{"bulletinFamily": "scanner", "viewCount": 0, "naslFamily": "Ubuntu Local Security Checks", "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "references": ["http://www.ubuntu.com/usn/usn-1723-1/", "1723-1"], "description": "Check for the Version of qt4-x11", "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "85fc01096e8199a5e6dd9f754b4dd352"}, {"key": "cvss", "hash": "3c236091754d2db00c1c42f811b3ada4"}, {"key": "description", "hash": "713a52ec7e1634d247261f612ec90ada"}, {"key": "href", "hash": "928a05c13d3bd1dd4f13fcaae62c0f45"}, {"key": "modified", "hash": "4177cfab30bf9f48767b3f5f7a715513"}, {"key": "naslFamily", "hash": "c9b7d00377a789a14c9bb9dab6c7168c"}, {"key": "pluginID", "hash": "a0f69727a553f460b16357a71c8c8e26"}, {"key": "published", "hash": "29096c7944807b6a6c6ec6e61656dad5"}, {"key": "references", "hash": "b6ec90ce9bc66e205aac16e345443bda"}, {"key": "reporter", "hash": "1a99a5f9a50e5bac3b749d8558d5e46b"}, {"key": "sourceData", "hash": "2df22ed17f66640a50bc028711af54ec"}, {"key": "title", "hash": "1fe35b08e35ddccd2a7d0e4c9192bc6f"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "href": "http://plugins.openvas.org/nasl.php?oid=841319", "modified": "2017-12-01T00:00:00", "objectVersion": "1.3", "enchantments": {"score": {"value": 7.2, "vector": "NONE"}, "vulnersScore": 7.2}, "id": "OPENVAS:841319", "title": "Ubuntu Update for qt4-x11 USN-1723-1", "hash": "f1c50f187c5a13b37aea9b77d0d1e7fd05eba655439a63e22cb21bc6e0ab3dba", "edition": 3, "published": "2013-02-15T00:00:00", "type": "openvas", "history": [{"lastseen": "2017-07-25T10:52:12", "bulletin": {"hash": "45e262e43aba7292d798267b553d8c1b0c62e5c79178b9c264fdf577d3b7c7f2", "viewCount": 0, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "references": ["https://lists.ubuntu.com/archives/ubuntu-security-announce/2013-February/001995.html", "1723-1"], "description": "Check for the Version of qt4-x11", "hashmap": [{"key": "description", "hash": "713a52ec7e1634d247261f612ec90ada"}, {"key": "references", "hash": "9961609a03a791aa1a7a45014f951894"}, {"key": "href", "hash": "928a05c13d3bd1dd4f13fcaae62c0f45"}, {"key": "sourceData", "hash": "f5dceedff5b93b82bfd88e94d1ec6b4e"}, {"key": "cvss", "hash": "3c236091754d2db00c1c42f811b3ada4"}, {"key": "cvelist", "hash": "85fc01096e8199a5e6dd9f754b4dd352"}, {"key": "pluginID", "hash": "a0f69727a553f460b16357a71c8c8e26"}, {"key": "reporter", "hash": "1a99a5f9a50e5bac3b749d8558d5e46b"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}, {"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "published", "hash": "29096c7944807b6a6c6ec6e61656dad5"}, {"key": "naslFamily", "hash": "c9b7d00377a789a14c9bb9dab6c7168c"}, {"key": "title", "hash": "1fe35b08e35ddccd2a7d0e4c9192bc6f"}, {"key": "modified", "hash": "0d134bf170d66438eb1e01173ee0187f"}], "naslFamily": "Ubuntu Local Security Checks", "modified": "2017-07-10T00:00:00", "objectVersion": "1.3", "href": "http://plugins.openvas.org/nasl.php?oid=841319", "published": "2013-02-15T00:00:00", "enchantments": {}, "id": "OPENVAS:841319", "title": "Ubuntu Update for qt4-x11 USN-1723-1", "bulletinFamily": "scanner", "edition": 2, "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for qt4-x11 USN-1723-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Richard J. Moore and Peter Hartmann discovered that Qt allowed redirecting\n requests from http to file schemes. If an attacker were able to perform a\n man-in-the-middle attack, this flaw could be exploited to view sensitive\n information. This issue only affected Ubuntu 11.10, Ubuntu 12.04 LTS,\n and Ubuntu 12.10. (CVE-2012-5624)\n\n Stephen Cheng discovered that Qt may report incorrect errors when ssl\n certificate verification fails. (CVE-2012-6093)\n \n Tim Brown and Mark Lowe discovered that Qt incorrectly used weak\n permissions on shared memory segments. A local attacker could use this\n issue to view sensitive information, or modify program data belonging to\n other users. (CVE-2013-0254)\";\n\n\ntag_affected = \"qt4-x11 on Ubuntu 12.10 ,\n Ubuntu 12.04 LTS ,\n Ubuntu 11.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://lists.ubuntu.com/archives/ubuntu-security-announce/2013-February/001995.html\");\n script_id(841319);\n script_version(\"$Revision: 6644 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:01:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-15 11:25:30 +0530 (Fri, 15 Feb 2013)\");\n script_cve_id(\"CVE-2012-5624\", \"CVE-2012-6093\", \"CVE-2013-0254\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"USN\", value: \"1723-1\");\n script_name(\"Ubuntu Update for qt4-x11 USN-1723-1\");\n\n script_summary(\"Check for the Version of qt4-x11\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-core\", ver:\"4:4.8.1-0ubuntu4.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt4-network\", ver:\"4:4.8.1-0ubuntu4.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-core\", ver:\"4:4.7.4-0ubuntu8.3\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt4-network\", ver:\"4:4.7.4-0ubuntu8.3\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-core\", ver:\"4:4.6.2-0ubuntu5.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt4-network\", ver:\"4:4.6.2-0ubuntu5.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-core\", ver:\"4:4.8.3+dfsg-0ubuntu3.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt4-network\", ver:\"4:4.8.3+dfsg-0ubuntu3.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "type": "openvas", "history": [], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "cvelist": ["CVE-2013-0254", "CVE-2012-5624", "CVE-2012-6093"], "lastseen": "2017-07-25T10:52:12", "pluginID": "841319"}, "differentElements": ["references", "modified", "sourceData"], "edition": 2}, {"lastseen": "2017-07-02T21:11:24", "bulletin": {"hash": "dd49492c691be6c408c1813ba505b84ae3b6888fcedf144e0833dd2f50c9b7d4", "viewCount": 0, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "references": ["https://lists.ubuntu.com/archives/ubuntu-security-announce/2013-February/001995.html", "1723-1"], "description": "Check for the Version of qt4-x11", "hashmap": [{"key": "description", "hash": "713a52ec7e1634d247261f612ec90ada"}, {"key": "references", "hash": "9961609a03a791aa1a7a45014f951894"}, {"key": "href", "hash": "928a05c13d3bd1dd4f13fcaae62c0f45"}, {"key": "cvss", "hash": "3c236091754d2db00c1c42f811b3ada4"}, {"key": "cvelist", "hash": "85fc01096e8199a5e6dd9f754b4dd352"}, {"key": "sourceData", "hash": "2472c4603a7a7fa8df6d8e933961b2f2"}, {"key": "pluginID", "hash": "a0f69727a553f460b16357a71c8c8e26"}, {"key": "reporter", "hash": "1a99a5f9a50e5bac3b749d8558d5e46b"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}, {"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "published", "hash": "29096c7944807b6a6c6ec6e61656dad5"}, {"key": "naslFamily", "hash": "c9b7d00377a789a14c9bb9dab6c7168c"}, {"key": "title", "hash": "1fe35b08e35ddccd2a7d0e4c9192bc6f"}, {"key": "modified", "hash": "7051729c0f7d59754d3ea03444ffd611"}], "naslFamily": "Ubuntu Local Security Checks", "modified": "2016-03-24T00:00:00", "objectVersion": "1.3", "href": "http://plugins.openvas.org/nasl.php?oid=841319", "published": "2013-02-15T00:00:00", "enchantments": {}, "id": "OPENVAS:841319", "title": "Ubuntu Update for qt4-x11 USN-1723-1", "bulletinFamily": "scanner", "edition": 1, "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for qt4-x11 USN-1723-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Richard J. Moore and Peter Hartmann discovered that Qt allowed redirecting\n requests from http to file schemes. If an attacker were able to perform a\n man-in-the-middle attack, this flaw could be exploited to view sensitive\n information. This issue only affected Ubuntu 11.10, Ubuntu 12.04 LTS,\n and Ubuntu 12.10. (CVE-2012-5624)\n\n Stephen Cheng discovered that Qt may report incorrect errors when ssl\n certificate verification fails. (CVE-2012-6093)\n \n Tim Brown and Mark Lowe discovered that Qt incorrectly used weak\n permissions on shared memory segments. A local attacker could use this\n issue to view sensitive information, or modify program data belonging to\n other users. (CVE-2013-0254)\";\n\n\ntag_affected = \"qt4-x11 on Ubuntu 12.10 ,\n Ubuntu 12.04 LTS ,\n Ubuntu 11.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://lists.ubuntu.com/archives/ubuntu-security-announce/2013-February/001995.html\");\n script_id(841319);\n script_version(\"$Revision: 2930 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-03-24 09:09:53 +0100 (Thu, 24 Mar 2016) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-15 11:25:30 +0530 (Fri, 15 Feb 2013)\");\n script_cve_id(\"CVE-2012-5624\", \"CVE-2012-6093\", \"CVE-2013-0254\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"USN\", value: \"1723-1\");\n script_name(\"Ubuntu Update for qt4-x11 USN-1723-1\");\n\n script_summary(\"Check for the Version of qt4-x11\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"login/SSH/success\", \"HostDetails/OS/cpe:/o:canonical:ubuntu_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-core\", ver:\"4:4.8.1-0ubuntu4.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt4-network\", ver:\"4:4.8.1-0ubuntu4.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-core\", ver:\"4:4.7.4-0ubuntu8.3\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt4-network\", ver:\"4:4.7.4-0ubuntu8.3\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-core\", ver:\"4:4.6.2-0ubuntu5.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt4-network\", ver:\"4:4.6.2-0ubuntu5.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-core\", ver:\"4:4.8.3+dfsg-0ubuntu3.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt4-network\", ver:\"4:4.8.3+dfsg-0ubuntu3.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "type": "openvas", "history": [], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "cvelist": ["CVE-2013-0254", "CVE-2012-5624", "CVE-2012-6093"], "lastseen": "2017-07-02T21:11:24", "pluginID": "841319"}, "differentElements": ["modified", "sourceData"], "edition": 1}], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "cvelist": ["CVE-2013-0254", "CVE-2012-5624", "CVE-2012-6093"], "lastseen": "2017-12-04T11:22:26", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1723_1.nasl 7958 2017-12-01 06:47:47Z santu $\n#\n# Ubuntu Update for qt4-x11 USN-1723-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Richard J. Moore and Peter Hartmann discovered that Qt allowed redirecting\n requests from http to file schemes. If an attacker were able to perform a\n man-in-the-middle attack, this flaw could be exploited to view sensitive\n information. This issue only affected Ubuntu 11.10, Ubuntu 12.04 LTS,\n and Ubuntu 12.10. (CVE-2012-5624)\n\n Stephen Cheng discovered that Qt may report incorrect errors when ssl\n certificate verification fails. (CVE-2012-6093)\n \n Tim Brown and Mark Lowe discovered that Qt incorrectly used weak\n permissions on shared memory segments. A local attacker could use this\n issue to view sensitive information, or modify program data belonging to\n other users. (CVE-2013-0254)\";\n\n\ntag_affected = \"qt4-x11 on Ubuntu 12.10 ,\n Ubuntu 12.04 LTS ,\n Ubuntu 11.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1723-1/\");\n script_id(841319);\n script_version(\"$Revision: 7958 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:47:47 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-15 11:25:30 +0530 (Fri, 15 Feb 2013)\");\n script_cve_id(\"CVE-2012-5624\", \"CVE-2012-6093\", \"CVE-2013-0254\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"USN\", value: \"1723-1\");\n script_name(\"Ubuntu Update for qt4-x11 USN-1723-1\");\n\n script_summary(\"Check for the Version of qt4-x11\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-core\", ver:\"4:4.8.1-0ubuntu4.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt4-network\", ver:\"4:4.8.1-0ubuntu4.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-core\", ver:\"4:4.7.4-0ubuntu8.3\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt4-network\", ver:\"4:4.7.4-0ubuntu8.3\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-core\", ver:\"4:4.6.2-0ubuntu5.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt4-network\", ver:\"4:4.6.2-0ubuntu5.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-core\", ver:\"4:4.8.3+dfsg-0ubuntu3.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt4-network\", ver:\"4:4.8.3+dfsg-0ubuntu3.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "pluginID": "841319"}

