackware 10.2 package:\n793d29a0b2ace2baf44a3f71ac9a7879 qt-3.3.4-i486-4_slack10.2.tgz\n\nSlackware 11.0 package:\n4c1a3f1c9095156a57f5292e4cb73673 qt-3.3.8-i486-1_slack11.0.tgz\n\nSlackware -current package:\ne8be820d81d7d3486ed9e210500a5e06 qt-3.3.8-i486-3.tgz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg qt-3.3.8-i486-1_slack11.0.tgz", "modified": "2007-04-03T16:23:35", "published": "2007-04-03T16:23:35", "id": "SSA-2007-093-03", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.348591", "title": "qt", "type": "slackware", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:25", "bulletinFamily": "software", "description": "Oversized UTF-8 sequences are not blocking, making it possible to conduct cross-site scripting and directory traversal attacks.", "modified": "2007-04-05T00:00:00", "published": "2007-04-05T00:00:00", "id": "SECURITYVULNS:VULN:7532", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7532", "title": "QT / KJS UTF-8 decoding security vulnerability", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "ubuntu": [{"lastseen": "2019-05-29T17:23:14", "bulletinFamily": "unix", "description": "The Qt library did not correctly handle truncated UTF8 strings, which could cause some applications to incorrectly filter malicious strings. \nIf a Konqueror user were tricked into visiting a web site containing specially crafted strings, normal XSS prevention could be bypassed allowing a remote attacker to steal confidential data.", "modified": "2007-04-11T00:00:00", "published": "2007-04-11T00:00:00", "id": "USN-452-1", "href": "https://usn.ubuntu.com/452-1/", "title": "KDE library vulnerability", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "debian": [{"lastseen": "2019-05-30T02:22:39", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1292-1 security@debian.org\nhttp://www.debian.org/security/ Noah Meyerhans\nMay 15, 2007\n- ------------------------------------------------------------------------\n\nPackage : qt4-x11\nVulnerability : missing input validation\nProblem type : local (remote)\nDebian-specific: no\nCVE Id(s) : CVE-2007-0242\nBugTraq ID : 23269\nDebian Bug : 417391\n\nAndreas Nolden discovered a bug in the UTF8 decoding routines in\nqt4-x11, a C++ GUI library framework, that could allow remote\nattackers to conduct cross-site scripting (XSS) and directory\ntraversal attacks via long sequences that decode to dangerous\nmetacharacters.\n\nFor the stable distribution (etch), this problem has been fixed in version\n4.2.1-2etch1\n\nFor the testing and unstable distribution (lenny and sid, respectively),\nthis problem has been fixed in version 4.2.2-2\n\nWe recommend that you upgrade your qt4-x11 package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-x11_4.2.1-2etch1.dsc\n Size/MD5 checksum: 1390 4c2ac9fc65dc3d31b90473d7ec038f1f\n http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-x11_4.2.1.orig.tar.gz\n Size/MD5 checksum: 37069122 2ab1c88084f55b94809f025a8503bf18\n http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-x11_4.2.1-2etch1.diff.gz\n Size/MD5 checksum: 22806 26c69455f8d09fffdfb9413a18f69174\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-doc_4.2.1-2etch1_all.deb\n Size/MD5 checksum: 21219244 450031c80fd48650103cb7dfb72ea4d3\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.2.1-2etch1_alpha.deb\n Size/MD5 checksum: 1275656 9881f80acbf96bd8279b1ea27bd01486\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.2.1-2etch1_alpha.deb\n Size/MD5 checksum: 1382940 c69e58cc57b87c77332d21f9b8325f94\n http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.2.1-2etch1_alpha.deb\n Size/MD5 checksum: 804814 bdda30be03d1c5cda09caf4c3b7e8803\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.2.1-2etch1_alpha.deb\n Size/MD5 checksum: 354964 14a3d2e028391002861dc94d448880b4\n http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.2.1-2etch1_alpha.deb\n Size/MD5 checksum: 99652 99eddea5a7be2cfccff4689955ebe7b4\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-debug_4.2.1-2etch1_alpha.deb\n Size/MD5 checksum: 57674544 