ID OPENVAS:841319 Type openvas Reporter Copyright (c) 2013 Greenbone Networks GmbH Modified 2017-12-01T00:00:00
Description
Check for the Version of qt4-x11
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_ubuntu_USN_1723_1.nasl 7958 2017-12-01 06:47:47Z santu $
#
# Ubuntu Update for qt4-x11 USN-1723-1
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "Richard J. Moore and Peter Hartmann discovered that Qt allowed redirecting
requests from http to file schemes. If an attacker were able to perform a
man-in-the-middle attack, this flaw could be exploited to view sensitive
information. This issue only affected Ubuntu 11.10, Ubuntu 12.04 LTS,
and Ubuntu 12.10. (CVE-2012-5624)
Stephen Cheng discovered that Qt may report incorrect errors when ssl
certificate verification fails. (CVE-2012-6093)
Tim Brown and Mark Lowe discovered that Qt incorrectly used weak
permissions on shared memory segments. A local attacker could use this
issue to view sensitive information, or modify program data belonging to
other users. (CVE-2013-0254)";
tag_affected = "qt4-x11 on Ubuntu 12.10 ,
Ubuntu 12.04 LTS ,
Ubuntu 11.10 ,
Ubuntu 10.04 LTS";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_xref(name: "URL" , value: "http://www.ubuntu.com/usn/usn-1723-1/");
script_id(841319);
script_version("$Revision: 7958 $");
script_tag(name:"last_modification", value:"$Date: 2017-12-01 07:47:47 +0100 (Fri, 01 Dec 2017) $");
script_tag(name:"creation_date", value:"2013-02-15 11:25:30 +0530 (Fri, 15 Feb 2013)");
script_cve_id("CVE-2012-5624", "CVE-2012-6093", "CVE-2013-0254");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:N/A:N");
script_xref(name: "USN", value: "1723-1");
script_name("Ubuntu Update for qt4-x11 USN-1723-1");
script_summary("Check for the Version of qt4-x11");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2013 Greenbone Networks GmbH");
script_family("Ubuntu Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-deb.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "UBUNTU12.04 LTS")
{
if ((res = isdpkgvuln(pkg:"libqt4-core", ver:"4:4.8.1-0ubuntu4.4", rls:"UBUNTU12.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libqt4-network", ver:"4:4.8.1-0ubuntu4.4", rls:"UBUNTU12.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "UBUNTU11.10")
{
if ((res = isdpkgvuln(pkg:"libqt4-core", ver:"4:4.7.4-0ubuntu8.3", rls:"UBUNTU11.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libqt4-network", ver:"4:4.7.4-0ubuntu8.3", rls:"UBUNTU11.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "UBUNTU10.04 LTS")
{
if ((res = isdpkgvuln(pkg:"libqt4-core", ver:"4:4.6.2-0ubuntu5.6", rls:"UBUNTU10.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libqt4-network", ver:"4:4.6.2-0ubuntu5.6", rls:"UBUNTU10.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "UBUNTU12.10")
{
if ((res = isdpkgvuln(pkg:"libqt4-core", ver:"4:4.8.3+dfsg-0ubuntu3.1", rls:"UBUNTU12.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libqt4-network", ver:"4:4.8.3+dfsg-0ubuntu3.1", rls:"UBUNTU12.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
{"bulletinFamily": "scanner", "viewCount": 0, "naslFamily": "Ubuntu Local Security Checks", "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "references": ["http://www.ubuntu.com/usn/usn-1723-1/", "1723-1"], "description": "Check for the Version of qt4-x11", "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "85fc01096e8199a5e6dd9f754b4dd352"}, {"key": "cvss", "hash": "3c236091754d2db00c1c42f811b3ada4"}, {"key": "description", "hash": "713a52ec7e1634d247261f612ec90ada"}, {"key": "href", "hash": "928a05c13d3bd1dd4f13fcaae62c0f45"}, {"key": "modified", "hash": "4177cfab30bf9f48767b3f5f7a715513"}, {"key": "naslFamily", "hash": "c9b7d00377a789a14c9bb9dab6c7168c"}, {"key": "pluginID", "hash": "a0f69727a553f460b16357a71c8c8e26"}, {"key": "published", "hash": "29096c7944807b6a6c6ec6e61656dad5"}, {"key": "references", "hash": "b6ec90ce9bc66e205aac16e345443bda"}, {"key": "reporter", "hash": "1a99a5f9a50e5bac3b749d8558d5e46b"}, {"key": "sourceData", "hash": "2df22ed17f66640a50bc028711af54ec"}, {"key": "title", "hash": "1fe35b08e35ddccd2a7d0e4c9192bc6f"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "href": "http://plugins.openvas.org/nasl.php?oid=841319", "modified": "2017-12-01T00:00:00", "objectVersion": "1.3", "enchantments": {"score": {"value": 7.2, "vector": "NONE"}, "vulnersScore": 7.2}, "id": "OPENVAS:841319", "title": "Ubuntu Update for qt4-x11 USN-1723-1", "hash": "f1c50f187c5a13b37aea9b77d0d1e7fd05eba655439a63e22cb21bc6e0ab3dba", "edition": 3, "published": "2013-02-15T00:00:00", "type": "openvas", "history": [{"lastseen": "2017-07-25T10:52:12", "bulletin": {"hash": "45e262e43aba7292d798267b553d8c1b0c62e5c79178b9c264fdf577d3b7c7f2", "viewCount": 0, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "references": ["https://lists.ubuntu.com/archives/ubuntu-security-announce/2013-February/001995.html", "1723-1"], "description": "Check for the Version of qt4-x11", "hashmap": [{"key": "description", "hash": "713a52ec7e1634d247261f612ec90ada"}, {"key": "references", "hash": "9961609a03a791aa1a7a45014f951894"}, {"key": "href", "hash": "928a05c13d3bd1dd4f13fcaae62c0f45"}, {"key": "sourceData", "hash": "f5dceedff5b93b82bfd88e94d1ec6b4e"}, {"key": "cvss", "hash": "3c236091754d2db00c1c42f811b3ada4"}, {"key": "cvelist", "hash": "85fc01096e8199a5e6dd9f754b4dd352"}, {"key": "pluginID", "hash": "a0f69727a553f460b16357a71c8c8e26"}, {"key": "reporter", "hash": "1a99a5f9a50e5bac3b749d8558d5e46b"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}, {"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "published", "hash": "29096c7944807b6a6c6ec6e61656dad5"}, {"key": "naslFamily", "hash": "c9b7d00377a789a14c9bb9dab6c7168c"}, {"key": "title", "hash": "1fe35b08e35ddccd2a7d0e4c9192bc6f"}, {"key": "modified", "hash": "0d134bf170d66438eb1e01173ee0187f"}], "naslFamily": "Ubuntu Local Security Checks", "modified": "2017-07-10T00:00:00", "objectVersion": "1.3", "href": "http://plugins.openvas.org/nasl.php?oid=841319", "published": "2013-02-15T00:00:00", "enchantments": {}, "id": "OPENVAS:841319", "title": "Ubuntu Update for qt4-x11 USN-1723-1", "bulletinFamily": "scanner", "edition": 2, "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for qt4-x11 USN-1723-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Richard J. Moore and Peter Hartmann discovered that Qt allowed redirecting\n requests from http to file schemes. If an attacker were able to perform a\n man-in-the-middle attack, this flaw could be exploited to view sensitive\n information. This issue only affected Ubuntu 11.10, Ubuntu 12.04 LTS,\n and Ubuntu 12.10. (CVE-2012-5624)\n\n Stephen Cheng discovered that Qt may report incorrect errors when ssl\n certificate verification fails. (CVE-2012-6093)\n \n Tim Brown and Mark Lowe discovered that Qt incorrectly used weak\n permissions on shared memory segments. A local attacker could use this\n issue to view sensitive information, or modify program data belonging to\n other users. (CVE-2013-0254)\";\n\n\ntag_affected = \"qt4-x11 on Ubuntu 12.10 ,\n Ubuntu 12.04 LTS ,\n Ubuntu 11.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://lists.ubuntu.com/archives/ubuntu-security-announce/2013-February/001995.html\");\n script_id(841319);\n script_version(\"$Revision: 6644 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:01:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-15 11:25:30 +0530 (Fri, 15 Feb 2013)\");\n script_cve_id(\"CVE-2012-5624\", \"CVE-2012-6093\", \"CVE-2013-0254\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"USN\", value: \"1723-1\");\n script_name(\"Ubuntu Update for qt4-x11 USN-1723-1\");\n\n script_summary(\"Check for the Version of qt4-x11\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-core\", ver:\"4:4.8.1-0ubuntu4.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt4-network\", ver:\"4:4.8.1-0ubuntu4.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-core\", ver:\"4:4.7.4-0ubuntu8.3\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt4-network\", ver:\"4:4.7.4-0ubuntu8.3\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-core\", ver:\"4:4.6.2-0ubuntu5.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt4-network\", ver:\"4:4.6.2-0ubuntu5.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-core\", ver:\"4:4.8.3+dfsg-0ubuntu3.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt4-network\", ver:\"4:4.8.3+dfsg-0ubuntu3.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "type": "openvas", "history": [], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "cvelist": ["CVE-2013-0254", "CVE-2012-5624", "CVE-2012-6093"], "lastseen": "2017-07-25T10:52:12", "pluginID": "841319"}, "differentElements": ["references", "modified", "sourceData"], "edition": 2}, {"lastseen": "2017-07-02T21:11:24", "bulletin": {"hash": "dd49492c691be6c408c1813ba505b84ae3b6888fcedf144e0833dd2f50c9b7d4", "viewCount": 0, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "references": ["https://lists.ubuntu.com/archives/ubuntu-security-announce/2013-February/001995.html", "1723-1"], "description": "Check for the Version of qt4-x11", "hashmap": [{"key": "description", "hash": "713a52ec7e1634d247261f612ec90ada"}, {"key": "references", "hash": "9961609a03a791aa1a7a45014f951894"}, {"key": "href", "hash": "928a05c13d3bd1dd4f13fcaae62c0f45"}, {"key": "cvss", "hash": "3c236091754d2db00c1c42f811b3ada4"}, {"key": "cvelist", "hash": "85fc01096e8199a5e6dd9f754b4dd352"}, {"key": "sourceData", "hash": "2472c4603a7a7fa8df6d8e933961b2f2"}, {"key": "pluginID", "hash": "a0f69727a553f460b16357a71c8c8e26"}, {"key": "reporter", "hash": "1a99a5f9a50e5bac3b749d8558d5e46b"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}, {"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "published", "hash": "29096c7944807b6a6c6ec6e61656dad5"}, {"key": "naslFamily", "hash": "c9b7d00377a789a14c9bb9dab6c7168c"}, {"key": "title", "hash": "1fe35b08e35ddccd2a7d0e4c9192bc6f"}, {"key": "modified", "hash": "7051729c0f7d59754d3ea03444ffd611"}], "naslFamily": "Ubuntu Local Security Checks", "modified": "2016-03-24T00:00:00", "objectVersion": "1.3", "href": "http://plugins.openvas.org/nasl.php?oid=841319", "published": "2013-02-15T00:00:00", "enchantments": {}, "id": "OPENVAS:841319", "title": "Ubuntu Update for qt4-x11 USN-1723-1", "bulletinFamily": "scanner", "edition": 1, "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for qt4-x11 USN-1723-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Richard J. Moore and Peter Hartmann discovered that Qt allowed redirecting\n requests from http to file schemes. If an attacker were able to perform a\n man-in-the-middle attack, this flaw could be exploited to view sensitive\n information. This issue only affected Ubuntu 11.10, Ubuntu 12.04 LTS,\n and Ubuntu 12.10. (CVE-2012-5624)\n\n Stephen Cheng discovered that Qt may report incorrect errors when ssl\n certificate verification fails. (CVE-2012-6093)\n \n Tim Brown and Mark Lowe discovered that Qt incorrectly used weak\n permissions on shared memory segments. A local attacker could use this\n issue to view sensitive information, or modify program data belonging to\n other users. (CVE-2013-0254)\";\n\n\ntag_affected = \"qt4-x11 on Ubuntu 12.10 ,\n Ubuntu 12.04 LTS ,\n Ubuntu 11.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://lists.ubuntu.com/archives/ubuntu-security-announce/2013-February/001995.html\");\n script_id(841319);\n script_version(\"$Revision: 2930 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-03-24 09:09:53 +0100 (Thu, 24 Mar 2016) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-15 11:25:30 +0530 (Fri, 15 Feb 2013)\");\n script_cve_id(\"CVE-2012-5624\", \"CVE-2012-6093\", \"CVE-2013-0254\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"USN\", value: \"1723-1\");\n script_name(\"Ubuntu Update for qt4-x11 USN-1723-1\");\n\n script_summary(\"Check for the Version of qt4-x11\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"login/SSH/success\", \"HostDetails/OS/cpe:/o:canonical:ubuntu_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-core\", ver:\"4:4.8.1-0ubuntu4.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt4-network\", ver:\"4:4.8.1-0ubuntu4.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-core\", ver:\"4:4.7.4-0ubuntu8.3\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt4-network\", ver:\"4:4.7.4-0ubuntu8.3\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-core\", ver:\"4:4.6.2-0ubuntu5.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt4-network\", ver:\"4:4.6.2-0ubuntu5.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-core\", ver:\"4:4.8.3+dfsg-0ubuntu3.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt4-network\", ver:\"4:4.8.3+dfsg-0ubuntu3.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "type": "openvas", "history": [], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "cvelist": ["CVE-2013-0254", "CVE-2012-5624", "CVE-2012-6093"], "lastseen": "2017-07-02T21:11:24", "pluginID": "841319"}, "differentElements": ["modified", "sourceData"], "edition": 1}], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "cvelist": ["CVE-2013-0254", "CVE-2012-5624", "CVE-2012-6093"], "lastseen": "2017-12-04T11:22:26", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1723_1.nasl 7958 2017-12-01 06:47:47Z santu $\n#\n# Ubuntu Update for qt4-x11 USN-1723-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Richard J. Moore and Peter Hartmann discovered that Qt allowed redirecting\n requests from http to file schemes. If an attacker were able to perform a\n man-in-the-middle attack, this flaw could be exploited to view sensitive\n information. This issue only affected Ubuntu 11.10, Ubuntu 12.04 LTS,\n and Ubuntu 12.10. (CVE-2012-5624)\n\n Stephen Cheng discovered that Qt may report incorrect errors when ssl\n certificate verification fails. (CVE-2012-6093)\n \n Tim Brown and Mark Lowe discovered that Qt incorrectly used weak\n permissions on shared memory segments. A local attacker could use this\n issue to view sensitive information, or modify program data belonging to\n other users. (CVE-2013-0254)\";\n\n\ntag_affected = \"qt4-x11 on Ubuntu 12.10 ,\n Ubuntu 12.04 LTS ,\n Ubuntu 11.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1723-1/\");\n script_id(841319);\n script_version(\"$Revision: 7958 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:47:47 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-15 11:25:30 +0530 (Fri, 15 Feb 2013)\");\n script_cve_id(\"CVE-2012-5624\", \"CVE-2012-6093\", \"CVE-2013-0254\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"USN\", value: \"1723-1\");\n script_name(\"Ubuntu Update for qt4-x11 USN-1723-1\");\n\n script_summary(\"Check for the Version of qt4-x11\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-core\", ver:\"4:4.8.1-0ubuntu4.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt4-network\", ver:\"4:4.8.1-0ubuntu4.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-core\", ver:\"4:4.7.4-0ubuntu8.3\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt4-network\", ver:\"4:4.7.4-0ubuntu8.3\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-core\", ver:\"4:4.6.2-0ubuntu5.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt4-network\", ver:\"4:4.6.2-0ubuntu5.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-core\", ver:\"4:4.8.3+dfsg-0ubuntu3.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt4-network\", ver:\"4:4.8.3+dfsg-0ubuntu3.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "pluginID": "841319"}