{"cve": [{"lastseen": "2016-09-03T17:22:21", "references": ["http://www.openwall.com/lists/oss-security/2013/01/04/6", "https://codereview.qt-project.org/#change,42461", "http://www.ubuntu.com/usn/USN-1723-1", "http://lists.opensuse.org/opensuse-updates/2013-01/msg00086.html", "https://bugzilla.redhat.com/show_bug.cgi?id=891955", "http://lists.qt-project.org/pipermail/announce/2013-January/000020.html", "http://lists.opensuse.org/opensuse-updates/2013-01/msg00089.html", "http://qt.gitorious.org/qt/qt/commit/691e78e5061d4cbc0de212d23b06c5dffddf2098%20%284.8%29", "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697582", "http://qt.gitorious.org/qt/qt/commit/3b14dc93cf0ef06f1424d7d6319a1af4505faa53%20%284.7%29", "http://lists.opensuse.org/opensuse-updates/2013-02/msg00014.html"], "edition": 1, "description": "The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an \"incompatible structure layout\" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate.", "reporter": "NVD", "published": "2013-02-24T14:55:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "CVE-2012-6093", "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2012-6093"], "scanner": [], "modified": "2013-02-25T00:00:00", "cpe": ["cpe:/a:digia:qt:4.8.3", "cpe:/a:digia:qt:4.7.4", "cpe:/a:digia:qt:4.8.0", "cpe:/a:digia:qt:4.7.6:rc", "cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/a:digia:qt:4.6.3", "cpe:/o:novell:opensuse:11.4", "cpe:/a:digia:qt:4.8.1", "cpe:/a:digia:qt:4.8.4", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/a:digia:qt:4.6.4", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/a:digia:qt:4.7.1", "cpe:/a:digia:qt:4.6.0", "cpe:/a:digia:qt:4.7.5", "cpe:/a:digia:qt:4.7.3", "cpe:/a:digia:qt:4.6.1", "cpe:/a:digia:qt:4.6.2", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/a:digia:qt:4.7.0", "cpe:/a:digia:qt:4.6.0:rc1", "cpe:/o:novell:opensuse:12.2", "cpe:/a:digia:qt:4.8.2", "cpe:/a:digia:qt:4.6.5:rc", "cpe:/a:digia:qt:4.7.2"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6093", "id": "CVE-2012-6093", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-09-03T17:17:35", "references": ["http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71", "http://lists.qt-project.org/pipermail/announce/2012-November/000014.html", "https://codereview.qt-project.org/#change,40034", "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html", "http://www.ubuntu.com/usn/USN-1723-1", "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html", "http://www.openwall.com/lists/oss-security/2012/12/04/8", "http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html", "https://bugzilla.redhat.com/show_bug.cgi?id=883415"], "edition": 1, "description": "The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application.", "reporter": "NVD", "published": "2013-02-24T14:55:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "cve", "title": "CVE-2012-5624", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2012-5624"], "scanner": [], "modified": "2013-02-26T00:00:00", "cpe": ["cpe:/a:digia:qt:4.7.6", "cpe:/a:digia:qt:4.2.3", "cpe:/a:digia:qt:4.8.3", "cpe:/a:digia:qt:4.7.4", "cpe:/a:digia:qt:4.0.1", "cpe:/a:digia:qt:4.4.3", "cpe:/a:digia:qt:4.8.0", "cpe:/a:digia:qt:4.7.6:rc", "cpe:/a:digia:qt:2.0.2", "cpe:/a:digia:qt:1.43", "cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/a:digia:qt:4.3.1", "cpe:/a:digia:qt:3.3.1", "cpe:/a:digia:qt:4.5.2", "cpe:/a:digia:qt:1.42", "cpe:/a:digia:qt:1.41", "cpe:/a:digia:qt:4.6.3", "cpe:/a:digia:qt:4.3.5", "cpe:/a:digia:qt:4.3.0", "cpe:/a:digia:qt:4.3.2", "cpe:/a:digia:qt:4.1.4", "cpe:/a:digia:qt:3.3.5", "cpe:/a:digia:qt:4.8.1", "cpe:/a:digia:qt:3.3.4", "cpe:/a:digia:qt:4.2.0", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/a:digia:qt:4.3.3", "cpe:/a:digia:qt:4.5.0", "cpe:/a:digia:qt:4.2.1", "cpe:/a:digia:qt:3.3.0", "cpe:/a:digia:qt:3.3.6", "cpe:/a:digia:qt:1.45", "cpe:/a:digia:qt:4.6.4", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/a:digia:qt:2.0.0", "cpe:/a:digia:qt:4.7.1", "cpe:/a:digia:qt:4.6.0", "cpe:/a:digia:qt:4.5.1", "cpe:/a:digia:qt:4.1.5", "cpe:/a:digia:qt:4.5.3", "cpe:/a:digia:qt:4.1.2", "cpe:/a:digia:qt:4.7.5", "cpe:/a:digia:qt:4.4.2", "cpe:/a:digia:qt:4.1.0", "cpe:/a:digia:qt:4.3.4", "cpe:/a:digia:qt:2.0.1", "cpe:/a:digia:qt:4.4.1", "cpe:/a:digia:qt:3.3.3", "cpe:/a:digia:qt:4.1.3", "cpe:/a:digia:qt:4.7.3", "cpe:/a:digia:qt:4.6.1", "cpe:/a:digia:qt:1.44", "cpe:/a:digia:qt:4.1.1", "cpe:/a:digia:qt:4.0.0", "cpe:/a:digia:qt:4.6.2", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/a:digia:qt:4.7.0", "cpe:/a:digia:qt:4.6.0:rc1", "cpe:/a:digia:qt:4.8.2", "cpe:/a:digia:qt:4.6.5:rc", "cpe:/a:digia:qt:3.3.2", "cpe:/a:digia:qt:4.4.0", "cpe:/a:digia:qt:4.6.5", "cpe:/a:digia:qt:4.7.2"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5624", "id": "CVE-2012-5624", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-09-03T17:51:41", "references": ["http://rhn.redhat.com/errata/RHSA-2013-0669.html", "http://lists.opensuse.org/opensuse-updates/2013-03/msg00014.html", "http://lists.opensuse.org/opensuse-updates/2013-03/msg00019.html", "https://bugzilla.redhat.com/show_bug.cgi?id=907425", "http://lists.qt-project.org/pipermail/announce/2013-February/000023.html", "http://lists.opensuse.org/opensuse-updates/2013-03/msg00015.html"], "edition": 1, "description": "The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server.", "reporter": "NVD", "published": "2013-02-06T07:05:43", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "title": "CVE-2013-0254", "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-0254"], "scanner": [], "modified": "2013-05-14T23:34:05", "cpe": ["cpe:/a:digia:qt:4.7.6", "cpe:/a:digia:qt:4.2.3", "cpe:/a:digia:qt:4.8.3", "cpe:/a:digia:qt:4.7.4", "cpe:/a:digia:qt:4.0.1", "cpe:/a:digia:qt:4.4.3", "cpe:/a:digia:qt:4.8.0", "cpe:/a:digia:qt:2.0.2", "cpe:/a:digia:qt:1.43", "cpe:/a:digia:qt:4.3.1", "cpe:/a:digia:qt:3.3.1", "cpe:/a:digia:qt:4.5.2", "cpe:/a:digia:qt:1.42", "cpe:/a:digia:qt:1.41", "cpe:/a:digia:qt:4.6.3", "cpe:/a:digia:qt:4.3.5", "cpe:/a:digia:qt:4.3.0", "cpe:/a:digia:qt:4.3.2", "cpe:/a:digia:qt:4.1.4", "cpe:/a:digia:qt:5.0.1", "cpe:/a:digia:qt:3.3.5", "cpe:/a:digia:qt:4.8.5", "cpe:/a:digia:qt:4.8.1", "cpe:/a:digia:qt:3.3.4", "cpe:/a:digia:qt:4.2.0", "cpe:/a:digia:qt:4.8.4", "cpe:/a:digia:qt:4.3.3", "cpe:/a:digia:qt:4.5.0", "cpe:/a:digia:qt:4.2.1", "cpe:/a:digia:qt:5.0.0", "cpe:/a:digia:qt:3.3.0", "cpe:/a:digia:qt:3.3.6", "cpe:/a:digia:qt:1.45", "cpe:/a:digia:qt:4.6.4", "cpe:/a:digia:qt:2.0.0", "cpe:/a:digia:qt:4.7.1", "cpe:/a:digia:qt:4.6.0", "cpe:/a:digia:qt:4.5.1", "cpe:/a:digia:qt:4.1.5", "cpe:/a:digia:qt:4.5.3", "cpe:/a:digia:qt:4.1.2", "cpe:/a:digia:qt:4.7.5", "cpe:/a:digia:qt:4.4.2", "cpe:/a:digia:qt:4.1.0", "cpe:/a:digia:qt:4.3.4", "cpe:/a:digia:qt:2.0.1", "cpe:/a:digia:qt:4.4.1", "cpe:/a:digia:qt:3.3.3", "cpe:/a:digia:qt:4.1.3", "cpe:/a:digia:qt:4.7.3", "cpe:/a:digia:qt:4.6.1", "cpe:/a:digia:qt:1.44", "cpe:/a:digia:qt:4.1.1", "cpe:/a:digia:qt:4.0.0", "cpe:/a:digia:qt:4.6.2", "cpe:/a:digia:qt:4.7.0", "cpe:/a:digia:qt:4.8.2", "cpe:/a:digia:qt:3.3.2", "cpe:/a:digia:qt:4.4.0", "cpe:/a:digia:qt:4.6.5", "cpe:/a:digia:qt:4.7.2"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0254", "id": "CVE-2013-0254", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:50", "references": ["https://vulners.com/securityvulns/securityvulns:doc:29045"], "description": "Information leakage, incalid SSL error messages.", "edition": 1, "reporter": "BUGTRAQ", "published": "2013-02-18T00:00:00", "title": "Qt multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:50", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "qt", "version": "5.0", "operator": "eq"}, {"name": "qt", "version": "4.8", "operator": "eq"}], "cvelist": ["CVE-2013-0254", "CVE-2012-5624", "CVE-2012-6093"], "modified": "2013-02-18T00:00:00", "id": "SECURITYVULNS:VULN:12890", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12890", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:47", "references": [], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-1723-1\r\nFebruary 14, 2013\r\n\r\nqt4-x11 vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 12.10\r\n- Ubuntu 12.04 LTS\r\n- Ubuntu 11.10\r\n- Ubuntu 10.04 LTS\r\n\r\nSummary:\r\n\r\nSeveral security issues were fixed in Qt.\r\n\r\nSoftware Description:\r\n- qt4-x11: Qt 4 libraries\r\n\r\nDetails:\r\n\r\nRichard J. Moore and Peter Hartmann discovered that Qt allowed redirecting\r\nrequests from http to file schemes. If an attacker were able to perform a\r\nman-in-the-middle attack, this flaw could be exploited to view sensitive\r\ninformation. This issue only affected Ubuntu 11.10, Ubuntu 12.04 LTS,\r\nand Ubuntu 12.10. &#40;CVE-2012-5624&#41;\r\n\r\nStephen Cheng discovered that Qt may report incorrect errors when ssl\r\ncertificate verification fails. &#40;CVE-2012-6093&#41;\r\n\r\nTim Brown and Mark Lowe discovered that Qt incorrectly used weak\r\npermissions on shared memory segments. A local attacker could use this\r\nissue to view sensitive information, or modify program data belonging to\r\nother users. &#40;CVE-2013-0254&#41;\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 12.10:\r\n libqt4-core 4:4.8.3+dfsg-0ubuntu3.1\r\n libqt4-network 4:4.8.3+dfsg-0ubuntu3.1\r\n\r\nUbuntu 12.04 LTS:\r\n libqt4-core 4:4.8.1-0ubuntu4.4\r\n libqt4-network 4:4.8.1-0ubuntu4.4\r\n\r\nUbuntu 11.10:\r\n libqt4-core 4:4.7.4-0ubuntu8.3\r\n libqt4-network 4:4.7.4-0ubuntu8.3\r\n\r\nUbuntu 10.04 LTS:\r\n libqt4-core 4:4.6.2-0ubuntu5.6\r\n libqt4-network 4:4.6.2-0ubuntu5.6\r\n\r\nAfter a standard system update you need to restart your session to make all\r\nthe necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1723-1\r\n CVE-2012-5624, CVE-2012-6093, CVE-2013-0254\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/qt4-x11/4:4.8.3+dfsg-0ubuntu3.1\r\n https://launchpad.net/ubuntu/+source/qt4-x11/4:4.8.1-0ubuntu4.4\r\n https://launchpad.net/ubuntu/+source/qt4-x11/4:4.7.4-0ubuntu8.3\r\n https://launchpad.net/ubuntu/+source/qt4-x11/4:4.6.2-0ubuntu5.6\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2013-02-18T00:00:00", "title": "[USN-1723-1] Qt vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:47", "vector": "NONE", "value": 2.1}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2013-0254", "CVE-2012-5624", "CVE-2012-6093"], "modified": "2013-02-18T00:00:00", "id": "SECURITYVULNS:DOC:29045", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29045", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "nessus": [{"lastseen": "2018-09-02T00:03:52", "references": [], "pluginID": "64638", "description": "Richard J. Moore and Peter Hartmann discovered that Qt allowed redirecting requests from http to file schemes. If an attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. This issue only affected Ubuntu 11.10, Ubuntu 12.04 LTS, and Ubuntu 12.10. (CVE-2012-5624)\n\nStephen Cheng discovered that Qt may report incorrect errors when ssl certificate verification fails. (CVE-2012-6093)\n\nTim Brown and Mark Lowe discovered that Qt incorrectly used weak permissions on shared memory segments. A local attacker could use this issue to view sensitive information, or modify program data belonging to other users. (CVE-2013-0254).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2013-02-15T00:00:00", "title": "Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : qt4-x11 vulnerabilities (USN-1723-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0254", "CVE-2012-5624", "CVE-2012-6093"], "modified": "2018-08-03T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:11.10", "p-cpe:/a:canonical:ubuntu_linux:libqt4-core", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:12.10", "p-cpe:/a:canonical:ubuntu_linux:libqt4-network", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-1723-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=64638", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1723-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64638);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/08/03 12:21:23\");\n\n script_cve_id(\"CVE-2012-5624\", \"CVE-2012-6093\", \"CVE-2013-0254\");\n script_bugtraq_id(56807, 57162, 57772);\n script_xref(name:\"USN\", value:\"1723-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : qt4-x11 vulnerabilities (USN-1723-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Richard J. Moore and Peter Hartmann discovered that Qt allowed\nredirecting requests from http to file schemes. If an attacker were\nable to perform a man-in-the-middle attack, this flaw could be\nexploited to view sensitive information. This issue only affected\nUbuntu 11.10, Ubuntu 12.04 LTS, and Ubuntu 12.10. (CVE-2012-5624)\n\nStephen Cheng discovered that Qt may report incorrect errors when ssl\ncertificate verification fails. (CVE-2012-6093)\n\nTim Brown and Mark Lowe discovered that Qt incorrectly used weak\npermissions on shared memory segments. A local attacker could use this\nissue to view sensitive information, or modify program data belonging\nto other users. (CVE-2013-0254).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libqt4-core and / or libqt4-network packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libqt4-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libqt4-network\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2018 Canonical, Inc. / NASL script (C) 2013-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.04|11\\.10|12\\.04|12\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 11.10 / 12.04 / 12.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libqt4-core\", pkgver:\"4:4.6.2-0ubuntu5.6\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libqt4-network\", pkgver:\"4:4.6.2-0ubuntu5.6\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libqt4-core\", pkgver:\"4:4.7.4-0ubuntu8.3\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libqt4-network\", pkgver:\"4:4.7.4-0ubuntu8.3\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libqt4-core\", pkgver:\"4:4.8.1-0ubuntu4.4\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libqt4-network\", pkgver:\"4:4.8.1-0ubuntu4.4\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"libqt4-core\", pkgver:\"4:4.8.3+dfsg-0ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"libqt4-network\", pkgver:\"4:4.8.3+dfsg-0ubuntu3.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libqt4-core / libqt4-network\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-02T00:10:29", "references": ["http://support.novell.com/security/cve/CVE-2013-0254.html", "https://bugzilla.novell.com/show_bug.cgi?id=802634", "http://support.novell.com/security/cve/CVE-2012-6093.html", "https://bugzilla.novell.com/show_bug.cgi?id=784197", "https://bugzilla.novell.com/show_bug.cgi?id=797006"], "pluginID": "65567", "description": "libqt4 has been updated to fix several security issues.\n\n - An information disclosure via QSharedMemory was fixed which allowed local attackers to read information (e.g.\n bitmap content) from the attacked user. (CVE-2013-0254)\n\n - openssl-incompatibility-fix.diff: Fix wrong error reporting when using a binary incompatible version of openSSL. (bnc#797006, CVE-2012-6093)\n\n - Various compromised SSL root certificates were blacklisted. Also a non-security bugfix has been applied :\n\n - Add fix for qdbusviewer not matching args (bnc#784197)", "edition": 4, "reporter": "Tenable", "published": "2013-03-15T00:00:00", "title": "SuSE 11.2 Security Update : libqt4 (SAT Patch Number 7441)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0254", "CVE-2012-6093"], "modified": "2013-10-25T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:libqt4-x11", "p-cpe:/a:novell:suse_linux:11:libqt4-sql-unixODBC", "p-cpe:/a:novell:suse_linux:11:libqt4-sql-mysql", "p-cpe:/a:novell:suse_linux:11:libqt4-sql-mysql-32bit", "p-cpe:/a:novell:suse_linux:11:libqt4-sql-32bit", "p-cpe:/a:novell:suse_linux:11:libqt4-sql-sqlite", "p-cpe:/a:novell:suse_linux:11:libQtWebKit4", "p-cpe:/a:novell:suse_linux:11:libqt4-sql-postgresql-32bit", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:libqt4-sql-postgresql", "p-cpe:/a:novell:suse_linux:11:libqt4-32bit", "p-cpe:/a:novell:suse_linux:11:libqt4-qt3support", "p-cpe:/a:novell:suse_linux:11:qt4-x11-tools", "p-cpe:/a:novell:suse_linux:11:libqt4", "p-cpe:/a:novell:suse_linux:11:libqt4-qt3support-32bit", "p-cpe:/a:novell:suse_linux:11:libQtWebKit4-32bit", "p-cpe:/a:novell:suse_linux:11:libqt4-sql-sqlite-32bit", "p-cpe:/a:novell:suse_linux:11:libqt4-sql-unixODBC-32bit", "p-cpe:/a:novell:suse_linux:11:libqt4-x11-32bit", "p-cpe:/a:novell:suse_linux:11:libqt4-sql"], "id": "SUSE_11_LIBQTWEBKIT-DEVEL-130301.