824c85f2ab97e6f480d60730e7244e13\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.2.1-2etch1_alpha.deb\n Size/MD5 checksum: 4784924 76f7f0e56ad72818a905ce5f6eaf55f0\n http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.2.1-2etch1_alpha.deb\n Size/MD5 checksum: 1105144 274482c1b490076e2f05c758ec4dc495\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.2.1-2etch1_alpha.deb\n Size/MD5 checksum: 4983572 1805e33b31231fea005abf49c40f3f59\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.2.1-2etch1_amd64.deb\n Size/MD5 checksum: 1060908 d1132452139c18dd3d2ac96608a4c8f0\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.2.1-2etch1_amd64.deb\n Size/MD5 checksum: 4450316 a4c5af2560005fe85390c54f26118364\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.2.1-2etch1_amd64.deb\n Size/MD5 checksum: 1218820 98d8ef5491e28a96d4ce1e1392341819\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.2.1-2etch1_amd64.deb\n Size/MD5 checksum: 4289826 072954140ccc4baa4869479f52a22d54\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.2.1-2etch1_amd64.deb\n Size/MD5 checksum: 314114 3c4fbf8805f823cce3a19663749ce28f\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-debug_4.2.1-2etch1_amd64.deb\n Size/MD5 checksum: 57719944 6623d3a7b981512c9ade3377d56f1293\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.2.1-2etch1_amd64.deb\n Size/MD5 checksum: 1149424 77f92b9998c9e72cd55be91743a98b74\n http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.2.1-2etch1_amd64.deb\n Size/MD5 checksum: 745864 777718c827eb9469d1b0d00e3c022f99\n http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.2.1-2etch1_amd64.deb\n Size/MD5 checksum: 93040 617ba9729040e8e807de83a42c5faff5\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.2.1-2etch1_arm.deb\n Size/MD5 checksum: 1055018 c366aa156f8e69a474c48564bc62c961\n http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.2.1-2etch1_arm.deb\n Size/MD5 checksum: 93776 7a9f2fe985d327054315b9395d9a2302\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.2.1-2etch1_arm.deb\n Size/MD5 checksum: 1298716 e310e6d3f68b3d253a127c9568659bce\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.2.1-2etch1_arm.deb\n Size/MD5 checksum: 4541218 ffd64eb36975ea6966fa97ccc475e876\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-debug_4.2.1-2etch1_arm.deb\n Size/MD5 checksum: 56246534 31a36213f160a55ace99aae498e7365d\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.2.1-2etch1_arm.deb\n Size/MD5 checksum: 1210244 bb4fac86e13a3517f2e44c86a9c27740\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.2.1-2etch1_arm.deb\n Size/MD5 checksum: 4794816 6ed6b5646d239e646b5801c18b74acd2\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.2.1-2etch1_arm.deb\n Size/MD5 checksum: 307298 a7b9d7864221d557ac0d5095e63dc4f8\n http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.2.1-2etch1_arm.deb\n Size/MD5 checksum: 770368 8d6748f88f3a9351298e0e347f408a43\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.2.1-2etch1_hppa.deb\n Size/MD5 checksum: 809216 1fe4fc9cdfe28bfad2414b4bec85af74\n http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.2.1-2etch1_hppa.deb\n Size/MD5 checksum: 1128178 b8f54f880176fe7e12895ad9064c7c93\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.2.1-2etch1_hppa.deb\n Size/MD5 checksum: 1340368 255976d3ae74ca14515472d488901e64\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-debug_4.2.1-2etch1_hppa.deb\n Size/MD5 checksum: 58312188 d2f094e801e33e16a9446fe3572ca610\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.2.1-2etch1_hppa.deb\n Size/MD5 checksum: 355658 a95ec7dcf56c20b954aee8ff10b0f173\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.2.1-2etch1_hppa.deb\n Size/MD5 checksum: 4739266 4143c9da6aa61901a3625d77c5c3c153\n http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.2.1-2etch1_hppa.deb\n Size/MD5 checksum: 96074 140da2f0044b74ad4383d25ed34fc468\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.2.1-2etch1_hppa.deb\n Size/MD5 checksum: 5280406 781a99fd06622a1990eaabd07d2e2712\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.2.1-2etch1_hppa.deb\n Size/MD5 checksum: 