{"result": {"cve": [{"lastseen": "2016-09-03T17:51:41", "references": ["http://rhn.redhat.com/errata/RHSA-2013-0669.html", "http://lists.opensuse.org/opensuse-updates/2013-03/msg00014.html", "http://lists.opensuse.org/opensuse-updates/2013-03/msg00019.html", "https://bugzilla.redhat.com/show_bug.cgi?id=907425", "http://lists.qt-project.org/pipermail/announce/2013-February/000023.html", "http://lists.opensuse.org/opensuse-updates/2013-03/msg00015.html"], "edition": 1, "description": "The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server.", "reporter": "NVD", "published": "2013-02-06T07:05:43", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "title": "CVE-2013-0254", "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-0254"], "scanner": [], "modified": "2013-05-14T23:34:05", "cpe": ["cpe:/a:digia:qt:4.7.6", "cpe:/a:digia:qt:4.2.3", "cpe:/a:digia:qt:4.8.3", "cpe:/a:digia:qt:4.7.4", "cpe:/a:digia:qt:4.0.1", "cpe:/a:digia:qt:4.4.3", "cpe:/a:digia:qt:4.8.0", "cpe:/a:digia:qt:2.0.2", "cpe:/a:digia:qt:1.43", "cpe:/a:digia:qt:4.3.1", "cpe:/a:digia:qt:3.3.1", "cpe:/a:digia:qt:4.5.2", "cpe:/a:digia:qt:1.42", "cpe:/a:digia:qt:1.41", "cpe:/a:digia:qt:4.6.3", "cpe:/a:digia:qt:4.3.5", "cpe:/a:digia:qt:4.3.0", "cpe:/a:digia:qt:4.3.2", "cpe:/a:digia:qt:4.1.4", "cpe:/a:digia:qt:5.0.1", "cpe:/a:digia:qt:3.3.5", "cpe:/a:digia:qt:4.8.5", "cpe:/a:digia:qt:4.8.1", "cpe:/a:digia:qt:3.3.4", "cpe:/a:digia:qt:4.2.0", "cpe:/a:digia:qt:4.8.4", "cpe:/a:digia:qt:4.3.3", "cpe:/a:digia:qt:4.5.0", "cpe:/a:digia:qt:4.2.1", "cpe:/a:digia:qt:5.0.0", "cpe:/a:digia:qt:3.3.0", "cpe:/a:digia:qt:3.3.6", "cpe:/a:digia:qt:1.45", "cpe:/a:digia:qt:4.6.4", "cpe:/a:digia:qt:2.0.0", "cpe:/a:digia:qt:4.7.1", "cpe:/a:digia:qt:4.6.0", "cpe:/a:digia:qt:4.5.1", "cpe:/a:digia:qt:4.1.5", "cpe:/a:digia:qt:4.5.3", "cpe:/a:digia:qt:4.1.2", "cpe:/a:digia:qt:4.7.5", "cpe:/a:digia:qt:4.4.2", "cpe:/a:digia:qt:4.1.0", "cpe:/a:digia:qt:4.3.4", "cpe:/a:digia:qt:2.0.1", "cpe:/a:digia:qt:4.4.1", "cpe:/a:digia:qt:3.3.3", "cpe:/a:digia:qt:4.1.3", "cpe:/a:digia:qt:4.7.3", "cpe:/a:digia:qt:4.6.1", "cpe:/a:digia:qt:1.44", "cpe:/a:digia:qt:4.1.1", "cpe:/a:digia:qt:4.0.0", "cpe:/a:digia:qt:4.6.2", "cpe:/a:digia:qt:4.7.0", "cpe:/a:digia:qt:4.8.2", "cpe:/a:digia:qt:3.3.2", "cpe:/a:digia:qt:4.4.0", "cpe:/a:digia:qt:4.6.5", "cpe:/a:digia:qt:4.7.2"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0254", "id": "CVE-2013-0254", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-03T17:17:35", "references": ["http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71", "http://lists.qt-project.org/pipermail/announce/2012-November/000014.html", "https://codereview.qt-project.org/#change,40034", "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html", "http://www.ubuntu.com/usn/USN-1723-1", "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html", "http://www.openwall.com/lists/oss-security/2012/12/04/8", "http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html", "https://bugzilla.redhat.com/show_bug.cgi?id=883415"], "edition": 1, "description": "The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application.", "reporter": "NVD", "published": "2013-02-24T14:55:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "cve", "title": "CVE-2012-5624", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2012-5624"], "scanner": [], "modified": "2013-02-26T00:00:00", "cpe": ["cpe:/a:digia:qt:4.7.6", "cpe:/a:digia:qt:4.2.3", "cpe:/a:digia:qt:4.8.3", "cpe:/a:digia:qt:4.7.4", "cpe:/a:digia:qt:4.0.1", "cpe:/a:digia:qt:4.4.3", "cpe:/a:digia:qt:4.8.0", "cpe:/a:digia:qt:4.7.6:rc", "cpe:/a:digia:qt:2.0.2", "cpe:/a:digia:qt:1.43", "cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/a:digia:qt:4.3.1", "cpe:/a:digia:qt:3.3.1", "cpe:/a:digia:qt:4.5.2", "cpe:/a:digia:qt:1.42", "cpe:/a:digia:qt:1.41", "cpe:/a:digia:qt:4.6.3", "cpe:/a:digia:qt:4.3.5", "cpe:/a:digia:qt:4.3.0", "cpe:/a:digia:qt:4.3.2", "cpe:/a:digia:qt:4.1.4", "cpe:/a:digia:qt:3.3.5", "cpe:/a:digia:qt:4.8.1", "cpe:/a:digia:qt:3.3.4", "cpe:/a:digia:qt:4.2.0", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/a:digia:qt:4.3.3", "cpe:/a:digia:qt:4.5.0", "cpe:/a:digia:qt:4.2.1", "cpe:/a:digia:qt:3.3.0", "cpe:/a:digia:qt:3.3.6", "cpe:/a:digia:qt:1.45", "cpe:/a:digia:qt:4.6.4", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/a:digia:qt:2.0.0", "cpe:/a:digia:qt:4.7.1", "cpe:/a:digia:qt:4.6.0", "cpe:/a:digia:qt:4.5.1", "cpe:/a:digia:qt:4.1.5", "cpe:/a:digia:qt:4.5.3", "cpe:/a:digia:qt:4.1.2", "cpe:/a:digia:qt:4.7.5", "cpe:/a:digia:qt:4.4.2", "cpe:/a:digia:qt:4.1.0", "cpe:/a:digia:qt:4.3.4", "cpe:/a:digia:qt:2.0.1", "cpe:/a:digia:qt:4.4.1", "cpe:/a:digia:qt:3.3.3", "cpe:/a:digia:qt:4.1.3", "cpe:/a:digia:qt:4.7.3", "cpe:/a:digia:qt:4.6.1", "cpe:/a:digia:qt:1.44", "cpe:/a:digia:qt:4.1.1", "cpe:/a:digia:qt:4.0.0", "cpe:/a:digia:qt:4.6.2", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/a:digia:qt:4.7.0", "cpe:/a:digia:qt:4.6.0:rc1", "cpe:/a:digia:qt:4.8.2", "cpe:/a:digia:qt:4.6.5:rc", "cpe:/a:digia:qt:3.3.2", "cpe:/a:digia:qt:4.4.0", "cpe:/a:digia:qt:4.6.5", "cpe:/a:digia:qt:4.7.2"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5624", "id": "CVE-2012-5624", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-09-03T17:22:21", "references": ["http://www.openwall.com/lists/oss-security/2013/01/04/6", "https://codereview.qt-project.org/#change,42461", "http://www.ubuntu.com/usn/USN-1723-1", "http://lists.opensuse.org/opensuse-updates/2013-01/msg00086.html", "https://bugzilla.redhat.com/show_bug.cgi?id=891955", "http://lists.qt-project.org/pipermail/announce/2013-January/000020.html", "http://lists.opensuse.org/opensuse-updates/2013-01/msg00089.html", "http://qt.gitorious.org/qt/qt/commit/691e78e5061d4cbc0de212d23b06c5dffddf2098%20%284.8%29", "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697582", "http://qt.gitorious.org/qt/qt/commit/3b14dc93cf0ef06f1424d7d6319a1af4505faa53%20%284.7%29", "http://lists.opensuse.org/opensuse-updates/2013-02/msg00014.html"], "edition": 1, "description": "The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an \"incompatible structure layout\" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate.", "reporter": "NVD", "published": "2013-02-24T14:55:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "CVE-2012-6093", "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2012-6093"], "scanner": [], "modified": "2013-02-25T00:00:00", "cpe": ["cpe:/a:digia:qt:4.8.3", "cpe:/a:digia:qt:4.7.4", "cpe:/a:digia:qt:4.8.0", "cpe:/a:digia:qt:4.7.6:rc", "cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/a:digia:qt:4.6.3", "cpe:/o:novell:opensuse:11.4", "cpe:/a:digia:qt:4.8.1", "cpe:/a:digia:qt:4.8.4", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/a:digia:qt:4.6.4", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/a:digia:qt:4.7.1", "cpe:/a:digia:qt:4.6.0", "cpe:/a:digia:qt:4.7.5", "cpe:/a:digia:qt:4.7.3", "cpe:/a:digia:qt:4.6.1", "cpe:/a:digia:qt:4.6.2", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/a:digia:qt:4.7.0", "cpe:/a:digia:qt:4.6.0:rc1", "cpe:/o:novell:opensuse:12.2", "cpe:/a:digia:qt:4.8.2", "cpe:/a:digia:qt:4.6.5:rc", "cpe:/a:digia:qt:4.7.2"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6093", "id": "CVE-2012-6093", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "openvas": [{"lastseen": "2018-04-06T11:21:00", "references": ["2013:0669-01", "https://www.redhat.com/archives/rhsa-announce/2013-March/msg00062.html"], "pluginID": "1361412562310870969", "description": "Check for the Version of qt", "edition": 1, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-03-22T00:00:00", "title": "RedHat Update for qt RHSA-2013:0669-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0254"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870969", "id": "OPENVAS:1361412562310870969", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for qt RHSA-2013:0669-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Qt is a software toolkit that simplifies the task of writing and\n maintaining GUI (Graphical User Interface) applications for the X Window\n System.\n\n It was discovered that the QSharedMemory class implementation of the Qt\n toolkit created shared memory segments with insecure permissions. A local\n attacker could use this flaw to read or alter the contents of a particular\n shared memory segment, possibly leading to their ability to obtain\n sensitive information or influence the behavior of a process that is using\n the shared memory segment. (CVE-2013-0254)\n\n Red Hat would like to thank the Qt project for reporting this issue.\n Upstream acknowledges Tim Brown and Mark Lowe of Portcullis Computer\n Security Ltd. as the original reporters.\n\n Users of Qt should upgrade to these updated packages, which contain a\n backported patch to correct this issue. All running applications linked\n against Qt libraries must be restarted for this update to take effect.\";\n\n\ntag_affected = \"qt on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2013-March/msg00062.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870969\");\n script_version(\"$Revision: 9353 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:14:20 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-22 10:40:06 +0530 (Fri, 22 Mar 2013)\");\n script_cve_id(\"CVE-2013-0254\");\n script_tag(name:\"cvss_base\", value:\"3.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"RHSA\", value: \"2013:0669-01\");\n script_name(\"RedHat Update for qt RHSA-2013:0669-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of qt\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"phonon-backend-gstreamer\", rpm:\"phonon-backend-gstreamer~4.6.2~26.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt\", rpm:\"qt~4.6.2~26.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-debuginfo\", rpm:\"qt-debuginfo~4.6.2~26.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-devel\", rpm:\"qt-devel~4.6.2~26.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-mysql\", rpm:\"qt-mysql~4.6.2~26.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-odbc\", rpm:\"qt-odbc~4.6.2~26.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-postgresql\", rpm:\"qt-postgresql~4.6.2~26.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-sqlite\", rpm:\"qt-sqlite~4.6.2~26.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-x11\", rpm:\"qt-x11~4.6.2~26.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-doc\", rpm:\"qt-doc~4.6.2~26.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-09T11:24:08", "references": ["http://lists.centos.org/pipermail/centos-announce/2013-March/019662.html", "2013:0669"], "pluginID": "1361412562310881696", "description": "Check for the Version of phonon-backend-gstreamer", "edition": 2, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-03-22T00:00:00", "type": "openvas", "title": "CentOS Update for phonon-backend-gstreamer CESA-2013:0669 centos6 ", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0254"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881696", "id": "OPENVAS:1361412562310881696", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for phonon-backend-gstreamer CESA-2013:0669 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Qt is a software toolkit that simplifies the task of writing and\n maintaining GUI (Graphical User Interface) applications for the X Window\n System.\n\n It was discovered that the QSharedMemory class implementation of the Qt\n toolkit created shared memory segments with insecure permissions. A local\n attacker could use this flaw to read or alter the contents of a particular\n shared memory segment, possibly leading to their ability to obtain\n sensitive information or influence the behavior of a process that is using\n the shared memory segment. (CVE-2013-0254)\n\n Red Hat would like to thank the Qt project for reporting this issue.\n Upstream acknowledges Tim Brown and Mark Lowe of Portcullis Computer\n Security Ltd. as the original reporters.\n\n Users of Qt should upgrade to these updated packages, which contain a\n backported patch to correct this issue. All running applications linked\n against Qt libraries must be restarted for this update to take effect.\";\n\n\ntag_affected = \"phonon-backend-gstreamer on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-March/019662.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881696\");\n script_version(\"$Revision: 9372 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:56:37 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-22 10:40:44 +0530 (Fri, 22 Mar 2013)\");\n script_cve_id(\"CVE-2013-0254\");\n script_tag(name:\"cvss_base\", value:\"3.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"CESA\", value: \"2013:0669\");\n script_name(\"CentOS Update for phonon-backend-gstreamer CESA-2013:0669 centos6 \");\n\n script_tag(name:\"summary\", value:\"Check for the Version of phonon-backend-gstreamer\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"phonon-backend-gstreamer\", rpm:\"phonon-backend-gstreamer~4.6.2~26.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt\", rpm:\"qt~4.6.2~26.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-demos\", rpm:\"qt-demos~4.6.2~26.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-devel\", rpm:\"qt-devel~4.6.2~26.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-doc\", rpm:\"qt-doc~4.6.2~26.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-examples\", rpm:\"qt-examples~4.6.2~26.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-mysql\", rpm:\"qt-mysql~4.6.2~26.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-odbc\", rpm:\"qt-odbc~4.6.2~26.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-postgresql\", rpm:\"qt-postgresql~4.6.2~26.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-sqlite\", rpm:\"qt-sqlite~4.6.2~26.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-x11\", rpm:\"qt-x11~4.6.2~26.