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=65567", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65567);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2013/10/25 23:52:01 $\");\n\n script_cve_id(\"CVE-2012-6093\", \"CVE-2013-0254\");\n\n script_name(english:\"SuSE 11.2 Security Update : libqt4 (SAT Patch Number 7441)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libqt4 has been updated to fix several security issues.\n\n - An information disclosure via QSharedMemory was fixed\n which allowed local attackers to read information (e.g.\n bitmap content) from the attacked user. (CVE-2013-0254)\n\n - openssl-incompatibility-fix.diff: Fix wrong error\n reporting when using a binary incompatible version of\n openSSL. (bnc#797006, CVE-2012-6093)\n\n - Various compromised SSL root certificates were\n blacklisted. Also a non-security bugfix has been \napplied :\n\n - Add fix for qdbusviewer not matching args (bnc#784197)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=784197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=797006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=802634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-6093.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0254.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 7441.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libQtWebKit4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libQtWebKit4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-qt3support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-qt3support-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-sql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-sql-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-sql-mysql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-sql-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-sql-postgresql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-sql-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-sql-sqlite-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-sql-unixODBC\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-sql-unixODBC-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-x11-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:qt4-x11-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, \"SuSE 11.2\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"libQtWebKit4-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"libqt4-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"libqt4-qt3support-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"libqt4-sql-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"libqt4-sql-mysql-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"libqt4-sql-postgresql-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"libqt4-sql-sqlite-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"libqt4-sql-unixODBC-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"libqt4-x11-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libQtWebKit4-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libQtWebKit4-32bit-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-32bit-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-qt3support-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-qt3support-32bit-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-sql-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-sql-32bit-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-sql-mysql-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-sql-mysql-32bit-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-sql-postgresql-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-sql-postgresql-32bit-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-sql-sqlite-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-sql-sqlite-32bit-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-sql-unixODBC-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-sql-unixODBC-32bit-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-x11-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-x11-32bit-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"libQtWebKit4-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"libqt4-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"libqt4-qt3support-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"libqt4-sql-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"libqt4-sql-mysql-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"libqt4-sql-sqlite-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"libqt4-x11-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"qt4-x11-tools-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"libQtWebKit4-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"libQtWebKit4-32bit-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-32bit-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-qt3support-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-qt3support-32bit-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-sql-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-sql-32bit-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-sql-mysql-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-sql-sqlite-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-x11-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"libqt4-x11-32bit-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"qt4-x11-tools-4.6.3-5.20.23.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:51:40", "references": ["http://support.novell.com/security/cve/CVE-2013-0254.html", "https://bugzilla.novell.com/show_bug.cgi?id=802634", "http://support.novell.com/security/cve/CVE-2012-6093.html", "https://bugzilla.novell.com/show_bug.cgi?id=784197", "https://bugzilla.novell.com/show_bug.cgi?id=797006"], "pluginID": "65568", "description": "libqt4 has been updated to fix several security issues.\n\n - An information disclosure via QSharedMemory was fixed which allowed local attackers to read information (e.g.\n bitmap content) from the attacked user. (CVE-2013-0254)\n\n - openssl-incompatibility-fix.diff: Fix wrong error reporting when using a binary incompatible version of openSSL. (bnc#797006, CVE-2012-6093)\n\n - Various compromised SSL root certificates were blacklisted. Also a non-security bugfix has been applied :\n\n - Add fix for qdbusviewer not matching args (bnc#784197)", "edition": 4, "reporter": "Tenable", "published": "2013-03-15T00:00:00", "title": "SuSE 11.2 Security Update : libqt4 (SAT Patch Number 7441)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0254", "CVE-2012-6093"], "modified": "2013-10-25T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:libqt4-x11", "p-cpe:/a:novell:suse_linux:11:libqt4-sql-mysql", "p-cpe:/a:novell:suse_linux:11:libqt4-sql-32bit", "p-cpe:/a:novell:suse_linux:11:libqt4-sql-sqlite", "p-cpe:/a:novell:suse_linux:11:libQtWebKit4", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:libqt4-32bit", "p-cpe:/a:novell:suse_linux:11:libqt4-qt3support", "p-cpe:/a:novell:suse_linux:11:qt4-x11-tools", "p-cpe:/a:novell:suse_linux:11:libqt4", "p-cpe:/a:novell:suse_linux:11:libqt4-qt3support-32bit", "p-cpe:/a:novell:suse_linux:11:libQtWebKit4-32bit", "p-cpe:/a:novell:suse_linux:11:libqt4-x11-32bit", "p-cpe:/a:novell:suse_linux:11:libqt4-sql"], "id": "SUSE_11_LIBQTWEBKIT-DEVEL-130302.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=65568", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65568);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2013/10/25 23:52:01 $\");\n\n script_cve_id(\"CVE-2012-6093\", \"CVE-2013-0254\");\n\n script_name(english:\"SuSE 11.2 Security Update : libqt4 (SAT Patch Number 7441)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libqt4 has been updated to fix several security issues.\n\n - An information disclosure via QSharedMemory was fixed\n which allowed local attackers to read information (e.g.\n bitmap content) from the attacked user. (CVE-2013-0254)\n\n - openssl-incompatibility-fix.diff: Fix wrong error\n reporting when using a binary incompatible version of\n openSSL. (bnc#797006, CVE-2012-6093)\n\n - Various compromised SSL root certificates were\n blacklisted. Also a non-security bugfix has been \napplied :\n\n - Add fix for qdbusviewer not matching args (bnc#784197)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=784197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=797006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=802634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-6093.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0254.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 7441.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libQtWebKit4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libQtWebKit4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-qt3support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-qt3support-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-sql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-sql-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-sql-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-x11-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:qt4-x11-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, \"SuSE 11.2\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"libQtWebKit4-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"libQtWebKit4-32bit-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"libqt4-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"libqt4-32bit-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"libqt4-qt3support-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"libqt4-qt3support-32bit-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"libqt4-sql-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"libqt4-sql-32bit-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"libqt4-sql-mysql-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"libqt4-sql-sqlite-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"libqt4-x11-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"libqt4-x11-32bit-4.6.3-5.20.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"qt4-x11-tools-4.6.3-5.20.23.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:34:08", "references": ["http://www.nessus.org/u?321247b7", "http://www.nessus.org/u?60074156", "https://bugzilla.redhat.com/show_bug.cgi?id=891955", "http://www.nessus.org/u?712b48d2"], "pluginID": "63509", "description": "This build fixes a security issues :\n\n - QSslSocket may report incorrect errors when certificate verification fails. For more information:\n http://lists.qt-project.org/pipermail/announce/2013-Janu ary/000020.html\n\n - blacklists unauthorized SSL certificates by Turktrust.\n For more information:\n http://lists.qt-project.org/pipermail/announce/2013-Janu ary/000021.html\n\nThis build also produces a new qt-designer-plugin-webkit subpackage containing QtWebKit designer plugin.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2013-01-14T00:00:00", "title": "Fedora 17 : qt-4.8.4-6.fc17 (2013-0277)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6093"], "modified": "2015-10-19T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:qt", "cpe:/o:fedoraproject:fedora:17"], "id": "FEDORA_2013-0277.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=63509", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-0277.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63509);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2015/10/19 21:02:56 $\");\n\n script_cve_id(\"CVE-2012-6093\");\n script_bugtraq_id(57162);\n script_xref(name:\"FEDORA\", value:\"2013-0277\");\n\n script_name(english:\"Fedora 17 : qt-4.8.4-6.fc17 (2013-0277)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This build fixes a security issues :\n\n - QSslSocket may report incorrect errors when certificate\n verification fails. For more information:\n http://lists.qt-project.org/pipermail/announce/2013-Janu\n ary/000020.html\n\n - blacklists unauthorized SSL certificates by Turktrust.\n For more information:\n http://lists.qt-project.org/pipermail/announce/2013-Janu\n ary/000021.html\n\nThis build also produces a new qt-designer-plugin-webkit subpackage\ncontaining QtWebKit designer plugin.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://lists.qt-project.org/pipermail/announce/2013-January/000020.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?712b48d2\"\n );\n # http://lists.qt-project.org/pipermail/announce/2013-January/000021.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?60074156\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=891955\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-January/096444.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?321247b7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qt package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:qt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"qt-4.8.4-6.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-02T00:00:03", "references": ["http://www.nessus.org/u?60074156", "https://bugzilla.redhat.com/show_bug.cgi?id=891955", "http://www.nessus.org/u?712b48d2", "http://www.nessus.org/u?ff42639d"], "pluginID": "63649", "description": "This build fixes a security issues :\n\n - QSslSocket may report incorrect errors when certificate verification fails. For more information:\n http://lists.qt-project.org/pipermail/announce/2013-Janu ary/000020.html\n\n - blacklists unauthorized SSL certificates by Turktrust.