1465076 dbd19481eb0e288eb7feeb31166821b4\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.2.1-2etch1_i386.deb\n Size/MD5 checksum: 94586 eb2c6657681088447e0a585adf983138\n http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.2.1-2etch1_i386.deb\n Size/MD5 checksum: 1066694 0c65ef16a35d69e972071299e1d3a13e\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.2.1-2etch1_i386.deb\n Size/MD5 checksum: 4550080 81753f24013af9c577c7eb771434afbc\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.2.1-2etch1_i386.deb\n Size/MD5 checksum: 4199428 bbf899840ae7286865a92c9e17940291\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.2.1-2etch1_i386.deb\n Size/MD5 checksum: 312216 48fc45a20df755a11f06e17b34800fa6\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-debug_4.2.1-2etch1_i386.deb\n Size/MD5 checksum: 57201286 b3050cfaf7da40499b893a10d34303f0\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.2.1-2etch1_i386.deb\n Size/MD5 checksum: 1251866 754eca55b5ff761ac5bcaf210561dd72\n http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.2.1-2etch1_i386.deb\n Size/MD5 checksum: 746044 b488d7f7346dabef14ca25337efc5b94\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.2.1-2etch1_i386.deb\n Size/MD5 checksum: 1166868 5c6e7224ac092a5d662c21348bab2faf\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-debug_4.2.1-2etch1_ia64.deb\n Size/MD5 checksum: 60656170 7b72a4b2d98515ee515a7f10c9de1054\n http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.2.1-2etch1_ia64.deb\n Size/MD5 checksum: 1157546 51a41ba4dbacde924848a945a1f81b21\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.2.1-2etch1_ia64.deb\n Size/MD5 checksum: 5375122 f5650dc28f8d1904477f84fa002a53ff\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.2.1-2etch1_ia64.deb\n Size/MD5 checksum: 1740530 5203ed92c63ece02d823fa33bba90f19\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.2.1-2etch1_ia64.deb\n Size/MD5 checksum: 6199458 d80d3c0c99eedff63b6232e19c5251fa\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.2.1-2etch1_ia64.deb\n Size/MD5 checksum: 462094 4dbedf485d1ec9b8f58da266dc8d401c\n http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.2.1-2etch1_ia64.deb\n Size/MD5 checksum: 905070 433ea41ca28261e92f47f743963f1468\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.2.1-2etch1_ia64.deb\n Size/MD5 checksum: 1546870 a689b021b507768cd7d0baeb2754934a\n http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.2.1-2etch1_ia64.deb\n Size/MD5 checksum: 108218 fa39a4c25e8bda9df57226b85922ac14\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.2.1-2etch1_mips.deb\n Size/MD5 checksum: 775224 97d4a39c282ca5a44ba10d74c6e1074d\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.2.1-2etch1_mips.deb\n Size/MD5 checksum: 1267642 52a55aac3703510174eff514946e4621\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.2.1-2etch1_mips.deb\n Size/MD5 checksum: 4575350 ee7acf7cc6cebaf05ddd3a31a1fadf27\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.2.1-2etch1_mips.deb\n Size/MD5 checksum: 4509728 db94a4a237eaefa2bf447f94bc888ec9\n http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.2.1-2etch1_mips.deb\n Size/MD5 checksum: 1093532 d0aa4bcf536d5d7989cd8071af33217c\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-debug_4.2.1-2etch1_mips.deb\n Size/MD5 checksum: 60613590 1b0d386bcca8a00db87ca5a4e23e402a\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.2.1-2etch1_mips.deb\n Size/MD5 checksum: 1180824 54c2a87fd8d67361ebf5c78270f6a66b\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.2.1-2etch1_mips.deb\n Size/MD5 checksum: 320206 7789c807a1fe31b4864c0c7807d4726f\n http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.2.1-2etch1_mips.deb\n Size/MD5 checksum: 89790 7d8dc360830c9e26886997b7d936f865\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-debug_4.2.1-2etch1_mipsel.deb\n Size/MD5 checksum: 58682414 6ccf415d98066de8c88740f333650e75\n http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.2.1-2etch1_mipsel.deb\n Size/MD5 checksum: 88984 f0d917896869a60c73d04143da8eb9ed\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.2.1-2etch1_mipsel.deb\n