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-02-05T11:10:21", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098698.html", "2013-2041"], "pluginID": "865355", "description": "Check for the Version of qt", "edition": 3, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-02-15T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for qt FEDORA-2013-2041", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0254"], "modified": "2018-02-03T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=865355", "id": "OPENVAS:865355", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt FEDORA-2013-2041\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Qt is a software toolkit for developing applications.\n\n This package contains base tools, like string, xml, and network\n handling.\";\n\n\ntag_affected = \"qt on Fedora 18\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098698.html\");\n script_id(865355);\n script_version(\"$Revision: 8650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-03 13:16:59 +0100 (Sat, 03 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-15 11:14:35 +0530 (Fri, 15 Feb 2013)\");\n script_cve_id(\"CVE-2013-0254\");\n script_tag(name:\"cvss_base\", value:\"3.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2013-2041\");\n script_name(\"Fedora Update for qt FEDORA-2013-2041\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of qt\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt\", rpm:\"qt~4.8.4~11.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:52:21", "references": ["http://linux.oracle.com/errata/ELSA-2013-0669.html"], "pluginID": "1361412562310123656", "description": "Oracle Linux Local Security Checks ELSA-2013-0669", "edition": 2, "reporter": "Eero Volotinen", "published": "2015-10-06T00:00:00", "title": "Oracle Linux Local Check: ELSA-2013-0669", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0254"], "modified": "2017-07-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123656", "id": "OPENVAS:1361412562310123656", "sourceData": "# OpenVAS Vulnerability Test \n# Description: Oracle Linux Local Check \n# $Id: ELSA-2013-0669.nasl 6558 2017-07-06 11:56:55Z cfischer $\n \n# Authors: \n# Eero Volotinen <eero.volotinen@solinor.com> \n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.123656\");\nscript_version(\"$Revision: 6558 $\");\nscript_tag(name:\"creation_date\", value:\"2015-10-06 14:06:51 +0300 (Tue, 06 Oct 2015)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 13:56:55 +0200 (Thu, 06 Jul 2017) $\");\nscript_name(\"Oracle Linux Local Check: ELSA-2013-0669\");\nscript_tag(name: \"insight\", value: \"ELSA-2013-0669 - qt security update - [1:4.6.2-26]- Resolves: CVE-2013-0254, QSharedMemory class created shared memory segments with insecure permissions\"); \nscript_tag(name : \"solution\", value : \"update software\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_tag(name : \"summary\", value : \"Oracle Linux Local Security Checks ELSA-2013-0669\");\nscript_xref(name : \"URL\" , value : \"http://linux.oracle.com/errata/ELSA-2013-0669.html\");\nscript_cve_id(\"CVE-2013-0254\");\nscript_tag(name:\"cvss_base\", value:\"3.6\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:N\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\");\nscript_category(ACT_GATHER_INFO);\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Oracle Linux Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\nrelease = get_kb_item(\"ssh/login/release\");\nres = \"\";\nif(release == NULL)\n{\n exit(0);\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"phonon-backend-gstreamer\", rpm:\"phonon-backend-gstreamer~4.6.2~26.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"qt\", rpm:\"qt~4.6.2~26.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"qt-demos\", rpm:\"qt-demos~4.6.2~26.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"qt-devel\", rpm:\"qt-devel~4.6.2~26.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"qt-doc\", rpm:\"qt-doc~4.6.2~26.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"qt-examples\", rpm:\"qt-examples~4.6.2~26.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"qt-mysql\", rpm:\"qt-mysql~4.6.2~26.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"qt-odbc\", rpm:\"qt-odbc~4.6.2~26.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"qt-postgresql\", rpm:\"qt-postgresql~4.6.2~26.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"qt-sqlite\", rpm:\"qt-sqlite~4.6.2~26.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"qt-x11\", rpm:\"qt-x11~4.6.2~26.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n\n}\nif (__pkg_match) exit(99); #Not vulnerable\n exit(0);\n\n", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-25T10:52:02", "references": ["http://lists.centos.org/pipermail/centos-announce/2013-March/019662.html", "2013:0669"], "pluginID": "881696", "description": "Check for the Version of phonon-backend-gstreamer", "edition": 2, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-03-22T00:00:00", "title": "CentOS Update for phonon-backend-gstreamer CESA-2013:0669 centos6 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0254"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881696", "id": "OPENVAS:881696", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for phonon-backend-gstreamer CESA-2013:0669 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Qt is a software toolkit that simplifies the task of writing and\n maintaining GUI (Graphical User Interface) applications for the X Window\n System.\n\n It was discovered that the QSharedMemory class implementation of the Qt\n toolkit created shared memory segments with insecure permissions. A local\n attacker could use this flaw to read or alter the contents of a particular\n shared memory segment, possibly leading to their ability to obtain\n sensitive information or influence the behavior of a process that is using\n the shared memory segment. (CVE-2013-0254)\n\n Red Hat would like to thank the Qt project for reporting this issue.\n Upstream acknowledges Tim Brown and Mark Lowe of Portcullis Computer\n Security Ltd. as the original reporters.\n\n Users of Qt should upgrade to these updated packages, which contain a\n backported patch to correct this issue. All running applications linked\n against Qt libraries must be restarted for this update to take effect.\";\n\n\ntag_affected = \"phonon-backend-gstreamer on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-March/019662.html\");\n script_id(881696);\n script_version(\"$Revision: 6655 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:48:58 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-22 10:40:44 +0530 (Fri, 22 Mar 2013)\");\n script_cve_id(\"CVE-2013-0254\");\n script_tag(name:\"cvss_base\", value:\"3.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"CESA\", value: \"2013:0669\");\n script_name(\"CentOS Update for phonon-backend-gstreamer CESA-2013:0669 centos6 \");\n\n script_summary(\"Check for the Version of phonon-backend-gstreamer\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"phonon-backend-gstreamer\", rpm:\"phonon-backend-gstreamer~4.6.2~26.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt\", rpm:\"qt~4.6.2~26.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-demos\", rpm:\"qt-demos~4.6.2~26.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-devel\", rpm:\"qt-devel~4.6.2~26.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-doc\", rpm:\"qt-doc~4.6.2~26.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-examples\", rpm:\"qt-examples~4.6.2~26.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-mysql\", rpm:\"qt-mysql~4.6.2~26.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-odbc\", rpm:\"qt-odbc~4.6.2~26.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-postgresql\", rpm:\"qt-postgresql~4.6.2~26.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-sqlite\", rpm:\"qt-sqlite~4.6.2~26.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-x11\", rpm:\"qt-x11~4.6.2~26.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-26T11:09:26", "references": ["2013:0669-01", "https://www.redhat.com/archives/rhsa-announce/2013-March/msg00062.html"], "pluginID": "870969", "description": "Check for the Version of qt", "edition": 3, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-03-22T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "RedHat Update for qt RHSA-2013:0669-01", "type": "openvas", "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0254"], "modified": "2018-01-26T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870969", "id": "OPENVAS:870969", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for qt RHSA-2013:0669-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Qt is a software toolkit that simplifies the task of writing and\n maintaining GUI (Graphical User Interface) applications for the X Window\n System.\n\n It was discovered that the QSharedMemory class implementation of the Qt\n toolkit created shared memory segments with insecure permissions. A local\n attacker could use this flaw to read or alter the contents of a particular\n shared memory segment, possibly leading to their ability to obtain\n sensitive information or influence the behavior of a process that is using\n the shared memory segment. (CVE-2013-0254)\n\n Red Hat would like to thank the Qt project for reporting this issue.\n Upstream acknowledges Tim Brown and Mark Lowe of Portcullis Computer\n Security Ltd. as the original reporters.\n\n Users of Qt should upgrade to these updated packages, which contain a\n backported patch to correct this issue. All running applications linked\n against Qt libraries must be restarted for this update to take effect.\";\n\n\ntag_affected = \"qt on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2013-March/msg00062.html\");\n script_id(870969);\n script_version(\"$Revision: 8542 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-26 07:57:28 +0100 (Fri, 26 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-22 10:40:06 +0530 (Fri, 22 Mar 2013)\");\n script_cve_id(\"CVE-2013-0254\");\n script_tag(name:\"cvss_base\", value:\"3.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"RHSA\", value: \"2013:0669-01\");\n script_name(\"RedHat Update for qt RHSA-2013:0669-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of qt\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"phonon-backend-gstreamer\", rpm:\"phonon-backend-gstreamer~4.6.2~26.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt\", rpm:\"qt~4.6.2~26.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-debuginfo\", rpm:\"qt-debuginfo~4.6.2~26.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-devel\", rpm:\"qt-devel~4.6.2~26.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-mysql\", rpm:\"qt-mysql~4.6.2~26.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-odbc\", rpm:\"qt-odbc~4.6.2~26.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-postgresql\", rpm:\"qt-postgresql~4.6.2~26.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-sqlite\", rpm:\"qt-sqlite~4.6.2~26.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-x11\", rpm:\"qt-x11~4.6.2~26.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-doc\", rpm:\"qt-doc~4.6.2~26.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-06T11:21:09", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098698.html", "2013-2041"], "pluginID": "1361412562310865355", "description": "Check for the Version of qt", "edition": 1, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-02-15T00:00:00", "title": "Fedora Update for qt FEDORA-2013-2041", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0254"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865355", "id": "OPENVAS:1361412562310865355", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt FEDORA-2013-2041\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Qt is a software toolkit for developing applications.\n\n This package contains base tools, like string, xml, and network\n handling.\";\n\n\ntag_affected = \"qt on Fedora 18\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098698.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865355\");\n script_version(\"$Revision: 9353 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:14:20 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-15 11:14:35 +0530 (Fri, 15 Feb 2013)\");\n script_cve_id(\"CVE-2013-0254\");\n script_tag(name:\"cvss_base\", value:\"3.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2013-2041\");\n script_name(\"Fedora Update for qt FEDORA-2013-2041\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of qt\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt\", rpm:\"qt~4.8.4~11.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-25T10:51:53", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099196.html", "2013-1997"], "pluginID": "865392", "description": "Check for the Version of qt", "edition": 2, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-03-01T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for qt FEDORA-2013-1997", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0254"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=865392", "id": "OPENVAS:865392", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt FEDORA-2013-1997\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Qt is a software toolkit for developing applications.\n\n This package contains base tools, like string, xml, and network\n handling.\";\n\n\ntag_affected = \"qt on Fedora 17\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099196.html\");\n script_id(865392);\n script_version(\"$Revision: 6628 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:32:47 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-01 11:08:22 +0530 (Fri, 01 Mar 2013)\");\n script_cve_id(\"CVE-2013-0254\");\n script_tag(name:\"cvss_base\", value:\"3.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2013-1997\");\n script_name(\"Fedora Update for qt FEDORA-2013-1997\");\n\n script_summary(\"Check for the Version of qt\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt\", rpm:\"qt~4.8.4~11.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-09T11:23:31", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099196.html", "2013-1997"], "pluginID": "1361412562310865392", "description": "Check for the Version of qt", "edition": 2, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-03-01T00:00:00", "title": "Fedora Update for qt FEDORA-2013-1997", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0254"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865392", "id": "OPENVAS:1361412562310865392", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt FEDORA-2013-1997\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Qt is a software toolkit for developing applications.