\n For more information:\n http://lists.qt-project.org/pipermail/announce/2013-Janu ary/000021.html\n\nThis build also produces a new qt-designer-plugin-webkit subpackage containing QtWebKit designer plugin.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2013-01-23T00:00:00", "title": "Fedora 18 : qt-4.8.4-6.fc18 (2013-0199)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6093"], "modified": "2015-10-19T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:qt"], "id": "FEDORA_2013-0199.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=63649", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-0199.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63649);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2015/10/19 21:02:55 $\");\n\n script_cve_id(\"CVE-2012-6093\");\n script_bugtraq_id(57162);\n script_xref(name:\"FEDORA\", value:\"2013-0199\");\n\n script_name(english:\"Fedora 18 : qt-4.8.4-6.fc18 (2013-0199)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This build fixes a security issues :\n\n - QSslSocket may report incorrect errors when certificate\n verification fails. For more information:\n http://lists.qt-project.org/pipermail/announce/2013-Janu\n ary/000020.html\n\n - blacklists unauthorized SSL certificates by Turktrust.\n For more information:\n http://lists.qt-project.org/pipermail/announce/2013-Janu\n ary/000021.html\n\nThis build also produces a new qt-designer-plugin-webkit subpackage\ncontaining QtWebKit designer plugin.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://lists.qt-project.org/pipermail/announce/2013-January/000020.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?712b48d2\"\n );\n # http://lists.qt-project.org/pipermail/announce/2013-January/000021.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?60074156\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=891955\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-January/097266.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ff42639d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qt package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:qt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"qt-4.8.4-6.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:39:38", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=784197", "https://bugzilla.novell.com/show_bug.cgi?id=797006", "http://lists.opensuse.org/opensuse-updates/2013-02/msg00014.html"], "pluginID": "75211", "description": "libqt4 was updated to fix various issues regarding to SSL and certificates.\n\n - various more compromised SSL root and intermediate certificates were blacklisted\n\n - Fix wrong error reporting when using a binary incompatible version of openSSL (bnc#797006, CVE-2012-6093)\n\nBugfixes done :\n\n - enable linked support for OpenSSL\n\n - Add fix for qdbusviewer not matching args (bnc#784197)", "edition": 4, "reporter": "Tenable", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : libqt4 (openSUSE-SU-2013:0256-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6093"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-x11", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite", "p-cpe:/a:novell:opensuse:libqt4-sql-mysql", "p-cpe:/a:novell:opensuse:libqt4-sql-postgresql", "p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-mysql-32bit", "p-cpe:/a:novell:opensuse:libqt4-debugsource", "p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC", "p-cpe:/a:novell:opensuse:qt4-qtscript", "p-cpe:/a:novell:opensuse:qt4-x11-tools", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-devel-doc-debuginfo", "p-cpe:/a:novell:opensuse:qt4-qtscript-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-devel", "p-cpe:/a:novell:opensuse:libqt4-qt3support-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql", "p-cpe:/a:novell:opensuse:qt4-x11-tools-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-private-headers-devel", "p-cpe:/a:novell:opensuse:libqt4-sql-mysql-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-32bit", "p-cpe:/a:novell:opensuse:libqt4-devel-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-devel-doc-data", "p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-x11-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-32bit", "p-cpe:/a:novell:opensuse:libqt4", "p-cpe:/a:novell:opensuse:libqt4-devel-doc-debugsource", "p-cpe:/a:novell:opensuse:libqt4-sql-32bit", "p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-qt3support", "cpe:/o:novell:opensuse:12.2", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-mysql-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-plugins-debugsource"], "id": "OPENSUSE-2013-89.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75211", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-89.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75211);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/06/13 21:24:48 $\");\n\n script_cve_id(\"CVE-2012-6093\");\n\n script_name(english:\"openSUSE Security Update : libqt4 (openSUSE-SU-2013:0256-1)\");\n script_summary(english:\"Check for the openSUSE-2013-89 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libqt4 was updated to fix various issues regarding to SSL and\ncertificates.\n\n - various more compromised SSL root and intermediate\n certificates were blacklisted\n\n - Fix wrong error reporting when using a binary\n incompatible version of openSSL (bnc#797006,\n CVE-2012-6093)\n\nBugfixes done :\n\n - enable linked support for OpenSSL\n\n - Add fix for qdbusviewer not matching args (bnc#784197)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2013-02/msg00014.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=784197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=797006\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libqt4 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-doc-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-doc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-doc-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-mysql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-mysql-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-plugins-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt4-qtscript\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt4-qtscript-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt4-x11-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt4-x11-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-4.8.1-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-debuginfo-4.8.1-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-debugsource-4.8.1-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-devel-4.8.1-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-devel-debuginfo-4.8.1-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-devel-doc-data-4.8.1-2.12.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-devel-doc-debuginfo-4.8.1-2.12.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-devel-doc-debugsource-4.8.1-2.12.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-private-headers-devel-4.8.1-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-qt3support-4.8.1-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-qt3support-debuginfo-4.8.1-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-sql-4.8.1-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-sql-debuginfo-4.8.1-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-sql-mysql-4.8.1-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-sql-mysql-debuginfo-4.8.1-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-sql-plugins-debugsource-4.8.1-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-sql-postgresql-4.8.1-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-sql-postgresql-debuginfo-4.8.1-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-sql-sqlite-4.8.1-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-sql-sqlite-debuginfo-4.8.1-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-sql-unixODBC-4.8.1-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-sql-unixODBC-debuginfo-4.8.1-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-x11-4.8.1-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-x11-debuginfo-4.8.1-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"qt4-qtscript-0.2.0-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"qt4-qtscript-debuginfo-0.2.0-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"qt4-x11-tools-4.8.1-2.12.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"qt4-x11-tools-debuginfo-4.8.1-2.12.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-32bit-4.8.1-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-debuginfo-32bit-4.8.1-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-qt3support-32bit-4.8.1-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-qt3support-debuginfo-32bit-4.8.1-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-sql-32bit-4.8.1-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-sql-debuginfo-32bit-4.8.1-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-sql-mysql-32bit-4.8.1-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-sql-mysql-debuginfo-32bit-4.8.1-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-sql-postgresql-32bit-4.8.1-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-sql-postgresql-debuginfo-32bit-4.8.1-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-sql-sqlite-32bit-4.8.1-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-sql-sqlite-debuginfo-32bit-4.8.1-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-sql-unixODBC-32bit-4.8.1-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-sql-unixODBC-debuginfo-32bit-4.8.1-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-x11-32bit-4.8.1-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-x11-debuginfo-32bit-4.8.1-2.12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libqt4\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-02T00:08:01", "references": ["http://www.nessus.org/u?60074156", "https://bugzilla.redhat.com/show_bug.cgi?id=891955", "http://www.nessus.org/u?712b48d2", "http://www.nessus.org/u?da8c2281"], "pluginID": "64084", "description": "This build fixes a security issues :\n\n - QSslSocket may report incorrect errors when certificate verification fails. For more information:\n http://lists.qt-project.org/pipermail/announce/2013-Janu ary/000020.html\n\n - blacklists unauthorized SSL certificates by Turktrust.\n For more information:\n http://lists.qt-project.org/pipermail/announce/2013-Janu ary/000021.html\n\nThis build also produces a new qt-designer-plugin-webkit subpackage containing QtWebKit designer plugin.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2013-01-25T00:00:00", "title": "Fedora 16 : qt-4.8.4-6.fc16 (2013-0270)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6093"], "modified": "2015-10-19T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:qt", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2013-0270.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=64084", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-0270.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64084);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2015/10/19 21:02:56 $\");\n\n script_cve_id(\"CVE-2012-6093\");\n script_bugtraq_id(57162);\n script_xref(name:\"FEDORA\", value:\"2013-0270\");\n\n script_name(english:\"Fedora 16 : qt-4.8.4-6.fc16 (2013-0270)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This build fixes a security issues :\n\n - QSslSocket may report incorrect errors when certificate\n verification fails. For more information:\n http://lists.qt-project.org/pipermail/announce/2013-Janu\n ary/000020.html\n\n - blacklists unauthorized SSL certificates by Turktrust.\n For more information:\n http://lists.qt-project.org/pipermail/announce/2013-Janu\n ary/000021.html\n\nThis build also produces a new qt-designer-plugin-webkit subpackage\ncontaining QtWebKit designer plugin.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://lists.qt-project.org/pipermail/announce/2013-January/000020.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?712b48d2\"\n );\n # http://lists.qt-project.org/pipermail/announce/2013-January/000021.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?60074156\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=891955\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-January/097445.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?da8c2281\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qt package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:qt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"qt-4.8.4-6.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:34:20", "references": ["http://lists.opensuse.org/opensuse-updates/2013-01/msg00086.html", "https://bugzilla.novell.com/show_bug.cgi?id=797006"], "pluginID": "75062", "description": "- Add cert-blacklist-more.diff, cert-blacklist-tuerktrust.diff :\n\n - blacklist more evil certificates\n\n - Add weak-ssl-certificates.diff :\n\n - blacklist weak certificates\n\n - enable linked support for OpenSSL\n\n - openssl-incompatibility-fix.diff: Fix wrong error reporting when using a binary incompatible version of openSSL (bnc#797006, CVE-2012-6093)", "edition": 4, "reporter": "Tenable", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : libqt4 (openSUSE-SU-2013:0204-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6093"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-x11", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite", "p-cpe:/a:novell:opensuse:libqt4-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-debugsource", "cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-devel", "p-cpe:/a:novell:opensuse:libqt4-qt3support-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql", "p-cpe:/a:novell:opensuse:libqt4-private-headers-devel", "p-cpe:/a:novell:opensuse:libqt4-devel-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-x11-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-32bit", "p-cpe:/a:novell:opensuse:libqt4", "p-cpe:/a:novell:opensuse:libqt4-sql-32bit", "p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-qt3support", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-32bit"], "id": "OPENSUSE-2013-53.