Size/MD5 checksum: 4501958 e639d6d42ebcf1740d89aab3d0bb2349\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.2.1-2etch1_mipsel.deb\n Size/MD5 checksum: 1244648 a61de73073314a993b1c496269f2386b\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.2.1-2etch1_mipsel.deb\n Size/MD5 checksum: 1165558 56cdfe56228f4997fdb4d55de9fe69c7\n http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.2.1-2etch1_mipsel.deb\n Size/MD5 checksum: 767872 12efd46d666b5bba92988f8978d9de2f\n http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.2.1-2etch1_mipsel.deb\n Size/MD5 checksum: 1084962 c84ae262e8e990b023b983398c2fa264\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.2.1-2etch1_mipsel.deb\n Size/MD5 checksum: 317962 86654f4e48815b73433cc490552bac34\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.2.1-2etch1_mipsel.deb\n Size/MD5 checksum: 4458462 b7da275811d0876147c89679719e6bda\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.2.1-2etch1_powerpc.deb\n Size/MD5 checksum: 1260698 434fe2dea53091d065a051ebdfd185df\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.2.1-2etch1_powerpc.deb\n Size/MD5 checksum: 314962 62d1fc646a8c3bfb4088de4cf8eefd0c\n http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.2.1-2etch1_powerpc.deb\n Size/MD5 checksum: 745092 1e2dbc6fcf92f9d7dd4dab742801b2b5\n http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.2.1-2etch1_powerpc.deb\n Size/MD5 checksum: 92554 b8b238fa9a91213c282d6acb4a36c01a\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.2.1-2etch1_powerpc.deb\n Size/MD5 checksum: 4305914 ec352d9fa9ba15e7ad8d3208a1f4e88f\n http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.2.1-2etch1_powerpc.deb\n Size/MD5 checksum: 1091118 3adfc9ee772f23aa0d0d86be3ae7b701\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.2.1-2etch1_powerpc.deb\n Size/MD5 checksum: 4613226 3d8e6ecb9ff861f444b04e5c0032f6d5\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-debug_4.2.1-2etch1_powerpc.deb\n Size/MD5 checksum: 59534372 abe612c0bd5106df037b8d13773474b1\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.2.1-2etch1_powerpc.deb\n Size/MD5 checksum: 1208706 80591ac1f934fc4586cf75c3f18a2ef9\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.2.1-2etch1_s390.deb\n Size/MD5 checksum: 1293112 98d87330afadfceeb02a9485ae462f09\n http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.2.1-2etch1_s390.deb\n Size/MD5 checksum: 755026 9f57b048c549abf1d5afbce1254c0866\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.2.1-2etch1_s390.deb\n Size/MD5 checksum: 1234676 e0ebb9c25313368b191a1787abf45068\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.2.1-2etch1_s390.deb\n Size/MD5 checksum: 334764 0c2bc32d9b9b556c36afd728ca611dd8\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-debug_4.2.1-2etch1_s390.deb\n Size/MD5 checksum: 60276010 62f1448ae21529981eaf5c951e88934c\n http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.2.1-2etch1_s390.deb\n Size/MD5 checksum: 84988 59d44e33d426d4c0cd33cc73d2408bfb\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.2.1-2etch1_s390.deb\n Size/MD5 checksum: 4187694 c96e42864ad741ce3937df5b3d6a4859\n http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.2.1-2etch1_s390.deb\n Size/MD5 checksum: 1055562 c7991163a1460813235e40bedb1a09de\n http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.2.1-2etch1_s390.deb\n Size/MD5 checksum: 4604590 fb787e541f7e908a2de260a59c4273a3\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "modified": "2007-05-15T00:00:00", "published": "2007-05-15T00:00:00", "id": "DEBIAN:DSA-1292-1:E639E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00048.html", "title": "[SECURITY] [DSA 1292-1] New qt4-x11 packages fix cross-site scripting vulnerability", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "centos": [{"lastseen": "2019-05-29T18:33:25", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2007:0883\n\n\nQt is a software toolkit that simplifies the task of writing and\r\nmaintaining GUI (Graphical User Interface) applications for the X Window\r\nSystem.