\n\n This package contains base tools, like string, xml, and network\n handling.\";\n\n\ntag_affected = \"qt on Fedora 17\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099196.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865392\");\n script_version(\"$Revision: 9372 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:56:37 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-01 11:08:22 +0530 (Fri, 01 Mar 2013)\");\n script_cve_id(\"CVE-2013-0254\");\n script_tag(name:\"cvss_base\", value:\"3.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2013-1997\");\n script_name(\"Fedora Update for qt FEDORA-2013-1997\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of qt\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt\", rpm:\"qt~4.8.4~11.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-09T11:28:08", "references": ["https://security.gentoo.org/glsa/201311-14"], "pluginID": "1361412562310121073", "description": "Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201311-14", "edition": 3, "reporter": "Eero Volotinen", "published": "2015-09-29T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "title": "Gentoo Linux Local Check: https://security.gentoo.org/glsa/201311-14", "type": "openvas", "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0254", "CVE-2011-3193"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121073", "id": "OPENVAS:1361412562310121073", "sourceData": "# OpenVAS Vulnerability Test\n# Description: Gentoo Linux security check\n# $Id: glsa-201311-14.nasl 9374 2018-04-06 08:58:12Z cfischer $\n\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.121073\");\nscript_version(\"$Revision: 9374 $\");\nscript_tag(name:\"creation_date\", value:\"2015-09-29 11:26:19 +0300 (Tue, 29 Sep 2015)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:58:12 +0200 (Fri, 06 Apr 2018) $\");\nscript_name(\"Gentoo Linux Local Check: https://security.gentoo.org/glsa/201311-14\");\nscript_tag(name: \"insight\", value: \"Multiple vulnerabilities have been discovered in QtCore and QtGui. Please review the CVE identifiers referenced below for details.\"); \nscript_tag(name : \"solution\", value : \"update software\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_xref(name : \"URL\" , value : \"https://security.gentoo.org/glsa/201311-14\");\nscript_cve_id(\"CVE-2011-3193\",\"CVE-2013-0254\");\nscript_tag(name:\"cvss_base\", value:\"9.3\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\nscript_category(ACT_GATHER_INFO);\nscript_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201311-14\");\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Gentoo Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"dev-qt/qtcore\", unaffected: make_list(\"ge 4.8.4-r2\"), vulnerable: make_list(\"lt 4.8.4-r2\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-qt/qtgui\", unaffected: make_list(\"ge 4.8.4-r1\"), vulnerable: make_list(\"lt 4.8.4-r1\"))) != NULL) {\n\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2017-10-29T13:43:31", "references": ["http://www.nessus.org/u?16484364", "https://bugzilla.redhat.com/show_bug.cgi?id=907425"], "pluginID": "64603", "edition": 2, "description": "it fixes security flaw was found in the way QSharedMemory class, CVE-2013-0254\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "reporter": "Tenable", "published": "2013-02-13T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "type": "nessus", "title": "Fedora 18 : qt-4.8.4-11.fc18 (2013-2041)", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0254"], "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:qt"], "modified": "2015-10-19T00:00:00", "id": "FEDORA_2013-2041.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=64603", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-2041.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64603);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2015/10/19 21:37:39 $\");\n\n script_cve_id(\"CVE-2013-0254\");\n script_bugtraq_id(57772);\n script_xref(name:\"FEDORA\", value:\"2013-2041\");\n\n script_name(english:\"Fedora 18 : qt-4.8.4-11.fc18 (2013-2041)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"it fixes security flaw was found in the way QSharedMemory class,\nCVE-2013-0254\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=907425\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-February/098698.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?16484364\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qt package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:qt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"qt-4.8.4-11.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt\");\n}\n", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-07-21T08:08:20", "references": ["https://oss.oracle.com/pipermail/el-errata/2013-March/003378.html"], "pluginID": "68795", "description": "From Red Hat Security Advisory 2013:0669 :\n\nUpdated qt packages that fix one security issue are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nQt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System.\n\nIt was discovered that the QSharedMemory class implementation of the Qt toolkit created shared memory segments with insecure permissions. A local attacker could use this flaw to read or alter the contents of a particular shared memory segment, possibly leading to their ability to obtain sensitive information or influence the behavior of a process that is using the shared memory segment. (CVE-2013-0254)\n\nRed Hat would like to thank the Qt project for reporting this issue.\nUpstream acknowledges Tim Brown and Mark Lowe of Portcullis Computer Security Ltd. as the original reporters.\n\nUsers of Qt should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against Qt libraries must be restarted for this update to take effect.", "edition": 3, "reporter": "Tenable", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 6 : qt (ELSA-2013-0669)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0254"], "modified": "2018-07-18T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:qt-doc", "p-cpe:/a:oracle:linux:qt-odbc", "p-cpe:/a:oracle:linux:phonon-backend-gstreamer", "p-cpe:/a:oracle:linux:qt-x11", "p-cpe:/a:oracle:linux:qt-mysql", "p-cpe:/a:oracle:linux:qt-sqlite", "p-cpe:/a:oracle:linux:qt-demos", "p-cpe:/a:oracle:linux:qt-examples", "p-cpe:/a:oracle:linux:qt-devel", "p-cpe:/a:oracle:linux:qt-postgresql", "p-cpe:/a:oracle:linux:qt"], "id": "ORACLELINUX_ELSA-2013-0669.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68795", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:0669 and \n# Oracle Linux Security Advisory ELSA-2013-0669 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68795);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/18 17:43:57\");\n\n script_cve_id(\"CVE-2013-0254\");\n script_bugtraq_id(57772);\n script_xref(name:\"RHSA\", value:\"2013:0669\");\n\n script_name(english:\"Oracle Linux 6 : qt (ELSA-2013-0669)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:0669 :\n\nUpdated qt packages that fix one security issue are now available for\nRed Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nQt is a software toolkit that simplifies the task of writing and\nmaintaining GUI (Graphical User Interface) applications for the X\nWindow System.\n\nIt was discovered that the QSharedMemory class implementation of the\nQt toolkit created shared memory segments with insecure permissions. A\nlocal attacker could use this flaw to read or alter the contents of a\nparticular shared memory segment, possibly leading to their ability to\nobtain sensitive information or influence the behavior of a process\nthat is using the shared memory segment. (CVE-2013-0254)\n\nRed Hat would like to thank the Qt project for reporting this issue.\nUpstream acknowledges Tim Brown and Mark Lowe of Portcullis Computer\nSecurity Ltd. as the original reporters.\n\nUsers of Qt should upgrade to these updated packages, which contain a\nbackported patch to correct this issue. All running applications\nlinked against Qt libraries must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-March/003378.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qt packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:phonon-backend-gstreamer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qt-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qt-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qt-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qt-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qt-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qt-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qt-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"phonon-backend-gstreamer-4.6.2-26.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"qt-4.6.2-26.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"qt-demos-4.6.2-26.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"qt-devel-4.6.2-26.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"qt-doc-4.6.2-26.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"qt-examples-4.6.2-26.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"qt-mysql-4.6.2-26.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"qt-odbc-4.6.2-26.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"qt-postgresql-4.6.2-26.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"qt-sqlite-4.6.2-26.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"qt-x11-4.6.2-26.el6_4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phonon-backend-gstreamer / qt / qt-demos / qt-devel / qt-doc / etc\");\n}\n", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-07-03T09:29:22", "references": ["http://www.nessus.org/u?3fd9910e"], "pluginID": "65661", "description": "Updated qt packages that fix one security issue are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nQt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System.\n\nIt was discovered that the QSharedMemory class implementation of the Qt toolkit created shared memory segments with insecure permissions. A local attacker could use this flaw to read or alter the contents of a particular shared memory segment, possibly leading to their ability to obtain sensitive information or influence the behavior of a process that is using the shared memory segment. (CVE-2013-0254)\n\nRed Hat would like to thank the Qt project for reporting this issue.\nUpstream acknowledges Tim Brown and Mark Lowe of Portcullis Computer Security Ltd. as the original reporters.\n\nUsers of Qt should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against Qt libraries must be restarted for this update to take effect.", "edition": 3, "reporter": "Tenable", "published": "2013-03-24T00:00:00", "title": "CentOS 6 : qt (CESA-2013:0669)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0254"], "modified": "2018-07-02T00:00:00", "cpe": ["p-cpe:/a:centos:centos:qt-postgresql", "p-cpe:/a:centos:centos:qt-doc", "cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:qt", "p-cpe:/a:centos:centos:phonon-backend-gstreamer", "p-cpe:/a:centos:centos:qt-x11", "p-cpe:/a:centos:centos:qt-demos", "p-cpe:/a:centos:centos:qt-mysql", "p-cpe:/a:centos:centos:qt-odbc", "p-cpe:/a:centos:centos:qt-sqlite", "p-cpe:/a:centos:centos:qt-examples", "p-cpe:/a:centos:centos:qt-devel"], "id": "CENTOS_RHSA-2013-0669.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=65661", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0669 and \n# CentOS Errata and Security Advisory 2013:0669 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65661);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/07/02 18:48:53\");\n\n script_cve_id(\"CVE-2013-0254\");\n script_bugtraq_id(57772);\n script_xref(name:\"RHSA\", value:\"2013:0669\");\n\n script_name(english:\"CentOS 6 : qt (CESA-2013:0669)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated qt packages that fix one security issue are now available for\nRed Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nQt is a software toolkit that simplifies the task of writing and\nmaintaining GUI (Graphical User Interface) applications for the X\nWindow System.\n\nIt was discovered that the QSharedMemory class implementation of the\nQt toolkit created shared memory segments with insecure permissions. A\nlocal attacker could use this flaw to read or alter the contents of a\nparticular shared memory segment, possibly leading to their ability to\nobtain sensitive information or influence the behavior of a process\nthat is using the shared memory segment. (CVE-2013-0254)\n\nRed Hat would like to thank the Qt project for reporting this issue.\nUpstream acknowledges Tim Brown and Mark Lowe of Portcullis Computer\nSecurity Ltd. as the original reporters.\n\nUsers of Qt should upgrade to these updated packages, which contain a\nbackported patch to correct this issue. All running applications\nlinked against Qt libraries must be restarted for this update to take\neffect.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2013-March/019662.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3fd9910e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qt packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:phonon-backend-gstreamer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"phonon-backend-gstreamer-4.6.2-26.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"qt-4.6.2-26.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"qt-demos-4.6.2-26.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"qt-devel-4.6.2-26.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"qt-doc-4.6.2-26.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"qt-examples-4.6.2-26.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"qt-mysql-4.6.2-26.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"qt-odbc-4.6.2-26.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"qt-postgresql-4.6.2-26.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"qt-sqlite-4.6.2-26.