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75062", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-53.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75062);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/06/13 21:24:48 $\");\n\n script_cve_id(\"CVE-2012-6093\");\n\n script_name(english:\"openSUSE Security Update : libqt4 (openSUSE-SU-2013:0204-1)\");\n script_summary(english:\"Check for the openSUSE-2013-53 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Add cert-blacklist-more.diff,\n cert-blacklist-tuerktrust.diff :\n\n - blacklist more evil certificates\n\n - Add weak-ssl-certificates.diff :\n\n - blacklist weak certificates\n\n - enable linked support for OpenSSL\n\n - openssl-incompatibility-fix.diff: Fix wrong error\n reporting when using a binary incompatible version of\n openSSL (bnc#797006, CVE-2012-6093)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2013-01/msg00086.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=797006\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libqt4 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libqt4-4.7.4-19.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libqt4-debuginfo-4.7.4-19.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libqt4-debugsource-4.7.4-19.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libqt4-devel-4.7.4-19.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libqt4-devel-debuginfo-4.7.4-19.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libqt4-private-headers-devel-4.7.4-19.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libqt4-qt3support-4.7.4-19.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libqt4-qt3support-debuginfo-4.7.4-19.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libqt4-sql-4.7.4-19.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libqt4-sql-debuginfo-4.7.4-19.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libqt4-sql-sqlite-4.7.4-19.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libqt4-sql-sqlite-debuginfo-4.7.4-19.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libqt4-x11-4.7.4-19.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libqt4-x11-debuginfo-4.7.4-19.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libqt4-32bit-4.7.4-19.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libqt4-debuginfo-32bit-4.7.4-19.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libqt4-qt3support-32bit-4.7.4-19.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libqt4-qt3support-debuginfo-32bit-4.7.4-19.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libqt4-sql-32bit-4.7.4-19.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libqt4-sql-debuginfo-32bit-4.7.4-19.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libqt4-sql-sqlite-32bit-4.7.4-19.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libqt4-sql-sqlite-debuginfo-32bit-4.7.4-19.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libqt4-x11-32bit-4.7.4-19.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libqt4-x11-debuginfo-32bit-4.7.4-19.17.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libqt4-32bit / libqt4 / libqt4-debuginfo-32bit / libqt4-debuginfo / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-02T00:11:33", "references": ["http://www.nessus.org/u?7c53812c", "http://www.nessus.org/u?6e98a168", "http://blog.qt.digia.com/blog/2012/11/29/qt-4-8-4-released/", "https://bugzilla.redhat.com/show_bug.cgi?id=883415"], "pluginID": "63214", "description": "New bugfix release, see also:\nhttp://blog.qt.digia.com/blog/2012/11/29/qt-4-8-4-released/\n\nThis release also includes a security fix for: QML XmlHttpRequest Insecure Redirection http://lists.qt-project.org/pipermail/announce/2012-November/000014.ht ml\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2012-12-11T00:00:00", "title": "Fedora 18 : qt-4.8.4-1.fc18 (2012-19673)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5624"], "modified": "2016-05-09T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:qt"], "id": "FEDORA_2012-19673.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=63214", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-19673.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63214);\n script_version(\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2016/05/09 15:27:59 $\");\n\n script_cve_id(\"CVE-2012-5624\");\n script_bugtraq_id(56807);\n script_xref(name:\"FEDORA\", value:\"2012-19673\");\n\n script_name(english:\"Fedora 18 : qt-4.8.4-1.fc18 (2012-19673)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New bugfix release, see also:\nhttp://blog.qt.digia.com/blog/2012/11/29/qt-4-8-4-released/\n\nThis release also includes a security fix for: QML XmlHttpRequest\nInsecure Redirection\nhttp://lists.qt-project.org/pipermail/announce/2012-November/000014.ht\nml\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://blog.qt.digia.com/blog/2012/11/29/qt-4-8-4-released/\"\n );\n # http://lists.qt-project.org/pipermail/announce/2012-November/000014.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7c53812c\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=883415\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-December/094325.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6e98a168\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qt package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:qt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/12/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"qt-4.8.4-1.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-02T00:06:08", "references": ["http://www.nessus.org/u?7c53812c", "http://www.nessus.org/u?5a3f2faa", "http://blog.qt.digia.com/blog/2012/11/29/qt-4-8-4-released/", "https://bugzilla.redhat.com/show_bug.cgi?id=883415"], "pluginID": "63254", "description": "New bugfix release, see also:\nhttp://blog.qt.digia.com/blog/2012/11/29/qt-4-8-4-released/\n\nThis release also includes a security fix for: QML XmlHttpRequest Insecure Redirection http://lists.qt-project.org/pipermail/announce/2012-November/000014.ht ml\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2012-12-13T00:00:00", "title": "Fedora 17 : qt-4.8.4-1.fc17 (2012-19759)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5624"], "modified": "2016-05-09T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:qt", "cpe:/o:fedoraproject:fedora:17"], "id": "FEDORA_2012-19759.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=63254", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-19759.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63254);\n script_version(\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2016/05/09 15:27:59 $\");\n\n script_cve_id(\"CVE-2012-5624\");\n script_bugtraq_id(56807);\n script_xref(name:\"FEDORA\", value:\"2012-19759\");\n\n script_name(english:\"Fedora 17 : qt-4.8.4-1.fc17 (2012-19759)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New bugfix release, see also:\nhttp://blog.qt.digia.com/blog/2012/11/29/qt-4-8-4-released/\n\nThis release also includes a security fix for: QML XmlHttpRequest\nInsecure Redirection\nhttp://lists.qt-project.org/pipermail/announce/2012-November/000014.ht\nml\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://blog.qt.digia.com/blog/2012/11/29/qt-4-8-4-released/\"\n );\n # http://lists.qt-project.org/pipermail/announce/2012-November/000014.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7c53812c\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=883415\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-December/094633.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5a3f2faa\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qt package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:qt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"qt-4.8.4-1.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "openvas": [{"lastseen": "2018-09-01T23:56:18", "references": ["http://www.ubuntu.com/usn/usn-1723-1/", "1723-1"], "pluginID": "1361412562310841319", "description": "Check for the Version of qt4-x11", "edition": 6, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-02-15T00:00:00", "title": "Ubuntu Update for qt4-x11 USN-1723-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0254", "CVE-2012-5624", "CVE-2012-6093"], "modified": "2018-08-17T00:00:00", "id": "OPENVAS:1361412562310841319", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841319", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1723_1.nasl 11037 2018-08-17 11:51:16Z cfischer $\n#\n# Ubuntu Update for qt4-x11 USN-1723-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\n\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1723-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841319\");\n script_version(\"$Revision: 11037 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-17 13:51:16 +0200 (Fri, 17 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-15 11:25:30 +0530 (Fri, 15 Feb 2013)\");\n script_cve_id(\"CVE-2012-5624\", \"CVE-2012-6093\", \"CVE-2013-0254\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"USN\", value:\"1723-1\");\n script_name(\"Ubuntu Update for qt4-x11 USN-1723-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of qt4-x11\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(12\\.04 LTS|11\\.10|10\\.04 LTS|12\\.10)\");\n script_tag(name:\"affected\", value:\"qt4-x11 on Ubuntu 12.10,\n Ubuntu 12.04 LTS,\n Ubuntu 11.10,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Richard J. Moore and Peter Hartmann discovered that Qt allowed redirecting\n requests from http to file schemes. If an attacker were able to perform a\n man-in-the-middle attack, this flaw could be exploited to view sensitive\n information. This issue only affected Ubuntu 11.10, Ubuntu 12.04 LTS,\n and Ubuntu 12.10. (CVE-2012-5624)\n\n Stephen Cheng discovered that Qt may report incorrect errors when ssl\n certificate verification fails. (CVE-2012-6093)\n\n Tim Brown and Mark Lowe discovered that Qt incorrectly used weak\n permissions on shared memory segments. A local attacker could use this\n issue to view sensitive information, or modify program data belonging to\n other users. (CVE-2013-0254)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-core\", ver:\"4:4.8.1-0ubuntu4.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt4-network\", ver:\"4:4.8.1-0ubuntu4.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-core\", ver:\"4:4.7.4-0ubuntu8.3\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt4-network\", ver:\"4:4.7.4-0ubuntu8.3\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-core\", ver:\"4:4.6.2-0ubuntu5.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt4-network\", ver:\"4:4.6.2-0ubuntu5.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-core\", ver:\"4:4.8.3+dfsg-0ubuntu3.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt4-network\", ver:\"4:4.8.3+dfsg-0ubuntu3.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-25T10:51:30", "references": ["2013-0199", "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097266.html"], "pluginID": "865223", "description": "Check for the Version of qt", "edition": 2, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-01-24T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for qt FEDORA-2013-0199", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6093"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=865223", "id": "OPENVAS:865223", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt FEDORA-2013-0199\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Qt is a software toolkit for developing applications.\n\n This package contains base tools, like string, xml, and network\n handling.\";\n\n\ntag_affected = \"qt on Fedora 18\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097266.html\");\n script_id(865223);\n script_version(\"$Revision: 6628 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:32:47 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-24 09:24:27 +0530 (Thu, 24 Jan 2013)\");\n script_cve_id(\"CVE-2012-6093\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2013-0199\");\n script_name(\"Fedora Update for qt FEDORA-2013-0199\");\n\n script_summary(\"Check for the Version of qt\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt\", rpm:\"qt~4.8.4~6.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:55:58", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2013-January/096444.html", "2013-0277"], "pluginID": "1361412562310864991", "description": "Check for the Version of qt", "edition": 4, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-01-15T00:00:00", "title": "Fedora Update for qt FEDORA-2013-0277", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6093"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310864991", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864991", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt FEDORA-2013-0277\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Qt is a software toolkit for developing applications.\n\n This package contains base tools, like string, xml, and network\n handling.\";\n\n\ntag_affected = \"qt on Fedora 17\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/096444.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864991\");\n script_version(\"$Revision: 9372 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:56:37 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-15 18:05:52 +0530 (Tue, 15 Jan 2013)\");\n script_cve_id(\"CVE-2012-6093\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2013-0277\");\n script_name(\"Fedora Update for qt FEDORA-2013-0277\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of qt\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt\", rpm:\"qt~4.8.4~6.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-25T10:51:49", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2013-January/096444.html", "2013-0277"], "pluginID": "864991", "description": "Check for the Version of qt", "edition": 2, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-01-15T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for qt FEDORA-2013-0277", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6093"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=864991", "id": "OPENVAS:864991", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt FEDORA-2013-0277\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Qt is a software toolkit for developing applications.