\r\n\r\nA flaw was found in the way Qt expanded certain UTF8 characters. It was\r\npossible to prevent a Qt-based application from properly sanitizing user\r\nsupplied input. This could, for example, result in a cross-site scripting\r\nattack against the Konqueror web browser. (CVE-2007-0242)\r\n\r\nA buffer overflow flaw was found in the way Qt expanded malformed Unicode\r\nstrings. If an application linked against Qt parsed a malicious Unicode\r\nstring, it could lead to a denial of service or possibly allow the\r\nexecution of arbitrary code. (CVE-2007-4137)\r\n\r\nUsers of Qt should upgrade to these updated packages, which contain a\r\nbackported patch to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/014190.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/014191.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/014192.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/014193.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/014194.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/014195.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/014199.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/014200.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/014235.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/014236.html\n\n**Affected packages:**\nqt\nqt-MySQL\nqt-ODBC\nqt-PostgreSQL\nqt-config\nqt-designer\nqt-devel\nqt-devel-docs\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-0883.html", "modified": "2007-09-25T10:22:18", "published": "2007-09-13T18:50:19", "href": "http://lists.centos.org/pipermail/centos-announce/2007-September/014190.html", "id": "CESA-2007:0883", "title": "qt security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:52", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2011:1324\n\n\nQt 4 is a software toolkit that simplifies the task of writing and\nmaintaining GUI (Graphical User Interface) applications for the X Window\nSystem. HarfBuzz is an OpenType text shaping engine.\n\nA flaw in the way Qt 4 expanded certain UTF-8 characters could be used to\nprevent a Qt 4 based application from properly sanitizing user input.\nDepending on the application, this could allow an attacker to perform\ndirectory traversal, or for web applications, a cross-site scripting (XSS)\nattack. (CVE-2007-0242)\n\nA buffer overflow flaw was found in the harfbuzz module in Qt 4. If a user\nloaded a specially-crafted font file with an application linked against Qt\n4, it could cause the application to crash or, possibly, execute arbitrary\ncode with the privileges of the user running the application.\n(CVE-2011-3193)\n\nUsers of Qt 4 should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running applications linked\nagainst Qt 4 libraries must be restarted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-September/017754.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-September/017755.html\n\n**Affected packages:**\nqt4\nqt4-devel\nqt4-doc\nqt4-mysql\nqt4-odbc\nqt4-postgresql\nqt4-sqlite\n\n**Upstream details at:**\n", "modified": "2011-09-21T23:19:28", "published": "2011-09-21T23:19:27", "href": "http://lists.centos.org/pipermail/centos-announce/2011-September/017754.html", "id": "CESA-2011:1324", "title": "qt4 security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:26", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2007:0883-01\n\n\nQt is a software toolkit that simplifies the task of writing and\r\nmaintaining GUI (Graphical User Interface) applications for the X Window\r\nSystem.