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"qt-x11-4.6.2-26.el6_4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-15T15:12:33", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=802634", "http://lists.opensuse.org/opensuse-updates/2013-03/msg00014.html"], "pluginID": "74917", "description": "libqt4 was updated to fix a information disclosure via QSharedMemory (CVE-2013-0254).", "edition": 3, "reporter": "Tenable", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : libqt4 (openSUSE-SU-2013:0403-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0254"], "modified": "2018-08-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-x11", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite", "p-cpe:/a:novell:opensuse:libqt4-sql-mysql", "p-cpe:/a:novell:opensuse:libqt4-sql-postgresql", "p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-mysql-32bit", "p-cpe:/a:novell:opensuse:libqt4-debugsource", "p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC", "p-cpe:/a:novell:opensuse:qt4-x11-tools", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-devel-doc-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-devel", "p-cpe:/a:novell:opensuse:libqt4-qt3support-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql", "p-cpe:/a:novell:opensuse:qt4-x11-tools-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-private-headers-devel", "p-cpe:/a:novell:opensuse:libqt4-sql-mysql-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-32bit", "p-cpe:/a:novell:opensuse:libqt4-devel-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-devel-doc-data", "p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-x11-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-32bit", "p-cpe:/a:novell:opensuse:libqt4", "p-cpe:/a:novell:opensuse:libqt4-devel-doc-debugsource", "p-cpe:/a:novell:opensuse:libqt4-sql-32bit", "p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-qt3support", "cpe:/o:novell:opensuse:12.2", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-mysql-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-plugins-debugsource"], "id": "OPENSUSE-2013-179.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=74917", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-179.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74917);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/08/13 14:32:39\");\n\n script_cve_id(\"CVE-2013-0254\");\n\n script_name(english:\"openSUSE Security Update : libqt4 (openSUSE-SU-2013:0403-1)\");\n script_summary(english:\"Check for the openSUSE-2013-179 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libqt4 was updated to fix a information disclosure via QSharedMemory\n(CVE-2013-0254).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2013-03/msg00014.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=802634\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libqt4 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-doc-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-doc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-doc-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-mysql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-mysql-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-plugins-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt4-x11-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt4-x11-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-4.8.1-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-debuginfo-4.8.1-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-debugsource-4.8.1-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-devel-4.8.1-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-devel-debuginfo-4.8.1-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-devel-doc-data-4.8.1-2.16.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-devel-doc-debuginfo-4.8.1-2.16.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-devel-doc-debugsource-4.8.1-2.16.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-private-headers-devel-4.8.1-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-qt3support-4.8.1-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-qt3support-debuginfo-4.8.1-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-sql-4.8.1-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-sql-debuginfo-4.8.1-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-sql-mysql-4.8.1-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-sql-mysql-debuginfo-4.8.1-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-sql-plugins-debugsource-4.8.1-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-sql-postgresql-4.8.1-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-sql-postgresql-debuginfo-4.8.1-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-sql-sqlite-4.8.1-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-sql-sqlite-debuginfo-4.8.1-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-sql-unixODBC-4.8.1-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-sql-unixODBC-debuginfo-4.8.1-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-x11-4.8.1-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-x11-debuginfo-4.8.1-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"qt4-x11-tools-4.8.1-2.16.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"qt4-x11-tools-debuginfo-4.8.1-2.16.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-32bit-4.8.1-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-debuginfo-32bit-4.8.1-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-qt3support-32bit-4.8.1-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-qt3support-debuginfo-32bit-4.8.1-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-sql-32bit-4.8.1-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-sql-debuginfo-32bit-4.8.1-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-sql-mysql-32bit-4.8.1-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-sql-mysql-debuginfo-32bit-4.8.1-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-sql-postgresql-32bit-4.8.1-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-sql-postgresql-debuginfo-32bit-4.8.1-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-sql-sqlite-32bit-4.8.1-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-sql-sqlite-debuginfo-32bit-4.8.1-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-sql-unixODBC-32bit-4.8.1-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-sql-unixODBC-debuginfo-32bit-4.8.1-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-x11-32bit-4.8.1-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-x11-debuginfo-32bit-4.8.1-2.16.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libqt4\");\n}\n", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-07-30T13:53:42", "references": ["http://rhn.redhat.com/errata/RHSA-2013-0669.html", "https://www.redhat.com/security/data/cve/CVE-2013-0254.html"], "pluginID": "65652", "description": "Updated qt packages that fix one security issue are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nQt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System.\n\nIt was discovered that the QSharedMemory class implementation of the Qt toolkit created shared memory segments with insecure permissions. A local attacker could use this flaw to read or alter the contents of a particular shared memory segment, possibly leading to their ability to obtain sensitive information or influence the behavior of a process that is using the shared memory segment. (CVE-2013-0254)\n\nRed Hat would like to thank the Qt project for reporting this issue.\nUpstream acknowledges Tim Brown and Mark Lowe of Portcullis Computer Security Ltd. as the original reporters.\n\nUsers of Qt should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against Qt libraries must be restarted for this update to take effect.", "edition": 4, "reporter": "Tenable", "published": "2013-03-22T00:00:00", "title": "RHEL 6 : qt (RHSA-2013:0669)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0254"], "modified": "2018-07-26T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:qt-sqlite", "p-cpe:/a:redhat:enterprise_linux:qt-demos", "p-cpe:/a:redhat:enterprise_linux:qt", "p-cpe:/a:redhat:enterprise_linux:qt-devel", "p-cpe:/a:redhat:enterprise_linux:qt-debuginfo", "cpe:/o:redhat:enterprise_linux:6.4", "p-cpe:/a:redhat:enterprise_linux:qt-odbc", "p-cpe:/a:redhat:enterprise_linux:qt-mysql", "p-cpe:/a:redhat:enterprise_linux:qt-examples", "p-cpe:/a:redhat:enterprise_linux:phonon-backend-gstreamer", "p-cpe:/a:redhat:enterprise_linux:qt-postgresql", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:qt-x11", "p-cpe:/a:redhat:enterprise_linux:qt-doc"], "id": "REDHAT-RHSA-2013-0669.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=65652", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0669. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65652);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/26 18:45:28\");\n\n script_cve_id(\"CVE-2013-0254\");\n script_bugtraq_id(57772);\n script_xref(name:\"RHSA\", value:\"2013:0669\");\n\n script_name(english:\"RHEL 6 : qt (RHSA-2013:0669)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated qt packages that fix one security issue are now available for\nRed Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nQt is a software toolkit that simplifies the task of writing and\nmaintaining GUI (Graphical User Interface) applications for the X\nWindow System.\n\nIt was discovered that the QSharedMemory class implementation of the\nQt toolkit created shared memory segments with insecure permissions. A\nlocal attacker could use this flaw to read or alter the contents of a\nparticular shared memory segment, possibly leading to their ability to\nobtain sensitive information or influence the behavior of a process\nthat is using the shared memory segment. (CVE-2013-0254)\n\nRed Hat would like to thank the Qt project for reporting this issue.\nUpstream acknowledges Tim Brown and Mark Lowe of Portcullis Computer\nSecurity Ltd. as the original reporters.\n\nUsers of Qt should upgrade to these updated packages, which contain a\nbackported patch to correct this issue. All running applications\nlinked against Qt libraries must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0254.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-0669.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:phonon-backend-gstreamer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0669\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"phonon-backend-gstreamer-4.6.2-26.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"qt-4.6.2-26.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"qt-debuginfo-4.6.2-26.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"qt-demos-4.6.2-26.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"qt-demos-4.6.2-26.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qt-demos-4.6.2-26.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"qt-devel-4.6.2-26.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"qt-doc-4.6.2-26.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"qt-examples-4.6.2-26.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"qt-examples-4.6.2-26.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qt-examples-4.6.2-26.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"qt-mysql-4.6.2-26.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"qt-odbc-4.6.2-26.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"qt-postgresql-4.6.2-26.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"qt-sqlite-4.6.2-26.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"qt-x11-4.6.2-26.el6_4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phonon-backend-gstreamer / qt / qt-debuginfo / qt-demos / qt-devel / etc\");\n }\n}\n", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-10-29T13:39:47", "references": ["http://www.nessus.org/u?8a0593a4"], "pluginID": "65654", "description": "It was discovered that the QSharedMemory class implementation of the Qt toolkit created shared memory segments with insecure permissions. A local attacker could use this flaw to read or alter the contents of a particular shared memory segment, possibly leading to their ability to obtain sensitive information or influence the behavior of a process that is using the shared memory segment. (CVE-2013-0254)\n\nAll running applications linked against Qt libraries must be restarted for this update to take effect.", "edition": 2, "reporter": "Tenable", "published": "2013-03-22T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "type": "nessus", "title": "Scientific Linux Security Update : qt on SL6.x i386/x86_64", "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0254"], "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "modified": "2013-03-22T00:00:00", "id": "SL_20130321_QT_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=65654", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65654);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2013/03/22 10:44:21 $\");\n\n script_cve_id(\"CVE-2013-0254\");\n\n script_name(english:\"Scientific Linux Security Update : qt on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the QSharedMemory class implementation of the\nQt toolkit created shared memory segments with insecure permissions. A\nlocal attacker could use this flaw to read or alter the contents of a\nparticular shared memory segment, possibly leading to their ability to\nobtain sensitive information or influence the behavior of a process\nthat is using the shared memory segment. (CVE-2013-0254)\n\nAll running applications linked against Qt libraries must be restarted\nfor this update to take effect.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1303&L=scientific-linux-errata&T=0&P=5398\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8a0593a4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"phonon-backend-gstreamer-4.6.2-26.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"qt-4.6.2-26.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"qt-debuginfo-4.6.2-26.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"qt-demos-4.6.2-26.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"qt-devel-4.6.2-26.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"qt-doc-4.6.2-26.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"qt-examples-4.6.2-26.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"qt-mysql-4.6.2-26.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"qt-odbc-4.6.2-26.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"qt-postgresql-4.6.2-26.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"qt-sqlite-4.6.2-26.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"qt-x11-4.6.2-26.el6_4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-10-29T13:39:13", "references": ["http://www.nessus.org/u?980fc87c", "https://bugzilla.redhat.com/show_bug.cgi?id=907425"], "pluginID": "64868", "edition": 2, "description": "it fixes security flaw was found in the way QSharedMemory class, CVE-2013-0254\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "reporter": "Tenable", "published": "2013-02-25T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "type": "nessus", "title": "Fedora 17 : qt-4.8.4-11.fc17 (2013-1997)", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0254"], "cpe": ["p-cpe:/a:fedoraproject:fedora:qt", "cpe:/o:fedoraproject:fedora:17"], "modified": "2015-10-19T00:00:00", "id": "FEDORA_2013-1997.