\n\n This package contains base tools, like string, xml, and network\n handling.\";\n\n\ntag_affected = \"qt on Fedora 17\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/096444.html\");\n script_id(864991);\n script_version(\"$Revision: 6628 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:32:47 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-15 18:05:52 +0530 (Tue, 15 Jan 2013)\");\n script_cve_id(\"CVE-2012-6093\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2013-0277\");\n script_name(\"Fedora Update for qt FEDORA-2013-0277\");\n\n script_summary(\"Check for the Version of qt\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt\", rpm:\"qt~4.8.4~6.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:55:56", "references": ["2013-0199", "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097266.html"], "pluginID": "1361412562310865223", "description": "Check for the Version of qt", "edition": 4, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-01-24T00:00:00", "title": "Fedora Update for qt FEDORA-2013-0199", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6093"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310865223", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865223", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt FEDORA-2013-0199\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Qt is a software toolkit for developing applications.\n\n This package contains base tools, like string, xml, and network\n handling.\";\n\n\ntag_affected = \"qt on Fedora 18\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097266.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865223\");\n script_version(\"$Revision: 9372 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:56:37 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-24 09:24:27 +0530 (Thu, 24 Jan 2013)\");\n script_cve_id(\"CVE-2012-6093\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2013-0199\");\n script_name(\"Fedora Update for qt FEDORA-2013-0199\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of qt\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt\", rpm:\"qt~4.8.4~6.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-02T10:56:32", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094633.html", "2012-19759"], "pluginID": "864938", "description": "Check for the Version of qt", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-12-14T00:00:00", "title": "Fedora Update for qt FEDORA-2012-19759", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5624"], "modified": "2018-01-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=864938", "id": "OPENVAS:864938", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt FEDORA-2012-19759\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Qt is a software toolkit for developing applications.\n\n This package contains base tools, like string, xml, and network\n handling.\";\n\ntag_affected = \"qt on Fedora 17\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094633.html\");\n script_id(864938);\n script_version(\"$Revision: 8267 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 07:29:17 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-14 09:50:45 +0530 (Fri, 14 Dec 2012)\");\n script_cve_id(\"CVE-2012-5624\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-19759\");\n script_name(\"Fedora Update for qt FEDORA-2012-19759\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of qt\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt\", rpm:\"qt~4.8.4~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-02T00:00:22", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094633.html", "2012-19759"], "pluginID": "1361412562310864938", "description": "Check for the Version of qt", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-12-14T00:00:00", "title": "Fedora Update for qt FEDORA-2012-19759", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5624"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310864938", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864938", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt FEDORA-2012-19759\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Qt is a software toolkit for developing applications.\n\n This package contains base tools, like string, xml, and network\n handling.\";\n\ntag_affected = \"qt on Fedora 17\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094633.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864938\");\n script_version(\"$Revision: 9352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-14 09:50:45 +0530 (Fri, 14 Dec 2012)\");\n script_cve_id(\"CVE-2012-5624\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-19759\");\n script_name(\"Fedora Update for qt FEDORA-2012-19759\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of qt\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt\", rpm:\"qt~4.8.4~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:56:42", "references": ["2013:0669-01", "https://www.redhat.com/archives/rhsa-announce/2013-March/msg00062.html"], "pluginID": "1361412562310870969", "description": "Check for the Version of qt", "edition": 3, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-03-22T00:00:00", "title": "RedHat Update for qt RHSA-2013:0669-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0254"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310870969", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870969", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for qt RHSA-2013:0669-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Qt is a software toolkit that simplifies the task of writing and\n maintaining GUI (Graphical User Interface) applications for the X Window\n System.\n\n It was discovered that the QSharedMemory class implementation of the Qt\n toolkit created shared memory segments with insecure permissions. A local\n attacker could use this flaw to read or alter the contents of a particular\n shared memory segment, possibly leading to their ability to obtain\n sensitive information or influence the behavior of a process that is using\n the shared memory segment. (CVE-2013-0254)\n\n Red Hat would like to thank the Qt project for reporting this issue.\n Upstream acknowledges Tim Brown and Mark Lowe of Portcullis Computer\n Security Ltd. as the original reporters.\n\n Users of Qt should upgrade to these updated packages, which contain a\n backported patch to correct this issue. All running applications linked\n against Qt libraries must be restarted for this update to take effect.\";\n\n\ntag_affected = \"qt on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2013-March/msg00062.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870969\");\n script_version(\"$Revision: 9353 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:14:20 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-22 10:40:06 +0530 (Fri, 22 Mar 2013)\");\n script_cve_id(\"CVE-2013-0254\");\n script_tag(name:\"cvss_base\", value:\"3.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"RHSA\", value: \"2013:0669-01\");\n script_name(\"RedHat Update for qt RHSA-2013:0669-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of qt\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"phonon-backend-gstreamer\", rpm:\"phonon-backend-gstreamer~4.6.2~26.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt\", rpm:\"qt~4.6.2~26.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-debuginfo\", rpm:\"qt-debuginfo~4.6.2~26.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-devel\", rpm:\"qt-devel~4.6.2~26.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-mysql\", rpm:\"qt-mysql~4.6.2~26.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-odbc\", rpm:\"qt-odbc~4.6.2~26.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-postgresql\", rpm:\"qt-postgresql~4.6.2~26.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-sqlite\", rpm:\"qt-sqlite~4.6.2~26.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-x11\", rpm:\"qt-x11~4.6.2~26.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-doc\", rpm:\"qt-doc~4.6.2~26.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-01T23:55:45", "references": ["http://lists.centos.org/pipermail/centos-announce/2013-March/019662.html", "2013:0669"], "pluginID": "1361412562310881696", "description": "Check for the Version of phonon-backend-gstreamer", "edition": 4, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-03-22T00:00:00", "title": "CentOS Update for phonon-backend-gstreamer CESA-2013:0669 centos6 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0254"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310881696", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881696", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for phonon-backend-gstreamer CESA-2013:0669 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Qt is a software toolkit that simplifies the task of writing and\n maintaining GUI (Graphical User Interface) applications for the X Window\n System.\n\n It was discovered that the QSharedMemory class implementation of the Qt\n toolkit created shared memory segments with insecure permissions. A local\n attacker could use this flaw to read or alter the contents of a particular\n shared memory segment, possibly leading to their ability to obtain\n sensitive information or influence the behavior of a process that is using\n the shared memory segment. (CVE-2013-0254)\n\n Red Hat would like to thank the Qt project for reporting this issue.\n Upstream acknowledges Tim Brown and Mark Lowe of Portcullis Computer\n Security Ltd. as the original reporters.\n\n Users of Qt should upgrade to these updated packages, which contain a\n backported patch to correct this issue. All running applications linked\n against Qt libraries must be restarted for this update to take effect.\";\n\n\ntag_affected = \"phonon-backend-gstreamer on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-March/019662.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881696\");\n script_version(\"$Revision: 9372 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:56:37 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-22 10:40:44 +0530 (Fri, 22 Mar 2013)\");\n script_cve_id(\"CVE-2013-0254\");\n script_tag(name:\"cvss_base\", value:\"3.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"CESA\", value: \"2013:0669\");\n script_name(\"CentOS Update for phonon-backend-gstreamer CESA-2013:0669 centos6 \");\n\n script_tag(name:\"summary\", value:\"Check for the Version of phonon-backend-gstreamer\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"phonon-backend-gstreamer\", rpm:\"phonon-backend-gstreamer~4.6.2~26.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt\", rpm:\"qt~4.6.2~26.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-demos\", rpm:\"qt-demos~4.6.2~26.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-devel\", rpm:\"qt-devel~4.6.2~26.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-doc\", rpm:\"qt-doc~4.6.2~26.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-examples\", rpm:\"qt-examples~4.6.2~26.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-mysql\", rpm:\"qt-mysql~4.6.2~26.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-odbc\", rpm:\"qt-odbc~4.6.2~26.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-postgresql\", rpm:\"qt-postgresql~4.6.2~26.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-sqlite\", rpm:\"qt-sqlite~4.6.2~26.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qt-x11\", rpm:\"qt-x11~4.6.2~26.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-02-05T11:10:21", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098698.html", "2013-2041"], "pluginID": "865355", "description": "Check for the Version of qt", "edition": 3, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-02-15T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for qt FEDORA-2013-2041", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0254"], "modified": "2018-02-03T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=865355", "id": "OPENVAS:865355", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt FEDORA-2013-2041\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Qt is a software toolkit for developing applications.\n\n This package contains base tools, like string, xml, and network\n handling.\";\n\n\ntag_affected = \"qt on Fedora 18\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098698.html\");\n script_id(865355);\n script_version(\"$Revision: 8650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-03 13:16:59 +0100 (Sat, 03 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-15 11:14:35 +0530 (Fri, 15 Feb 2013)\");\n script_cve_id(\"CVE-2013-0254\");\n script_tag(name:\"cvss_base\", value:\"3.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2013-2041\");\n script_name(\"Fedora Update for qt FEDORA-2013-2041\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of qt\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt\", rpm:\"qt~4.8.4~11.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:08:35", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0254", "https://people.canonical.com/~ubuntu-security/cve/CVE-2012-6093", "https://people.canonical.com/~ubuntu-security/cve/CVE-2012-5624"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "4:4.8.1-0ubuntu4.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libqt4-network", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.10", "packageVersion": "4:4.8.3+dfsg-0ubuntu3.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libqt4-network", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "4:4.6.2-0ubuntu5.6", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libqt4-network", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "4:4.6.2-0ubuntu5.6", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libqt4-core", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.10", "packageVersion": "4:4.8.3+dfsg-0ubuntu3.