\r\n\r\nA flaw was found in the way Qt expanded certain UTF8 characters. It was\r\npossible to prevent a Qt-based application from properly sanitizing user\r\nsupplied input. This could, for example, result in a cross-site scripting\r\nattack against the Konqueror web browser. (CVE-2007-0242)\r\n\r\nA buffer overflow flaw was found in the way Qt expanded malformed Unicode\r\nstrings. If an application linked against Qt parsed a malicious Unicode\r\nstring, it could lead to a denial of service or possibly allow the\r\nexecution of arbitrary code. (CVE-2007-4137)\r\n\r\nUsers of Qt should upgrade to these updated packages, which contain a\r\nbackported patch to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/014198.html\n\n**Affected packages:**\nqt\nqt-Xt\nqt-designer\nqt-devel\nqt-static\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "modified": "2007-09-14T01:30:43", "published": "2007-09-14T01:30:43", "href": "http://lists.centos.org/pipermail/centos-announce/2007-September/014198.html", "id": "CESA-2007:0883-01", "title": "qt security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:06", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2007:0909\n\n\nThe kdelibs package provides libraries for the K Desktop Environment (KDE).\r\n\r\nTwo cross-site-scripting flaws were found in the way Konqueror processes\r\ncertain HTML content. This could result in a malicious attacker presenting\r\nmisleading content to an unsuspecting user. (CVE-2007-0242, CVE-2007-0537)\r\n\r\nA flaw was found in KDE JavaScript implementation. A web page containing\r\nmalicious JavaScript code could cause Konqueror to crash. (CVE-2007-1308)\r\n\r\nA flaw was found in the way Konqueror handled certain FTP PASV commands.\r\nA malicious FTP server could use this flaw to perform a rudimentary\r\nport-scan of machines behind a user's firewall. (CVE-2007-1564)\r\n\r\nTwo Konqueror address spoofing flaws have been discovered. It was\r\npossible for a malicious website to cause the Konqueror address bar to\r\ndisplay information which could trick a user into believing they are at a \r\ndifferent website than they actually are. (CVE-2007-3820, CVE-2007-4224)\r\n\r\nUsers of KDE should upgrade to these updated packages, which contain\r\nbackported patches to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-October/014284.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-October/014286.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-October/014292.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-October/014293.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-October/014300.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-October/014301.html\n\n**Affected packages:**\nkdelibs\nkdelibs-apidocs\nkdelibs-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-0909.html", "modified": "2007-10-14T00:42:51", "published": "2007-10-08T18:49:50", "href": "http://lists.centos.org/pipermail/centos-announce/2007-October/014284.html", "id": "CESA-2007:0909", "title": "kdelibs security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:45:32", "bulletinFamily": "unix", "description": "Qt 4 is a software toolkit that simplifies the task of writing and\nmaintaining GUI (Graphical User Interface) applications for the X Window\nSystem. HarfBuzz is an OpenType text shaping engine.\n\nA flaw in the way Qt 4 expanded certain UTF-8 characters could be used to\nprevent a Qt 4 based application from properly sanitizing user input.\nDepending on the application, this could allow an attacker to perform\ndirectory traversal, or for web applications, a cross-site scripting (XSS)\nattack. (CVE-2007-0242)\n\nA buffer overflow flaw was found in the harfbuzz module in Qt 4. If a user\nloaded a specially-crafted font file with an application linked against Qt\n4, it could cause the application to crash or, possibly, execute arbitrary\ncode with the privileges of the user running the application.\n(CVE-2011-3193)\n\nUsers of Qt 4 should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running applications linked\nagainst Qt 4 libraries must be restarted for this update to take effect.\n", "modified": "2017-09-08T12:07:26", "published": "2011-09-21T04:00:00", "id": "RHSA-2011:1324", "href": "https://access.redhat.com/errata/RHSA-2011:1324", "type": "redhat", "title": "(RHSA-2011:1324) Moderate: qt4 security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:33", "bulletinFamily": "unix", "description": "Qt is a software toolkit that simplifies the task of writing and\r\nmaintaining GUI (Graphical User Interface) applications for the X Window\r\nSystem.