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=64868", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-1997.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64868);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2015/10/19 21:37:39 $\");\n\n script_cve_id(\"CVE-2013-0254\");\n script_bugtraq_id(57772);\n script_xref(name:\"FEDORA\", value:\"2013-1997\");\n\n script_name(english:\"Fedora 17 : qt-4.8.4-11.fc17 (2013-1997)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"it fixes security flaw was found in the way QSharedMemory class,\nCVE-2013-0254\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=907425\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-February/099196.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?980fc87c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qt package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:qt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"qt-4.8.4-11.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt\");\n}\n", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-15T15:36:30", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=802634", "http://lists.opensuse.org/opensuse-updates/2013-03/msg00015.html"], "pluginID": "74916", "description": "libqt4 was updated to fix a information disclosure via QSharedMemory (CVE-2013-0254).", "edition": 3, "reporter": "Tenable", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : libqt4 (openSUSE-SU-2013:0404-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0254"], "modified": "2018-08-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-x11", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite", "p-cpe:/a:novell:opensuse:libqt4-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-debugsource", "cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-devel", "p-cpe:/a:novell:opensuse:libqt4-qt3support-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql", "p-cpe:/a:novell:opensuse:libqt4-private-headers-devel", "p-cpe:/a:novell:opensuse:libqt4-devel-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-x11-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-32bit", "p-cpe:/a:novell:opensuse:libqt4", "p-cpe:/a:novell:opensuse:libqt4-sql-32bit", "p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-qt3support", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-32bit"], "id": "OPENSUSE-2013-178.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=74916", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-178.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74916);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/08/13 14:32:39\");\n\n script_cve_id(\"CVE-2013-0254\");\n\n script_name(english:\"openSUSE Security Update : libqt4 (openSUSE-SU-2013:0404-1)\");\n script_summary(english:\"Check for the openSUSE-2013-178 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libqt4 was updated to fix a information disclosure via QSharedMemory\n(CVE-2013-0254).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2013-03/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=802634\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libqt4 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libqt4-4.7.4-19.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libqt4-debuginfo-4.7.4-19.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libqt4-debugsource-4.7.4-19.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libqt4-devel-4.7.4-19.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libqt4-devel-debuginfo-4.7.4-19.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libqt4-private-headers-devel-4.7.4-19.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libqt4-qt3support-4.7.4-19.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libqt4-qt3support-debuginfo-4.7.4-19.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libqt4-sql-4.7.4-19.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libqt4-sql-debuginfo-4.7.4-19.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libqt4-sql-sqlite-4.7.4-19.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libqt4-sql-sqlite-debuginfo-4.7.4-19.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libqt4-x11-4.7.4-19.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libqt4-x11-debuginfo-4.7.4-19.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libqt4-32bit-4.7.4-19.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libqt4-debuginfo-32bit-4.7.4-19.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libqt4-qt3support-32bit-4.7.4-19.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libqt4-qt3support-debuginfo-32bit-4.7.4-19.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libqt4-sql-32bit-4.7.4-19.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libqt4-sql-debuginfo-32bit-4.7.4-19.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libqt4-sql-sqlite-32bit-4.7.4-19.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libqt4-sql-sqlite-debuginfo-32bit-4.7.4-19.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libqt4-x11-32bit-4.7.4-19.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libqt4-x11-debuginfo-32bit-4.7.4-19.21.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libqt4\");\n}\n", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-10-29T13:39:53", "references": ["http://support.novell.com/security/cve/CVE-2013-0254.html", "https://bugzilla.novell.com/show_bug.cgi?id=802634", "http://support.novell.com/security/cve/CVE-2012-6093.html", "https://bugzilla.novell.com/show_bug.cgi?id=784197", "https://bugzilla.novell.com/show_bug.cgi?id=797006"], "pluginID": "65568", "edition": 2, "description": "libqt4 has been updated to fix several security issues.\n\n - An information disclosure via QSharedMemory was fixed which allowed local attackers to read information (e.g.\n bitmap content) from the attacked user. (CVE-2013-0254)\n\n - openssl-incompatibility-fix.diff: Fix wrong error reporting when using a binary incompatible version of openSSL. (bnc#797006, CVE-2012-6093)\n\n - Various compromised SSL root certificates were blacklisted. Also a non-security bugfix has been applied :\n\n - Add fix for qdbusviewer not matching args (bnc#784197)", "reporter": "Tenable", "published": "2013-03-15T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "nessus", "title": "SuSE 11.2 Security Update : libqt4 (SAT Patch Number 7441)", "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0254", "CVE-2012-6093"], "cpe": ["p-cpe:/a:novell:suse_linux:11:libqt4-x11", "p-cpe:/a:novell:suse_linux:11:libqt4-sql-mysql", "p-cpe:/a:novell:suse_linux:11:libqt4-sql-32bit", "p-cpe:/a:novell:suse_linux:11:libqt4-sql-sqlite", "p-cpe:/a:novell:suse_linux:11:libQtWebKit4", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:libqt4-32bit", "p-cpe:/a:novell:suse_linux:11:libqt4-qt3support", "p-cpe:/a:novell:suse_linux:11:qt4-x11-tools", "p-cpe:/a:novell:suse_linux:11:libqt4", "p-cpe:/a:novell:suse_linux:11:libqt4-qt3support-32bit", "p-cpe:/a:novell:suse_linux:11:libQtWebKit4-32bit", "p-cpe:/a:novell:suse_linux:11:libqt4-x11-32bit", "p-cpe:/a:novell:suse_linux:11:libqt4-sql"], "modified": "2013-10-25T00:00:00", "id": "SUSE_11_LIBQTWEBKIT-DEVEL-130302.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=65568", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65568);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2013/10/25 23:52:01 $\");\n\n script_cve_id(\"CVE-2012-6093\", \"CVE-2013-0254\");\n\n script_name(english:\"SuSE 11.2 Security Update : libqt4 (SAT Patch Number 7441)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libqt4 has been updated to fix several security issues.\n\n - An information disclosure via QSharedMemory was fixed\n which allowed local attackers to read information (e.g.\n bitmap content) from the attacked user. (CVE-2013-0254)\n\n - openssl-incompatibility-fix.diff: Fix wrong error\n reporting when using a binary incompatible version of\n openSSL. (bnc#797006, CVE-2012-6093)\n\n - Various compromised SSL root certificates were\n blacklisted. Also a non-security bugfix has been \napplied :\n\n - Add fix for qdbusviewer not matching args (bnc#784197)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=784197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=797006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=802634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-6093.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0254.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 7441.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libQtWebKit4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libQtWebKit4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-qt3support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-qt3support-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-sql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-sql-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-sql-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-x11-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:qt4-x11-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, \"SuSE 11.2\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"libQtWebKit4-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"libQtWebKit4-32bit-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"libqt4-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"libqt4-32bit-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"libqt4-qt3support-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"libqt4-qt3support-32bit-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"libqt4-sql-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"libqt4-sql-32bit-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"libqt4-sql-mysql-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"libqt4-sql-sqlite-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"libqt4-x11-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"libqt4-x11-32bit-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"qt4-x11-tools-4.6.3-5.20.23.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-10-29T13:45:54", "references": ["http://support.novell.com/security/cve/CVE-2013-0254.html", "https://bugzilla.novell.com/show_bug.cgi?id=802634", "http://support.novell.com/security/cve/CVE-2012-6093.html", "https://bugzilla.novell.com/show_bug.cgi?id=784197", "https://bugzilla.novell.com/show_bug.cgi?id=797006"], "pluginID": "65567", "description": "libqt4 has been updated to fix several security issues.\n\n - An information disclosure via QSharedMemory was fixed which allowed local attackers to read information (e.g.\n bitmap content) from the attacked user. (CVE-2013-0254)\n\n - openssl-incompatibility-fix.diff: Fix wrong error reporting when using a binary incompatible version of openSSL. (bnc#797006, CVE-2012-6093)\n\n - Various compromised SSL root certificates were blacklisted. Also a non-security bugfix has been applied :\n\n - Add fix for qdbusviewer not matching args (bnc#784197)", "edition": 2, "reporter": "Tenable", "published": "2013-03-15T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "nessus", "title": "SuSE 11.2 Security Update : libqt4 (SAT Patch Number 7441)", "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0254", "CVE-2012-6093"], "cpe": ["p-cpe:/a:novell:suse_linux:11:libqt4-x11", "p-cpe:/a:novell:suse_linux:11:libqt4-sql-unixODBC", "p-cpe:/a:novell:suse_linux:11:libqt4-sql-mysql", "p-cpe:/a:novell:suse_linux:11:libqt4-sql-mysql-32bit", "p-cpe:/a:novell:suse_linux:11:libqt4-sql-32bit", "p-cpe:/a:novell:suse_linux:11:libqt4-sql-sqlite", "p-cpe:/a:novell:suse_linux:11:libQtWebKit4", "p-cpe:/a:novell:suse_linux:11:libqt4-sql-postgresql-32bit", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:libqt4-sql-postgresql", "p-cpe:/a:novell:suse_linux:11:libqt4-32bit", "p-cpe:/a:novell:suse_linux:11:libqt4-qt3support", "p-cpe:/a:novell:suse_linux:11:qt4-x11-tools", "p-cpe:/a:novell:suse_linux:11:libqt4", "p-cpe:/a:novell:suse_linux:11:libqt4-qt3support-32bit", "p-cpe:/a:novell:suse_linux:11:libQtWebKit4-32bit", "p-cpe:/a:novell:suse_linux:11:libqt4-sql-sqlite-32bit", "p-cpe:/a:novell:suse_linux:11:libqt4-sql-unixODBC-32bit", "p-cpe:/a:novell:suse_linux:11:libqt4-x11-32bit", "p-cpe:/a:novell:suse_linux:11:libqt4-sql"], "modified": "2013-10-25T00:00:00", "id": "SUSE_11_LIBQTWEBKIT-DEVEL-130301.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=65567", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65567);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2013/10/25 23:52:01 $\");\n\n script_cve_id(\"CVE-2012-6093\", \"CVE-2013-0254\");\n\n script_name(english:\"SuSE 11.2 Security Update : libqt4 (SAT Patch Number 7441)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libqt4 has been updated to fix several security issues.\n\n - An information disclosure via QSharedMemory was fixed\n which allowed local attackers to read information (e.g.\n bitmap content) from the attacked user. (CVE-2013-0254)\n\n - openssl-incompatibility-fix.diff: Fix wrong error\n reporting when using a binary incompatible version of\n openSSL. (bnc#797006, CVE-2012-6093)\n\n - Various compromised SSL root certificates were\n blacklisted. Also a non-security bugfix has been \napplied :\n\n - Add fix for qdbusviewer not matching args (bnc#784197)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=784197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=797006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=802634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-6093.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0254.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 7441.