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libqt4-core", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.10", "packageVersion": "4:4.7.4-0ubuntu8.3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libqt4-core", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "4:4.8.1-0ubuntu4.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libqt4-core", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.10", "packageVersion": "4:4.7.4-0ubuntu8.3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libqt4-network", "operator": "lt"}], "description": "Richard J. Moore and Peter Hartmann discovered that Qt allowed redirecting requests from http to file schemes. If an attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. This issue only affected Ubuntu 11.10, Ubuntu 12.04 LTS, and Ubuntu 12.10. (CVE-2012-5624)\n\nStephen Cheng discovered that Qt may report incorrect errors when ssl certificate verification fails. (CVE-2012-6093)\n\nTim Brown and Mark Lowe discovered that Qt incorrectly used weak permissions on shared memory segments. A local attacker could use this issue to view sensitive information, or modify program data belonging to other users. (CVE-2013-0254)", "edition": 3, "reporter": "Ubuntu", "published": "2013-02-14T00:00:00", "title": "Qt vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-0254", "CVE-2012-5624", "CVE-2012-6093"], "modified": "2013-02-14T00:00:00", "id": "USN-1723-1", "href": "https://usn.ubuntu.com/1723-1/", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "centos": [{"lastseen": "2017-10-03T18:25:53", "references": ["https://rhn.redhat.com/errata/RHSA-2013-0669.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-postgresql-4.6.2-26.el6_4.x86_64.rpm", "packageName": "qt-postgresql", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-4.6.2-26.el6_4.src.rpm", "packageName": "qt", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-examples-4.6.2-26.el6_4.x86_64.rpm", "packageName": "qt-examples", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-demos-4.6.2-26.el6_4.x86_64.rpm", "packageName": "qt-demos", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "phonon-backend-gstreamer-4.6.2-26.el6_4.x86_64.rpm", "packageName": "phonon-backend-gstreamer", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-sqlite-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-sqlite", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-sqlite-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-sqlite", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-devel-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-devel", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-devel-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-devel", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-examples-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-examples", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-4.6.2-26.el6_4.x86_64.rpm", "packageName": "qt", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-doc-4.6.2-26.el6_4.noarch.rpm", "packageName": "qt-doc", "arch": "noarch", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-doc-4.6.2-26.el6_4.noarch.rpm", "packageName": "qt-doc", "arch": "noarch", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-x11-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-x11", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-x11-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-x11", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-4.6.2-26.el6_4.i686.rpm", "packageName": "qt", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-4.6.2-26.el6_4.i686.rpm", "packageName": "qt", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-mysql-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-mysql", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-mysql-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-mysql", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-mysql-4.6.2-26.el6_4.x86_64.rpm", "packageName": "qt-mysql", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-odbc-4.6.2-26.el6_4.x86_64.rpm", "packageName": "qt-odbc", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-x11-4.6.2-26.el6_4.x86_64.rpm", "packageName": "qt-x11", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-postgresql-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-postgresql", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-postgresql-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-postgresql", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-demos-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-demos", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-sqlite-4.6.2-26.el6_4.x86_64.rpm", "packageName": "qt-sqlite", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "phonon-backend-gstreamer-4.6.2-26.el6_4.i686.rpm", "packageName": "phonon-backend-gstreamer", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "phonon-backend-gstreamer-4.6.2-26.el6_4.i686.rpm", "packageName": "phonon-backend-gstreamer", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-odbc-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-odbc", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-odbc-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-odbc", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "packageFilename": "qt-devel-4.6.2-26.el6_4.x86_64.rpm", "packageName": "qt-devel", "arch": "x86_64", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2013:0669\n\n\nQt is a software toolkit that simplifies the task of writing and\nmaintaining GUI (Graphical User Interface) applications for the X Window\nSystem.\n\nIt was discovered that the QSharedMemory class implementation of the Qt\ntoolkit created shared memory segments with insecure permissions. A local\nattacker could use this flaw to read or alter the contents of a particular\nshared memory segment, possibly leading to their ability to obtain\nsensitive information or influence the behavior of a process that is using\nthe shared memory segment. (CVE-2013-0254)\n\nRed Hat would like to thank the Qt project for reporting this issue.\nUpstream acknowledges Tim Brown and Mark Lowe of Portcullis Computer\nSecurity Ltd. as the original reporters.\n\nUsers of Qt should upgrade to these updated packages, which contain a\nbackported patch to correct this issue. All running applications linked\nagainst Qt libraries must be restarted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/019662.html\n\n**Affected packages:**\nphonon-backend-gstreamer\nqt\nqt-demos\nqt-devel\nqt-doc\nqt-examples\nqt-mysql\nqt-odbc\nqt-postgresql\nqt-sqlite\nqt-x11\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0669.html", "edition": 1, "reporter": "CentOS Project", "published": "2013-03-21T22:39:15", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "title": "phonon, qt security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0254"], "modified": "2013-03-21T22:39:15", "href": "http://lists.centos.org/pipermail/centos-announce/2013-March/019662.html", "id": "CESA-2013:0669", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "redhat": [{"lastseen": "2018-06-06T18:05:33", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "i686", "packageName": "qt-debuginfo", "packageFilename": "qt-debuginfo-4.6.2-26.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "src", "packageName": "qt", "packageFilename": "qt-4.6.2-26.el6_4.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "x86_64", "packageName": "qt-debuginfo", "packageFilename": "qt-debuginfo-4.6.2-26.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "i686", "packageName": "qt-examples", "packageFilename": "qt-examples-4.6.2-26.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "i686", "packageName": "qt-demos", "packageFilename": "qt-demos-4.6.2-26.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "i686", "packageName": "qt-devel", "packageFilename": "qt-devel-4.6.2-26.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "noarch", "packageName": "qt-doc", "packageFilename": "qt-doc-4.6.2-26.el6_4.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "x86_64", "packageName": "qt-demos", "packageFilename": "qt-demos-4.6.2-26.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "x86_64", "packageName": "qt-devel", "packageFilename": "qt-devel-4.6.2-26.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "x86_64", "packageName": "qt-examples", "packageFilename": "qt-examples-4.6.2-26.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "i686", "packageName": "qt", "packageFilename": "qt-4.6.2-26.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "i686", "packageName": "phonon-backend-gstreamer", "packageFilename": "phonon-backend-gstreamer-4.6.2-26.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "i686", "packageName": "qt-odbc", "packageFilename": "qt-odbc-4.6.2-26.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "i686", "packageName": "qt-mysql", "packageFilename": "qt-mysql-4.6.2-26.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "i686", "packageName": "qt-postgresql", "packageFilename": "qt-postgresql-4.6.2-26.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "i686", "packageName": "qt-sqlite", "packageFilename": "qt-sqlite-4.6.2-26.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "i686", "packageName": "qt-x11", "packageFilename": "qt-x11-4.6.2-26.el6_4.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "x86_64", "packageName": "phonon-backend-gstreamer", "packageFilename": "phonon-backend-gstreamer-4.6.2-26.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "x86_64", "packageName": "qt-x11", "packageFilename": "qt-x11-4.6.2-26.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "x86_64", "packageName": "qt", "packageFilename": "qt-4.6.2-26.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "x86_64", "packageName": "qt-mysql", "packageFilename": "qt-mysql-4.6.2-26.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "x86_64", "packageName": "qt-odbc", "packageFilename": "qt-odbc-4.6.2-26.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "x86_64", "packageName": "qt-postgresql", "packageFilename": "qt-postgresql-4.6.2-26.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "x86_64", "packageName": "qt-sqlite", "packageFilename": "qt-sqlite-4.6.2-26.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "ppc", "packageName": "qt-debuginfo", "packageFilename": "qt-debuginfo-4.6.2-26.el6_4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "ppc64", "packageName": "qt-debuginfo", "packageFilename": "qt-debuginfo-4.6.2-26.el6_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "ppc64", "packageName": "qt-demos", "packageFilename": "qt-demos-4.6.2-26.el6_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "ppc64", "packageName": "qt-examples", "packageFilename": "qt-examples-4.6.2-26.el6_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "ppc", "packageName": "qt", "packageFilename": "qt-4.6.2-26.el6_4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "ppc", "packageName": "phonon-backend-gstreamer", "packageFilename": "phonon-backend-gstreamer-4.6.2-26.el6_4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "ppc", "packageName": "qt-devel", "packageFilename": "qt-devel-4.6.2-26.el6_4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "ppc", "packageName": "qt-odbc", "packageFilename": "qt-odbc-4.6.2-26.el6_4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "ppc", "packageName": "qt-postgresql", "packageFilename": "qt-postgresql-4.6.2-26.el6_4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "ppc", "packageName": "qt-x11", "packageFilename": "qt-x11-4.6.2-26.el6_4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "ppc64", "packageName": "phonon-backend-gstreamer", "packageFilename": "phonon-backend-gstreamer-4.6.2-26.el6_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "ppc64", "packageName": "qt-devel", "packageFilename": "qt-devel-4.6.2-26.el6_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "ppc64", "packageName": "qt-odbc", "packageFilename": "qt-odbc-4.6.2-26.el6_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "ppc64", "packageName": "qt-postgresql", "packageFilename": "qt-postgresql-4.6.2-26.el6_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "ppc64", "packageName": "qt-sqlite", "packageFilename": "qt-sqlite-4.6.2-26.el6_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "ppc", "packageName": "qt-sqlite", "packageFilename": "qt-sqlite-4.6.2-26.el6_4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "ppc64", "packageName": "qt-mysql", "packageFilename": "qt-mysql-4.6.2-26.el6_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "ppc64", "packageName": "qt-x11", "packageFilename": "qt-x11-4.6.2-26.el6_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "ppc", "packageName": "qt-mysql", "packageFilename": "qt-mysql-4.6.2-26.el6_4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "ppc64", "packageName": "qt", "packageFilename": "qt-4.6.2-26.el6_4.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "s390", "packageName": "qt-debuginfo", "packageFilename": "qt-debuginfo-4.6.2-26.el6_4.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "s390x", "packageName": "qt-debuginfo", "packageFilename": "qt-debuginfo-4.6.2-26.el6_4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "s390x", "packageName": "qt-demos", "packageFilename": "qt-demos-4.6.2-26.el6_4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "s390x", "packageName": "qt-examples", "packageFilename": "qt-examples-4.6.2-26.el6_4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "s390", "packageName": "qt-odbc", "packageFilename": "qt-odbc-4.6.2-26.el6_4.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "s390x", "packageName": "qt-mysql", "packageFilename": "qt-mysql-4.6.2-26.el6_4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "s390", "packageName": "phonon-backend-gstreamer", "packageFilename": "phonon-backend-gstreamer-4.6.2-26.el6_4.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "s390", "packageName": "qt", "packageFilename": "qt-4.6.2-26.el6_4.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "s390", "packageName": "qt-mysql", "packageFilename": "qt-mysql-4.6.2-26.el6_4.