\r\n\r\nA flaw was found in the way Qt expanded certain UTF8 characters. It was\r\npossible to prevent a Qt-based application from properly sanitizing user\r\nsupplied input. This could, for example, result in a cross-site scripting\r\nattack against the Konqueror web browser. (CVE-2007-0242)\r\n\r\nA buffer overflow flaw was found in the way Qt expanded malformed Unicode\r\nstrings. If an application linked against Qt parsed a malicious Unicode\r\nstring, it could lead to a denial of service or possibly allow the\r\nexecution of arbitrary code. (CVE-2007-4137)\r\n\r\nUsers of Qt should upgrade to these updated packages, which contain a\r\nbackported patch to correct these issues.", "modified": "2019-03-22T23:42:35", "published": "2007-09-13T04:00:00", "id": "RHSA-2007:0883", "href": "https://access.redhat.com/errata/RHSA-2007:0883", "type": "redhat", "title": "(RHSA-2007:0883) Important: qt security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:19", "bulletinFamily": "unix", "description": "The kdelibs package provides libraries for the K Desktop Environment (KDE).\r\n\r\nTwo cross-site-scripting flaws were found in the way Konqueror processes\r\ncertain HTML content. This could result in a malicious attacker presenting\r\nmisleading content to an unsuspecting user. (CVE-2007-0242, CVE-2007-0537)\r\n\r\nA flaw was found in KDE JavaScript implementation. A web page containing\r\nmalicious JavaScript code could cause Konqueror to crash. (CVE-2007-1308)\r\n\r\nA flaw was found in the way Konqueror handled certain FTP PASV commands.\r\nA malicious FTP server could use this flaw to perform a rudimentary\r\nport-scan of machines behind a user's firewall. (CVE-2007-1564)\r\n\r\nTwo Konqueror address spoofing flaws have been discovered. It was\r\npossible for a malicious website to cause the Konqueror address bar to\r\ndisplay information which could trick a user into believing they are at a \r\ndifferent website than they actually are. (CVE-2007-3820, CVE-2007-4224)\r\n\r\nUsers of KDE should upgrade to these updated packages, which contain\r\nbackported patches to correct these issues.", "modified": "2017-09-08T12:14:05", "published": "2007-10-08T04:00:00", "id": "RHSA-2007:0909", "href": "https://access.redhat.com/errata/RHSA-2007:0909", "type": "redhat", "title": "(RHSA-2007:0909) Moderate: kdelibs security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:37", "bulletinFamily": "unix", "description": "[4.2.1-1.1]\n- Resolves: #737815, qt/harfbuzz buffer overflow, CVE-2011-3193\n- Resolves: #234633, UTF-8 overlong sequence decoding vulnerability, CVE-2007-0242", "modified": "2011-09-21T00:00:00", "published": "2011-09-21T00:00:00", "id": "ELSA-2011-1324", "href": "http://linux.oracle.com/errata/ELSA-2011-1324.html", "title": "qt4 security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:24", "bulletinFamily": "unix", "description": " [3.3.6-23]\n - Resolves: #277011, Qt UTF8 improper character expansion, CVE-2007-0242\n - Resolves: #269141, Qt off by one buffer overflow, CVE-2007-413 ", "modified": "2007-09-13T00:00:00", "published": "2007-09-13T00:00:00", "id": "ELSA-2007-0883", "href": "http://linux.oracle.com/errata/ELSA-2007-0883.html", "title": "Important: qt security update ", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:22", "bulletinFamily": "unix", "description": " [3.5.4-13.el5.0.1]\n - Remove Version branding\n - Maximum rpm trademark logos removed (pics/crystalsvg/*-mime-rpm*)\n \n [3.5.4-13.el5]\n - Resolves: #293571\n CVE-2007-0537 Konqueror improper HTML comment rendering\n CVE-2007-1564 FTP protocol PASV design flaw affects konqueror\n \n [3.5.4-12.el5]\n - resolves: #293421, CVE-2007-3820 CVE-2007-4224 CVE-2007-4225\n - Resolves: #293911, UTF-8 overlong sequence decoding vulnerability, \n CVE-2007-0242\n - Resolves: #293571, Konqueror improper HTML comment rendering, \n CVE-2007-0537 ", "modified": "2007-10-08T00:00:00", "published": "2007-10-08T00:00:00", "id": "ELSA-2007-0909", "href": "http://linux.oracle.com/errata/ELSA-2007-0909.html", "title": "Moderate: kdelibs security update ", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}