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libQtWebKit4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libQtWebKit4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-qt3support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-qt3support-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-sql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-sql-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-sql-mysql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-sql-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-sql-postgresql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-sql-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-sql-sqlite-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-sql-unixODBC\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-sql-unixODBC-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-x11-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:qt4-x11-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, \"SuSE 11.2\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"libQtWebKit4-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"libqt4-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"libqt4-qt3support-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"libqt4-sql-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"libqt4-sql-mysql-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"libqt4-sql-postgresql-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"libqt4-sql-sqlite-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"libqt4-sql-unixODBC-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"libqt4-x11-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libQtWebKit4-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libQtWebKit4-32bit-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-32bit-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-qt3support-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-qt3support-32bit-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-sql-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-sql-32bit-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-sql-mysql-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-sql-mysql-32bit-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-sql-postgresql-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-sql-postgresql-32bit-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-sql-sqlite-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-sql-sqlite-32bit-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-sql-unixODBC-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-sql-unixODBC-32bit-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-x11-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-x11-32bit-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"libQtWebKit4-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"libqt4-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"libqt4-qt3support-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"libqt4-sql-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"libqt4-sql-mysql-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"libqt4-sql-sqlite-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"libqt4-x11-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"qt4-x11-tools-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"libQtWebKit4-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"libQtWebKit4-32bit-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-32bit-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-qt3support-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-qt3support-32bit-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-sql-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-sql-32bit-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-sql-mysql-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-sql-sqlite-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-x11-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-x11-32bit-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"qt4-x11-tools-4.6.3-5.20.23.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "centos": [{"lastseen": "2017-10-03T18:25:53", "references": ["https://rhn.redhat.com/errata/RHSA-2013-0669.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-postgresql-4.6.2-26.el6_4.x86_64.rpm", "packageName": "qt-postgresql", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-4.6.2-26.el6_4.src.rpm", "packageName": "qt", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-examples-4.6.2-26.el6_4.x86_64.rpm", "packageName": "qt-examples", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-demos-4.6.2-26.el6_4.x86_64.rpm", "packageName": "qt-demos", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "phonon-backend-gstreamer-4.6.2-26.el6_4.x86_64.rpm", "packageName": "phonon-backend-gstreamer", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-sqlite-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-sqlite", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-sqlite-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-sqlite", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-devel-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-devel", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-devel-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-devel", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-examples-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-examples", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-4.6.2-26.el6_4.x86_64.rpm", "packageName": "qt", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-doc-4.6.2-26.el6_4.noarch.rpm", "packageName": "qt-doc", "arch": "noarch", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-doc-4.6.2-26.el6_4.noarch.rpm", "packageName": "qt-doc", "arch": "noarch", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-x11-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-x11", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-x11-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-x11", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-4.6.2-26.el6_4.i686.rpm", "packageName": "qt", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-4.6.2-26.el6_4.i686.rpm", "packageName": "qt", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-mysql-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-mysql", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-mysql-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-mysql", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-mysql-4.6.2-26.el6_4.x86_64.rpm", "packageName": "qt-mysql", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-odbc-4.6.2-26.el6_4.x86_64.rpm", "packageName": "qt-odbc", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-x11-4.6.2-26.el6_4.x86_64.rpm", "packageName": "qt-x11", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-postgresql-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-postgresql", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-postgresql-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-postgresql", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-demos-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-demos", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-sqlite-4.6.2-26.el6_4.x86_64.rpm", "packageName": "qt-sqlite", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "phonon-backend-gstreamer-4.6.2-26.el6_4.i686.rpm", "packageName": "phonon-backend-gstreamer", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "phonon-backend-gstreamer-4.6.2-26.el6_4.i686.rpm", "packageName": "phonon-backend-gstreamer", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-odbc-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-odbc", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-odbc-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-odbc", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-devel-4.6.2-26.el6_4.x86_64.rpm", "packageName": "qt-devel", "arch": "x86_64", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2013:0669\n\n\nQt is a software toolkit that simplifies the task of writing and\nmaintaining GUI (Graphical User Interface) applications for the X Window\nSystem.\n\nIt was discovered that the QSharedMemory class implementation of the Qt\ntoolkit created shared memory segments with insecure permissions. A local\nattacker could use this flaw to read or alter the contents of a particular\nshared memory segment, possibly leading to their ability to obtain\nsensitive information or influence the behavior of a process that is using\nthe shared memory segment. (CVE-2013-0254)\n\nRed Hat would like to thank the Qt project for reporting this issue.\nUpstream acknowledges Tim Brown and Mark Lowe of Portcullis Computer\nSecurity Ltd. as the original reporters.\n\nUsers of Qt should upgrade to these updated packages, which contain a\nbackported patch to correct this issue. All running applications linked\nagainst Qt libraries must be restarted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/019662.html\n\n**Affected packages:**\nphonon-backend-gstreamer\nqt\nqt-demos\nqt-devel\nqt-doc\nqt-examples\nqt-mysql\nqt-odbc\nqt-postgresql\nqt-sqlite\nqt-x11\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0669.html", "edition": 1, "reporter": "CentOS Project", "published": "2013-03-21T22:39:15", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "title": "phonon, qt security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0254"], "modified": "2013-03-21T22:39:15", "href": "http://lists.centos.org/pipermail/centos-announce/2013-March/019662.html", "id": "CESA-2013:0669", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "redhat": [{"lastseen": "2018-06-06T18:05:33", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "i686", "packageName": "qt-debuginfo", "packageFilename": "qt-debuginfo-4.6.2-26.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "src", "packageName": "qt", "packageFilename": "qt-4.6.2-26.el6_4.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "x86_64", "packageName": "qt-debuginfo", "packageFilename": "qt-debuginfo-4.6.2-26.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "i686", "packageName": "qt-examples", "packageFilename": "qt-examples-4.6.2-26.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "i686", "packageName": "qt-demos", "packageFilename": "qt-demos-4.6.2-26.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "i686", "packageName": "qt-devel", "packageFilename": "qt-devel-4.6.2-26.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "noarch", "packageName": "qt-doc", "packageFilename": "qt-doc-4.6.2-26.el6_4.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "x86_64", "packageName": "qt-demos", "packageFilename": "qt-demos-4.6.2-26.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "x86_64", "packageName": "qt-devel", "packageFilename": "qt-devel-4.6.2-26.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "x86_64", "packageName": "qt-examples", "packageFilename": "qt-examples-4.6.2-26.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "i686", "packageName": "qt", "packageFilename": "qt-4.6.2-26.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "i686", "packageName": "phonon-backend-gstreamer", "packageFilename": "phonon-backend-gstreamer-4.6.2-26.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "i686", "packageName": "qt-odbc", "packageFilename": "qt-odbc-4.6.2-26.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "i686", "packageName": "qt-mysql", "packageFilename": "qt-mysql-4.6.2-26.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "i686", "packageName": "qt-postgresql", "packageFilename": "qt-postgresql-4.6.2-26.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "i686", "packageName": "qt-sqlite", "packageFilename": "qt-sqlite-4.6.2-26.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "i686", "packageName": "qt-x11", "packageFilename": "qt-x11-4.6.2-26.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "x86_64", "packageName": "phonon-backend-gstreamer", "packageFilename": "phonon-backend-gstreamer-4.6.2-26.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "x86_64", "packageName": "qt-x11", "packageFilename": "qt-x11-4.6.2-26.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "x86_64", "packageName": "qt", "packageFilename": "qt-4.6.2-26.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "x86_64", "packageName": "qt-mysql", "packageFilename": "qt-mysql-4.6.2-26.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "x86_64", "packageName": "qt-odbc", "packageFilename": "qt-odbc-4.6.2-26.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "x86_64", "packageName": "qt-postgresql", "packageFilename": "qt-postgresql-4.6.2-26.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "x86_64", "packageName": "qt-sqlite", "packageFilename": "qt-sqlite-4.6.2-26.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "ppc", "packageName": "qt-debuginfo", "packageFilename": "qt-debuginfo-4.6.2-26.el6_4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "ppc64", "packageName": "qt-debuginfo", "packageFilename": "qt-debuginfo-4.6.2-26.el6_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "ppc64", "packageName": "qt-demos", "packageFilename": "qt-demos-4.6.2-26.el6_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "ppc64", "packageName": "qt-examples", "packageFilename": "qt-examples-4.6.2-26.el6_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "ppc", "packageName": "qt", "packageFilename": "qt-4.6.2-26.el6_4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "ppc", "packageName": "phonon-backend-gstreamer", "packageFilename": "phonon-backend-gstreamer-4.6.2-26.el6_4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "ppc", "packageName": "qt-devel", "packageFilename": "qt-devel-4.6.2-26.el6_4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "ppc", "packageName": "qt-odbc", "packageFilename": "qt-odbc-4.6.2-26.el6_4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "ppc", "packageName": "qt-postgresql", "packageFilename": "qt-postgresql-4.6.2-26.el6_4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "ppc", "packageName": "qt-x11", "packageFilename": "qt-x11-4.6.2-26.el6_4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "ppc64", "packageName": "phonon-backend-gstreamer", "packageFilename": "phonon-backend-gstreamer-4.6.2-26.el6_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "ppc64", "packageName": "qt-devel", "packageFilename": "qt-devel-4.6.2-26.el6_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "ppc64", "packageName": "qt-odbc", "packageFilename": "qt-odbc-4.6.2-26.el6_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "ppc64", "packageName": "qt-postgresql", "packageFilename": "qt-postgresql-4.6.2-26.el6_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "ppc64", "packageName": "qt-sqlite", "packageFilename": "qt-sqlite-4.6.2-26.el6_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "ppc", "packageName": "qt-sqlite", "packageFilename": "qt-sqlite-4.6.2-26.el6_4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "ppc64", "packageName": "qt-mysql", "packageFilename": "qt-mysql-4.6.2-26.el6_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "ppc64", "packageName": "qt-x11", "packageFilename": "qt-x11-4.6.2-26.el6_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "ppc", "packageName": "qt-mysql", "packageFilename": "qt-mysql-4.6.2-26.el6_4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "ppc64", "packageName": "qt", "packageFilename": "qt-4.6.2-26.el6_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "s390", "packageName": "qt-debuginfo", "packageFilename": "qt-debuginfo-4.6.2-26.el6_4.