Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2023-2971-1.NASLHistoryJul 27, 2023 - 12:00 a.m.
SUSE SLES12 Security Update : libqt5-qtbase (SUSE-SU-2023:2971-1)
2023-07-2700:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
suse sles12
security update
libqt5-qtbase
suse-su-2023-2971-1
denial of service
buffer over-read
qt
cve-2023-24607
cve-2023-33285
cve-2023-34410
cve-2023-38197
nessus
vulnerability
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.002 Low
EPSS
Percentile
54.8%
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2971-1 advisory.
-
Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3. (CVE-2023-24607)
-
An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1.
QDnsLookup has a buffer over-read via a crafted reply from a DNS server. (CVE-2023-33285) -
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2.
Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate. (CVE-2023-34410) -
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3.
There are infinite loops in recursive entity expansion. (CVE-2023-38197)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2023:2971-1. The text itself
# is copyright (C) SUSE.
##
include('compat.inc');
if (description)
{
script_id(178923);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/27");
script_cve_id(
"CVE-2023-24607",
"CVE-2023-33285",
"CVE-2023-34410",
"CVE-2023-38197"
);
script_xref(name:"SuSE", value:"SUSE-SU-2023:2971-1");
script_name(english:"SUSE SLES12 Security Update : libqt5-qtbase (SUSE-SU-2023:2971-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as
referenced in the SUSE-SU-2023:2971-1 advisory.
- Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used
and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x
before 6.4.3. (CVE-2023-24607)
- An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1.
QDnsLookup has a buffer over-read via a crafted reply from a DNS server. (CVE-2023-33285)
- An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2.
Certificate validation for TLS does not always consider whether the root of a chain is a configured CA
certificate. (CVE-2023-34410)
- An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3.
There are infinite loops in recursive entity expansion. (CVE-2023-38197)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1209616");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1211642");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1211994");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1213326");
# https://lists.suse.com/pipermail/sle-security-updates/2023-July/015645.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5743f639");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-24607");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-33285");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-34410");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-38197");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-34410");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/04/15");
script_set_attribute(attribute:"patch_publication_date", value:"2023/07/26");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/07/27");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libQt5Bootstrap-devel-static");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libQt5Concurrent-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libQt5Concurrent5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libQt5Core-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libQt5Core-private-headers-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libQt5Core5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libQt5DBus-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libQt5DBus-private-headers-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libQt5DBus5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libQt5Gui-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libQt5Gui-private-headers-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libQt5Gui5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libQt5Network-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libQt5Network-private-headers-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libQt5Network5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libQt5OpenGL-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libQt5OpenGL-private-headers-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libQt5OpenGL5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libQt5OpenGLExtensions-devel-static");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libQt5PlatformHeaders-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libQt5PlatformSupport-devel-static");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libQt5PlatformSupport-private-headers-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libQt5PrintSupport-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libQt5PrintSupport-private-headers-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libQt5PrintSupport5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libQt5Sql-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libQt5Sql-private-headers-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libQt5Sql5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libQt5Sql5-mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libQt5Sql5-postgresql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libQt5Sql5-sqlite");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libQt5Sql5-unixODBC");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libQt5Test-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libQt5Test-private-headers-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libQt5Test5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libQt5Widgets-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libQt5Widgets-private-headers-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libQt5Widgets5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libQt5Xml-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libQt5Xml5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libqt5-qtbase-common-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libqt5-qtbase-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libqt5-qtbase-private-headers-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)(?:_SAP)?\d+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12|SLES_SAP12)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES_SAP12', 'SUSE (' + os_ver + ')');
