Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2011 Greenbone AGOPENVAS:1361412562310870493
HistorySep 23, 2011 - 12:00 a.m.

RedHat Update for qt4 RHSA-2011:1324-01

2011-09-2300:00:00
Copyright (C) 2011 Greenbone AG
plugins.openvas.org
13

6.8 Medium

AI Score

Confidence

Low

0.025 Low

EPSS

Percentile

90.1%

JSON

The remote host is missing an update for the

# SPDX-FileCopyrightText: 2011 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_xref(name:"URL", value:"https://www.redhat.com/archives/rhsa-announce/2011-September/msg00036.html");
  script_oid("1.3.6.1.4.1.25623.1.0.870493");
  script_version("2024-03-21T05:06:54+0000");
  script_tag(name:"last_modification", value:"2024-03-21 05:06:54 +0000 (Thu, 21 Mar 2024)");
  script_tag(name:"creation_date", value:"2011-09-23 16:39:49 +0200 (Fri, 23 Sep 2011)");
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_xref(name:"RHSA", value:"2011:1324-01");
  script_cve_id("CVE-2007-0242", "CVE-2011-3193");
  script_name("RedHat Update for qt4 RHSA-2011:1324-01");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'qt4'
  package(s) announced via the referenced advisory.");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2011 Greenbone AG");
  script_family("Red Hat Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/rhel", "ssh/login/rpms", re:"ssh/login/release=RHENT_5");
  script_tag(name:"affected", value:"qt4 on Red Hat Enterprise Linux (v. 5 server)");
  script_tag(name:"solution", value:"Please Install the Updated Packages.");
  script_tag(name:"insight", value:"Qt 4 is a software toolkit that simplifies the task of writing and
  maintaining GUI (Graphical User Interface) applications for the X Window
  System. HarfBuzz is an OpenType text shaping engine.

  A flaw in the way Qt 4 expanded certain UTF-8 characters could be used to
  prevent a Qt 4 based application from properly sanitizing user input.
  Depending on the application, this could allow an attacker to perform
  directory traversal, or for web applications, a cross-site scripting (XSS)
  attack. (CVE-2007-0242)

  A buffer overflow flaw was found in the harfbuzz module in Qt 4. If a user
  loaded a specially-crafted font file with an application linked against Qt
  4, it could cause the application to crash or, possibly, execute arbitrary
  code with the privileges of the user running the application.
  (CVE-2011-3193)

  Users of Qt 4 should upgrade to these updated packages, which contain
  backported patches to correct these issues. All running applications linked
  against Qt 4 libraries must be restarted for this update to take effect.");
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release) exit(0);

res = "";

if(release == "RHENT_5")
{

  if ((res = isrpmvuln(pkg:"qt4", rpm:"qt4~4.2.1~1.el5_7.1", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"qt4-debuginfo", rpm:"qt4-debuginfo~4.2.1~1.el5_7.1", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"qt4-devel", rpm:"qt4-devel~4.2.1~1.el5_7.1", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"qt4-doc", rpm:"qt4-doc~4.2.1~1.el5_7.1", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"qt4-mysql", rpm:"qt4-mysql~4.2.1~1.el5_7.1", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"qt4-odbc", rpm:"qt4-odbc~4.2.1~1.el5_7.1", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"qt4-postgresql", rpm:"qt4-postgresql~4.2.1~1.el5_7.1", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"qt4-sqlite", rpm:"qt4-sqlite~4.2.1~1.el5_7.1", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99);
  exit(0);
}

Related

openvas 52
nessus 47
oraclelinux 8
centos 7
redhat 8
debian 3
prion 2
veracode 2
ubuntucve 2
slackware 1
debiancve 2
cve 2
securityvulns 1
cvelist 2
ubuntu 2
gentoo 1
osv 1
fedora 1
openvas
openvas
RedHat Update for qt4 RHSA-2011:1324-01
2011-09-23 00:00:00
CentOS Update for qt4 CESA-2011:1324 centos5 i386
2011-09-23 00:00:00
Oracle: Security Advisory (ELSA-2011-1324)
2015-10-06 00:00:00
nessus
nessus
RHEL 5 : qt4 (RHSA-2011:1324)
2011-09-22 00:00:00
Scientific Linux Security Update : qt4 on SL5.x i386/x86_64
2012-08-01 00:00:00
Oracle Linux 5 : qt4 (ELSA-2011-1324)
2013-07-12 00:00:00
oraclelinux
oraclelinux
qt4 security update
2011-09-21 00:00:00
evolution28-pango security update
2011-09-21 00:00:00
pango security update
2011-09-21 00:00:00
centos
centos
qt4 security update
2011-09-22 03:19:27
evolution28 security update
2011-09-22 20:48:41
frysk security update
2011-09-22 20:50:51
redhat
redhat
(RHSA-2011:1324) Moderate: qt4 security update
2011-09-21 00:00:00
(RHSA-2011:1327) Moderate: frysk security update
2011-09-21 00:00:00
(RHSA-2011:1326) Moderate: pango security update
2011-09-21 00:00:00
debian
debian
[SECURITY] [DSA 1292-1] New qt4-x11 packages fix cross-site scripting vulnerability
2007-05-15 22:22:07
[SECURITY] [DSA 1292-1] New qt4-x11 packages fix cross-site scripting vulnerability
2007-05-15 00:00:00
[SECURITY] [DLA 117-1] qt4-x11 security update
2014-12-21 16:30:25
prion
prion
Cross site scripting
2007-04-03 16:19:00
Heap overflow
2012-06-16 00:55:00
veracode
veracode
Cross-site Scripting (XSS)
2020-04-10 00:17:41
Denial Of Service (DoS)
2020-04-10 01:02:50
ubuntucve
ubuntucve
CVE-2007-0242
2007-04-03 00:00:00
CVE-2011-3193
2012-06-15 00:00:00
slackware
slackware
[slackware-security] qt
2007-04-03 23:23:35
debiancve
debiancve
CVE-2007-0242
2007-04-03 16:19:00
CVE-2011-3193
2012-06-16 00:55:03
cve
cve
CVE-2007-0242
2007-04-03 16:19:00
CVE-2011-3193
2012-06-16 00:55:03
securityvulns
securityvulns
QT / KJS UTF-8 decoding security vulnerability
2007-04-05 00:00:00
cvelist
cvelist
CVE-2007-0242
2007-04-03 16:00:00
CVE-2011-3193
2012-06-16 00:00:00
ubuntu
ubuntu
KDE library vulnerability
2007-04-11 00:00:00
Qt vulnerabilities
2012-07-11 00:00:00
gentoo
gentoo
QtCore, QtGui: Multiple vulnerabilities
2013-11-22 00:00:00
osv
osv
qt4-x11 - security update
2014-12-21 00:00:00
fedora
fedora
[SECURITY] Fedora Core 6 Update: qt-3.3.8-2.fc6
2007-09-18 22:38:37

6.8 Medium

AI Score

Confidence

Low

0.025 Low

EPSS

Percentile

90.1%

JSON
Related for OPENVAS:1361412562310870493
openvas52nessus47oraclelinux8centos7redhat8debian3prion2veracode2ubuntucve2slackware1debiancve2cve2securityvulns1cvelist2ubuntu2gentoo1osv1fedora1