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "s390x", "packageName": "qt-debuginfo", "packageFilename": "qt-debuginfo-4.6.2-26.el6_4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "s390x", "packageName": "qt-demos", "packageFilename": "qt-demos-4.6.2-26.el6_4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "s390x", "packageName": "qt-examples", "packageFilename": "qt-examples-4.6.2-26.el6_4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "s390", "packageName": "qt-odbc", "packageFilename": "qt-odbc-4.6.2-26.el6_4.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "s390x", "packageName": "qt-mysql", "packageFilename": "qt-mysql-4.6.2-26.el6_4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "s390", "packageName": "phonon-backend-gstreamer", "packageFilename": "phonon-backend-gstreamer-4.6.2-26.el6_4.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "s390", "packageName": "qt", "packageFilename": "qt-4.6.2-26.el6_4.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "s390", "packageName": "qt-mysql", "packageFilename": "qt-mysql-4.6.2-26.el6_4.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "s390", "packageName": "qt-postgresql", "packageFilename": "qt-postgresql-4.6.2-26.el6_4.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "s390", "packageName": "qt-x11", "packageFilename": "qt-x11-4.6.2-26.el6_4.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "s390x", "packageName": "phonon-backend-gstreamer", "packageFilename": "phonon-backend-gstreamer-4.6.2-26.el6_4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "s390x", "packageName": "qt", "packageFilename": "qt-4.6.2-26.el6_4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "s390x", "packageName": "qt-sqlite", "packageFilename": "qt-sqlite-4.6.2-26.el6_4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "s390x", "packageName": "qt-x11", "packageFilename": "qt-x11-4.6.2-26.el6_4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "s390", "packageName": "qt-devel", "packageFilename": "qt-devel-4.6.2-26.el6_4.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "s390", "packageName": "qt-sqlite", "packageFilename": "qt-sqlite-4.6.2-26.el6_4.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "s390x", "packageName": "qt-devel", "packageFilename": "qt-devel-4.6.2-26.el6_4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "s390x", "packageName": "qt-odbc", "packageFilename": "qt-odbc-4.6.2-26.el6_4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "s390x", "packageName": "qt-postgresql", "packageFilename": "qt-postgresql-4.6.2-26.el6_4.s390x.rpm", "operator": "lt"}], "description": "Qt is a software toolkit that simplifies the task of writing and\nmaintaining GUI (Graphical User Interface) applications for the X Window\nSystem.\n\nIt was discovered that the QSharedMemory class implementation of the Qt\ntoolkit created shared memory segments with insecure permissions. A local\nattacker could use this flaw to read or alter the contents of a particular\nshared memory segment, possibly leading to their ability to obtain\nsensitive information or influence the behavior of a process that is using\nthe shared memory segment. (CVE-2013-0254)\n\nRed Hat would like to thank the Qt project for reporting this issue.\nUpstream acknowledges Tim Brown and Mark Lowe of Portcullis Computer\nSecurity Ltd. as the original reporters.\n\nUsers of Qt should upgrade to these updated packages, which contain a\nbackported patch to correct this issue. All running applications linked\nagainst Qt libraries must be restarted for this update to take effect.\n", "reporter": "RedHat", "published": "2013-03-21T04:00:00", "type": "redhat", "title": "(RHSA-2013:0669) Moderate: qt security update", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-0254"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:09", "id": "RHSA-2013:0669", "href": "https://access.redhat.com/errata/RHSA-2013:0669", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "oraclelinux": [{"lastseen": "2016-09-04T11:16:45", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-x11-4.6.2-26.el6_4.x86_64.rpm", "packageName": "qt-x11", "arch": "x86_64", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "phonon-backend-gstreamer-4.6.2-26.el6_4.i686.rpm", "packageName": "phonon-backend-gstreamer", "arch": "i686", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "phonon-backend-gstreamer-4.6.2-26.el6_4.i686.rpm", "packageName": "phonon-backend-gstreamer", "arch": "i686", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-examples-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-examples", "arch": "i686", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-postgresql-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-postgresql", "arch": "i686", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-postgresql-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-postgresql", "arch": "i686", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-x11-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-x11", "arch": "i686", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-x11-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-x11", "arch": "i686", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-sqlite-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-sqlite", "arch": "i686", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-sqlite-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-sqlite", "arch": "i686", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-4.6.2-26.el6_4.src.rpm", "packageName": "qt", "arch": "src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-4.6.2-26.el6_4.src.rpm", "packageName": "qt", "arch": "src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "phonon-backend-gstreamer-4.6.2-26.el6_4.x86_64.rpm", "packageName": "phonon-backend-gstreamer", "arch": "x86_64", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-mysql-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-mysql", "arch": "i686", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-mysql-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-mysql", "arch": "i686", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-4.6.2-26.el6_4.i686.rpm", "packageName": "qt", "arch": "i686", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-4.6.2-26.el6_4.i686.rpm", "packageName": "qt", "arch": "i686", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-odbc-4.6.2-26.el6_4.x86_64.rpm", "packageName": "qt-odbc", "arch": "x86_64", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-demos-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-demos", "arch": "i686", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-demos-4.6.2-26.el6_4.x86_64.rpm", "packageName": "qt-demos", "arch": "x86_64", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-devel-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-devel", "arch": "i686", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-devel-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-devel", "arch": "i686", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-sqlite-4.6.2-26.el6_4.x86_64.rpm", "packageName": "qt-sqlite", "arch": "x86_64", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-postgresql-4.6.2-26.el6_4.x86_64.rpm", "packageName": "qt-postgresql", "arch": "x86_64", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-odbc-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-odbc", "arch": "i686", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-odbc-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-odbc", "arch": "i686", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-doc-4.6.2-26.el6_4.noarch.rpm", "packageName": "qt-doc", "arch": "noarch", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-doc-4.6.2-26.el6_4.noarch.rpm", "packageName": "qt-doc", "arch": "noarch", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-devel-4.6.2-26.el6_4.x86_64.rpm", "packageName": "qt-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-examples-4.6.2-26.el6_4.x86_64.rpm", "packageName": "qt-examples", "arch": "x86_64", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-4.6.2-26.el6_4.x86_64.rpm", "packageName": "qt", "arch": "x86_64", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-mysql-4.6.2-26.el6_4.x86_64.rpm", "packageName": "qt-mysql", "arch": "x86_64", "operator": "lt"}], "description": "[1:4.6.2-26]\n- Resolves: CVE-2013-0254, QSharedMemory class created shared memory segments with insecure permissions", "edition": 1, "reporter": "Oracle", "published": "2013-03-21T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "qt security update", "type": "oraclelinux", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0254"], "modified": "2013-03-21T00:00:00", "id": "ELSA-2013-0669", "href": "http://linux.oracle.com/errata/ELSA-2013-0669.html", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:25", "references": ["http://labs.qt.nokia.com/2011/03/29/security-advisory-fraudulent-certificates/", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3193", "https://bugs.gentoo.org/show_bug.cgi?id=382171", "https://bugs.gentoo.org/show_bug.cgi?id=384103", "https://bugs.gentoo.org/show_bug.cgi?id=361401", "https://bugs.gentoo.org/show_bug.cgi?id=455884", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0254", "http://blog.qt.digia.com/2011/09/02/what-the-diginotar-security-breach-means-for-qt-users/"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "4.8.4-r1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "dev-qt/qtgui", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "4.8.4-r2", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "dev-qt/qtcore", "operator": "lt"}], "edition": 1, "description": "### Background\n\nThe Qt toolkit is a comprehensive C++ application development framework.\n\n### Description\n\nMultiple vulnerabilities have been discovered in QtCore and QtGui. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted file with an application linked against QtCore or QtGui, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker might employ a specially crafted certificate to conduct man-in-the-middle attacks on SSL connections. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll QtCore users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-qt/qtcore-4.8.4-r2\"\n \n\nAll QtGui users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-qt/qtgui-4.8.4-r1\"\n \n\nPackages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages.", "reporter": "Gentoo Foundation", "published": "2013-11-22T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "gentoo", "title": "QtCore, QtGui: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0254", "CVE-2011-3193"], "modified": "2013-11-22T00:00:00", "id": "GLSA-201311-14", "href": "https://security.gentoo.org/glsa/201311-14", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-03-29T18:20:49", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0254", "https://people.canonical.com/~ubuntu-security/cve/CVE-2012-6093", "https://people.canonical.com/~ubuntu-security/cve/CVE-2012-5624"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "4:4.8.1-0ubuntu4.4", "arch": "noarch", "packageName": "libqt4-network", "packageFilename": "UNKNOWN", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.10", "packageVersion": "4:4.8.3+dfsg-0ubuntu3.1", "arch": "noarch", "packageName": "libqt4-network", "packageFilename": "UNKNOWN", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "4:4.6.2-0ubuntu5.6", "arch": "noarch", "packageName": "libqt4-network", "packageFilename": "UNKNOWN", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "4:4.6.2-0ubuntu5.6", "arch": "noarch", "packageName": "libqt4-core", "packageFilename": "UNKNOWN", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.10", "packageVersion": "4:4.8.3+dfsg-0ubuntu3.1", "arch": "noarch", "packageName": "libqt4-core", "packageFilename": "UNKNOWN", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.10", "packageVersion": "4:4.7.4-0ubuntu8.3", "arch": "noarch", "packageName": "libqt4-core", "packageFilename": "UNKNOWN", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "4:4.8.1-0ubuntu4.4", "arch": "noarch", "packageName": "libqt4-core", "packageFilename": "UNKNOWN", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.10", "packageVersion": "4:4.7.4-0ubuntu8.3", "arch": "noarch", "packageName": "libqt4-network", "packageFilename": "UNKNOWN", "operator": "lt"}], "description": "Richard J. Moore and Peter Hartmann discovered that Qt allowed redirecting requests from http to file schemes. If an attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. This issue only affected Ubuntu 11.10, Ubuntu 12.04 LTS, and Ubuntu 12.10. (CVE-2012-5624)\n\nStephen Cheng discovered that Qt may report incorrect errors when ssl certificate verification fails. (CVE-2012-6093)\n\nTim Brown and Mark Lowe discovered that Qt incorrectly used weak permissions on shared memory segments. A local attacker could use this issue to view sensitive information, or modify program data belonging to other users. (CVE-2013-0254)", "edition": 1, "reporter": "Ubuntu", "published": "2013-02-14T00:00:00", "title": "Qt vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-0254", "CVE-2012-5624", "CVE-2012-6093"], "modified": "2013-02-14T00:00:00", "href": "https://usn.ubuntu.com/1723-1/", "id": "USN-1723-1", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "debian": [{"lastseen": "2016-09-02T12:56:41", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "6", "packageVersion": "4:4.6.3-4+squeeze3", "arch": "all", "packageFilename": "qt4-x11_4:4.6.3-4+squeeze3_all.deb", "packageName": "qt4-x11", "operator": "lt"}], "description": "This update fixes multiple security issues in the Qt library.\n\n * [CVE-2013-0254](<https://security-tracker.debian.org/tracker/CVE-2013-0254>)\n\nThe QSharedMemory class uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server.\n\n * [CVE-2015-0295](<https://security-tracker.debian.org/tracker/CVE-2015-0295>) / [CVE-2015-1858](<https://security-tracker.debian.org/tracker/CVE-2015-1858>) / [CVE-2015-1859](<https://security-tracker.debian.org/tracker/CVE-2015-1859>) / [CVE-2015-1860](<https://security-tracker.debian.org/tracker/CVE-2015-1860>)\n\nDenial of service (via segmentation faults) through crafted images (BMP, GIF, ICO).", "edition": 1, "reporter": "Debian", "published": "2015-04-30T00:00:00", "title": "qt4-x11 -- LTS security update", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0254", "CVE-2015-1858", "CVE-2015-1859", "CVE-2015-0295", "CVE-2015-1860"], "modified": "2015-04-30T00:00:00", "id": "DLA-210", "href": "http://www.debian.org/security/2015/dla-210", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}}