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);
var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(5)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES12 SP5", os_ver + " SP" + service_pack);
if (os_ver == "SLES_SAP12" && (! preg(pattern:"^(5)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES_SAP12 SP5", os_ver + " SP" + service_pack);
var pkgs = [
{'reference':'libQt5Bootstrap-devel-static-5.6.2-6.36.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libQt5Concurrent-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libQt5Concurrent5-5.6.2-6.36.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libQt5Core-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libQt5Core-private-headers-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libQt5Core5-5.6.2-6.36.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libQt5DBus-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libQt5DBus-private-headers-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libQt5DBus5-5.6.2-6.36.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libQt5Gui-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libQt5Gui-private-headers-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libQt5Gui5-5.6.2-6.36.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libQt5Network-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libQt5Network-private-headers-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libQt5Network5-5.6.2-6.36.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libQt5OpenGL-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libQt5OpenGL-private-headers-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libQt5OpenGL5-5.6.2-6.36.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libQt5OpenGLExtensions-devel-static-5.6.2-6.36.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libQt5PlatformHeaders-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libQt5PlatformSupport-devel-static-5.6.2-6.36.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libQt5PlatformSupport-private-headers-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libQt5PrintSupport-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libQt5PrintSupport-private-headers-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libQt5PrintSupport5-5.6.2-6.36.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libQt5Sql-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libQt5Sql-private-headers-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libQt5Sql5-5.6.2-6.36.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libQt5Sql5-mysql-5.6.2-6.36.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libQt5Sql5-postgresql-5.6.2-6.36.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libQt5Sql5-sqlite-5.6.2-6.36.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libQt5Sql5-unixODBC-5.6.2-6.36.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libQt5Test-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libQt5Test-private-headers-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libQt5Test5-5.6.2-6.36.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libQt5Widgets-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libQt5Widgets-private-headers-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libQt5Widgets5-5.6.2-6.36.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libQt5Xml-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libQt5Xml5-5.6.2-6.36.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libqt5-qtbase-common-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libqt5-qtbase-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libqt5-qtbase-private-headers-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'libQt5Bootstrap-devel-static-5.6.2-6.36.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},
{'reference':'libQt5Concurrent-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},
{'reference':'libQt5Core-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},
{'reference':'libQt5Core-private-headers-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},
{'reference':'libQt5DBus-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},
{'reference':'libQt5DBus-private-headers-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},
{'reference':'libQt5Gui-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},
{'reference':'libQt5Gui-private-headers-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},
{'reference':'libQt5Network-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},
{'reference':'libQt5Network-private-headers-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},
{'reference':'libQt5OpenGL-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},
{'reference':'libQt5OpenGL-private-headers-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},
{'reference':'libQt5OpenGLExtensions-devel-static-5.6.2-6.36.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},
{'reference':'libQt5PlatformHeaders-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},
{'reference':'libQt5PlatformSupport-devel-static-5.6.2-6.36.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},
{'reference':'libQt5PlatformSupport-private-headers-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},
{'reference':'libQt5PrintSupport-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},
{'reference':'libQt5PrintSupport-private-headers-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},
{'reference':'libQt5Sql-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},
{'reference':'libQt5Sql-private-headers-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},
{'reference':'libQt5Test-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},
{'reference':'libQt5Test-private-headers-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},
{'reference':'libQt5Widgets-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},
{'reference':'libQt5Widgets-private-headers-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},
{'reference':'libQt5Xml-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},
{'reference':'libqt5-qtbase-common-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},
{'reference':'libqt5-qtbase-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},
{'reference':'libqt5-qtbase-private-headers-devel-5.6.2-6.36.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},
{'reference':'libQt5Concurrent5-5.6.2-6.36.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'libQt5Core5-5.6.2-6.36.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'libQt5DBus5-5.6.2-6.36.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'libQt5Gui5-5.6.2-6.36.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'libQt5Network5-5.6.2-6.36.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'libQt5OpenGL5-5.6.2-6.36.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'libQt5PrintSupport5-5.6.2-6.36.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'libQt5Sql5-5.6.2-6.36.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'libQt5Sql5-mysql-5.6.2-6.36.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'libQt5Sql5-postgresql-5.6.2-6.36.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'libQt5Sql5-sqlite-5.6.2-6.36.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'libQt5Sql5-unixODBC-5.6.2-6.36.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'libQt5Test5-5.6.2-6.36.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'libQt5Widgets5-5.6.2-6.36.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'libQt5Xml5-5.6.2-6.36.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']}
];
var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var exists_check = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && _release) {
if (exists_check) {
var check_flag = 0;
foreach var check (exists_check) {
if (!rpm_exists(release:_release, rpm:check)) continue;
check_flag++;
}
if (!check_flag) continue;
}
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libQt5Bootstrap-devel-static / libQt5Concurrent-devel / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | suse_linux | libqt5bootstrap-devel-static | p-cpe:/a:novell:suse_linux:libqt5bootstrap-devel-static |
| novell | suse_linux | libqt5concurrent-devel | p-cpe:/a:novell:suse_linux:libqt5concurrent-devel |
| novell | suse_linux | libqt5concurrent5 | p-cpe:/a:novell:suse_linux:libqt5concurrent5 |
| novell | suse_linux | libqt5core-devel | p-cpe:/a:novell:suse_linux:libqt5core-devel |
| novell | suse_linux | libqt5core-private-headers-devel | p-cpe:/a:novell:suse_linux:libqt5core-private-headers-devel |
| novell | suse_linux | libqt5core5 | p-cpe:/a:novell:suse_linux:libqt5core5 |
| novell | suse_linux | libqt5dbus-devel | p-cpe:/a:novell:suse_linux:libqt5dbus-devel |
| novell | suse_linux | libqt5dbus-private-headers-devel | p-cpe:/a:novell:suse_linux:libqt5dbus-private-headers-devel |
| novell | suse_linux | libqt5dbus5 | p-cpe:/a:novell:suse_linux:libqt5dbus5 |
| novell | suse_linux | libqt5gui-devel | p-cpe:/a:novell:suse_linux:libqt5gui-devel |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24607
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33285
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34410
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38197
www.nessus.org/u?5743f639
bugzilla.suse.com/1209616
bugzilla.suse.com/1211642
bugzilla.suse.com/1211994
bugzilla.suse.com/1213326
www.suse.com/security/cve/CVE-2023-24607
www.suse.com/security/cve/CVE-2023-33285
www.suse.com/security/cve/CVE-2023-34410
www.suse.com/security/cve/CVE-2023-38197
Related
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:2971-1)
2023-07-27 00:00:00
openSUSE: Security Advisory for qt6 (SUSE-SU-2023:3225-1)
2024-03-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:3207-1)
2023-08-08 00:00:00
nessus
nessus
almalinux
almalinux
Moderate: qt5-qtbase security update
2023-11-14 00:00:00
Moderate: qt5 security and bug fix update
2023-11-07 00:00:00
redhat
redhat
(RHSA-2023:6967) Moderate: qt5-qtbase security update
2023-11-14 08:41:31
(RHSA-2023:6369) Moderate: qt5 security and bug fix update
2023-11-07 06:03:15
oraclelinux
oraclelinux
qt5-qtbase security update
2023-11-17 00:00:00
qt5 security and bug fix update
2023-11-12 00:00:00
osv
osv
Moderate: qt5-qtbase security update
2023-11-14 00:00:00
Moderate: qt5 security and bug fix update
2023-11-07 00:00:00
qtbase-opensource-src - security update
2024-05-01 00:00:00
debian
debian
[SECURITY] [DLA 3805-1] qtbase-opensource-src security update
2024-04-30 22:47:38
[SECURITY] [DLA 3539-1] qt4-x11 security update
2023-08-22 22:40:50
cve
cve
prion
prion
Code injection
2023-04-15 01:15:00
Privilege escalation
2023-07-13 02:15:00
Code injection
2023-06-05 03:15:00
cvelist
cvelist
cbl_mariner
cbl_mariner
CVE-2023-24607 affecting package qt5-qtbase 5.12.11-3
2023-05-03 19:35:26
CVE-2023-24607 affecting package qt5-qtbase for versions less than 5.15.9-1
2023-05-25 09:38:10
CVE-2023-38197 affecting package qt5-qtbase for versions less than 5.12.11-9
2023-08-10 16:37:57
nvd
nvd
amazon
amazon
Medium: qt5-qtbase
2023-05-11 17:49:00
Medium: qt5-qtbase
2023-06-21 19:11:00
Medium: qt
2023-06-21 19:11:00
ubuntucve
ubuntucve
redhatcve
redhatcve
fedora
fedora
[SECURITY] Fedora 37 Update: qt5-qtbase-5.15.8-5.fc37
2023-02-13 00:45:10
[SECURITY] Fedora 37 Update: qt6-qtbase-6.4.2-4.fc37
2023-02-13 00:45:12
[SECURITY] Fedora 36 Update: qt5-qtbase-5.15.8-5.fc36
2023-02-24 03:47:19
debiancve
debiancve
vulnrichment
vulnrichment
CVE-2023-24607
2023-04-15 00:00:00
qt
qt
Security advisory: Qt Network
2023-06-01 00:00:00
mageia
mageia
Updated qtbase5 packages fix security vulnerability
2023-02-21 00:25:36
ibm
ibm
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.002 Low
EPSS
Percentile
54.8%
Related for SUSE_SU-2023-2971-1.NASL