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "s390", "packageName": "qt-postgresql", "packageFilename": "qt-postgresql-4.6.2-26.el6_4.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "s390", "packageName": "qt-x11", "packageFilename": "qt-x11-4.6.2-26.el6_4.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "s390x", "packageName": "phonon-backend-gstreamer", "packageFilename": "phonon-backend-gstreamer-4.6.2-26.el6_4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "s390x", "packageName": "qt", "packageFilename": "qt-4.6.2-26.el6_4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "s390x", "packageName": "qt-sqlite", "packageFilename": "qt-sqlite-4.6.2-26.el6_4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "s390x", "packageName": "qt-x11", "packageFilename": "qt-x11-4.6.2-26.el6_4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "s390", "packageName": "qt-devel", "packageFilename": "qt-devel-4.6.2-26.el6_4.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "s390", "packageName": "qt-sqlite", "packageFilename": "qt-sqlite-4.6.2-26.el6_4.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "s390x", "packageName": "qt-devel", "packageFilename": "qt-devel-4.6.2-26.el6_4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "s390x", "packageName": "qt-odbc", "packageFilename": "qt-odbc-4.6.2-26.el6_4.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "s390x", "packageName": "qt-postgresql", "packageFilename": "qt-postgresql-4.6.2-26.el6_4.s390x.rpm", "operator": "lt"}], "description": "Qt is a software toolkit that simplifies the task of writing and\nmaintaining GUI (Graphical User Interface) applications for the X Window\nSystem.\n\nIt was discovered that the QSharedMemory class implementation of the Qt\ntoolkit created shared memory segments with insecure permissions. A local\nattacker could use this flaw to read or alter the contents of a particular\nshared memory segment, possibly leading to their ability to obtain\nsensitive information or influence the behavior of a process that is using\nthe shared memory segment. (CVE-2013-0254)\n\nRed Hat would like to thank the Qt project for reporting this issue.\nUpstream acknowledges Tim Brown and Mark Lowe of Portcullis Computer\nSecurity Ltd. as the original reporters.\n\nUsers of Qt should upgrade to these updated packages, which contain a\nbackported patch to correct this issue. All running applications linked\nagainst Qt libraries must be restarted for this update to take effect.\n", "reporter": "RedHat", "published": "2013-03-21T04:00:00", "type": "redhat", "title": "(RHSA-2013:0669) Moderate: qt security update", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-0254"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:09", "id": "RHSA-2013:0669", "href": "https://access.redhat.com/errata/RHSA-2013:0669", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:45:53", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "x86_64", "packageFilename": "qt-devel-4.6.2-26.el6_4.x86_64.rpm", "packageName": "qt-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "x86_64", "packageFilename": "qt-x11-4.6.2-26.el6_4.x86_64.rpm", "packageName": "qt-x11", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "noarch", "packageFilename": "qt-doc-4.6.2-26.el6_4.noarch.rpm", "packageName": "qt-doc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "noarch", "packageFilename": "qt-doc-4.6.2-26.el6_4.noarch.rpm", "packageName": "qt-doc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "i686", "packageFilename": "qt-x11-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-x11", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "i686", "packageFilename": "qt-x11-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-x11", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "x86_64", "packageFilename": "qt-examples-4.6.2-26.el6_4.x86_64.rpm", "packageName": "qt-examples", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "i686", "packageFilename": "qt-demos-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-demos", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "i686", "packageFilename": "qt-4.6.2-26.el6_4.i686.rpm", "packageName": "qt", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "i686", "packageFilename": "qt-4.6.2-26.el6_4.i686.rpm", "packageName": "qt", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "x86_64", "packageFilename": "qt-demos-4.6.2-26.el6_4.x86_64.rpm", "packageName": "qt-demos", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "i686", "packageFilename": "qt-mysql-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-mysql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "i686", "packageFilename": "qt-mysql-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-mysql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "i686", "packageFilename": "qt-postgresql-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-postgresql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "i686", "packageFilename": "qt-postgresql-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-postgresql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "x86_64", "packageFilename": "qt-odbc-4.6.2-26.el6_4.x86_64.rpm", "packageName": "qt-odbc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "x86_64", "packageFilename": "qt-mysql-4.6.2-26.el6_4.x86_64.rpm", "packageName": "qt-mysql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "i686", "packageFilename": "qt-devel-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "i686", "packageFilename": "qt-devel-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "i686", "packageFilename": "qt-examples-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-examples", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "i686", "packageFilename": "qt-odbc-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-odbc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "i686", "packageFilename": "qt-odbc-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-odbc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "x86_64", "packageFilename": "qt-sqlite-4.6.2-26.el6_4.x86_64.rpm", "packageName": "qt-sqlite", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "x86_64", "packageFilename": "qt-4.6.2-26.el6_4.x86_64.rpm", "packageName": "qt", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "src", "packageFilename": "qt-4.6.2-26.el6_4.src.rpm", "packageName": "qt", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "src", "packageFilename": "qt-4.6.2-26.el6_4.src.rpm", "packageName": "qt", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "x86_64", "packageFilename": "phonon-backend-gstreamer-4.6.2-26.el6_4.x86_64.rpm", "packageName": "phonon-backend-gstreamer", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "x86_64", "packageFilename": "qt-postgresql-4.6.2-26.el6_4.x86_64.rpm", "packageName": "qt-postgresql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "i686", "packageFilename": "phonon-backend-gstreamer-4.6.2-26.el6_4.i686.rpm", "packageName": "phonon-backend-gstreamer", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "i686", "packageFilename": "phonon-backend-gstreamer-4.6.2-26.el6_4.i686.rpm", "packageName": "phonon-backend-gstreamer", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "i686", "packageFilename": "qt-sqlite-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-sqlite", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.6.2-26.el6_4", "arch": "i686", "packageFilename": "qt-sqlite-4.6.2-26.el6_4.i686.rpm", "packageName": "qt-sqlite", "operator": "lt"}], "description": "[1:4.6.2-26]\n- Resolves: CVE-2013-0254, QSharedMemory class created shared memory segments with insecure permissions", "edition": 3, "reporter": "Oracle", "published": "2013-03-21T00:00:00", "title": "qt security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-0254"], "modified": "2013-03-21T00:00:00", "id": "ELSA-2013-0669", "href": "http://linux.oracle.com/errata/ELSA-2013-0669.html", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:25", "references": ["http://labs.qt.nokia.com/2011/03/29/security-advisory-fraudulent-certificates/", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3193", "https://bugs.gentoo.org/show_bug.cgi?id=382171", "https://bugs.gentoo.org/show_bug.cgi?id=384103", "https://bugs.gentoo.org/show_bug.cgi?id=361401", "https://bugs.gentoo.org/show_bug.cgi?id=455884", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0254", "http://blog.qt.digia.com/2011/09/02/what-the-diginotar-security-breach-means-for-qt-users/"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "4.8.4-r1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "dev-qt/qtgui", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "4.8.4-r2", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "dev-qt/qtcore", "operator": "lt"}], "edition": 1, "description": "### Background\n\nThe Qt toolkit is a comprehensive C++ application development framework.\n\n### Description\n\nMultiple vulnerabilities have been discovered in QtCore and QtGui. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted file with an application linked against QtCore or QtGui, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker might employ a specially crafted certificate to conduct man-in-the-middle attacks on SSL connections. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll QtCore users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-qt/qtcore-4.8.4-r2\"\n \n\nAll QtGui users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-qt/qtgui-4.8.4-r1\"\n \n\nPackages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages.", "reporter": "Gentoo Foundation", "published": "2013-11-22T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "gentoo", "title": "QtCore, QtGui: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0254", "CVE-2011-3193"], "modified": "2013-11-22T00:00:00", "id": "GLSA-201311-14", "href": "https://security.gentoo.org/glsa/201311-14", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-16T22:14:00", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "6", "packageVersion": "4:4.6.3-4+squeeze3", "arch": "all", "packageFilename": "libqt4-network_4:4.6.3-4+squeeze3_all.deb", "packageName": "libqt4-network", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4:4.6.3-4+squeeze3", "arch": "all", "packageFilename": "libqt4-xmlpatterns_4:4.6.3-4+squeeze3_all.deb", "packageName": "libqt4-xmlpatterns", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4:4.6.3-4+squeeze3", "arch": "all", "packageFilename": "libqt4-dev_4:4.6.3-4+squeeze3_all.deb", "packageName": "libqt4-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4:4.6.3-4+squeeze3", "arch": "all", "packageFilename": "libqt4-phonon_4:4.6.3-4+squeeze3_all.deb", "packageName": "libqt4-phonon", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4:4.6.3-4+squeeze3", "arch": "all", "packageFilename": "qt4-designer_4:4.6.3-4+squeeze3_all.deb", "packageName": "qt4-designer", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4:4.6.3-4+squeeze3", "arch": "all", "packageFilename": "libqt4-opengl_4:4.6.3-4+squeeze3_all.deb", "packageName": "libqt4-opengl", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4:4.6.3-4+squeeze3", "arch": "all", "packageFilename": "libqt4-help_4:4.6.3-4+squeeze3_all.deb", "packageName": "libqt4-help", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4:4.6.3-4+squeeze3", "arch": "all", "packageFilename": "libqt4-svg_4:4.6.3-4+squeeze3_all.deb", "packageName": "libqt4-svg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4:4.6.3-4+squeeze3", "arch": "all", "packageFilename": "libqt4-xml_4:4.6.3-4+squeeze3_all.deb", "packageName": "libqt4-xml", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4:4.6.3-4+squeeze3", "arch": "all", "packageFilename": "qt4-qtconfig_4:4.6.3-4+squeeze3_all.deb", "packageName": "qt4-qtconfig", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4:4.6.3-4+squeeze3", "arch": "all", "packageFilename": "libqt4-sql-mysql_4:4.6.3-4+squeeze3_all.deb", "packageName": "libqt4-sql-mysql", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4:4.6.3-4+squeeze3", "arch": "all", "packageFilename": "libqt4-script_4:4.6.3-4+squeeze3_all.deb", "packageName": "libqt4-script", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4:4.6.3-4+squeeze3", "arch": "all", "packageFilename": "qt4-demos_4:4.6.3-4+squeeze3_all.deb", "packageName": "qt4-demos", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4:4.6.3-4+squeeze3", "arch": "all", "packageFilename": "libqt4-sql-psql_4:4.6.3-4+squeeze3_all.deb", "packageName": "libqt4-sql-psql", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4:4.6.3-4+squeeze3", "arch": "all", "packageFilename": "libqt4-webkit-dbg_4:4.6.3-4+squeeze3_all.deb", "packageName": "libqt4-webkit-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4:4.6.3-4+squeeze3", "arch": "all", "packageFilename": "libqt4-test_4:4.6.3-4+squeeze3_all.deb", "packageName": "libqt4-test", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4:4.6.3-4+squeeze3", "arch": "all", "packageFilename": "libqt4-gui_4:4.6.3-4+squeeze3_all.deb", "packageName": "libqt4-gui", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4:4.6.3-4+squeeze3", "arch": "all", "packageFilename": "libqt4-webkit_4:4.6.3-4+squeeze3_all.deb", "packageName": "libqt4-webkit", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4:4.6.3-4+squeeze3", "arch": "all", "packageFilename": "libqt4-xmlpatterns-dbg_4:4.6.3-4+squeeze3_all.deb", "packageName": "libqt4-xmlpatterns-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4:4.6.3-4+squeeze3", "arch": "all", "packageFilename": "libqt4-sql-tds_4:4.6.3-4+squeeze3_all.deb", "packageName": "libqt4-sql-tds", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4:4.6.3-4+squeeze3", "arch": "all", "packageFilename": "libqt4-sql_4:4.6.3-4+squeeze3_all.deb", "packageName": "libqt4-sql", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4:4.6.3-4+squeeze3", "arch": "all", "packageFilename": "libqtgui4_4:4.6.3-4+squeeze3_all.deb", "packageName": "libqtgui4", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4:4.6.3-4+squeeze3", "arch": "all", "packageFilename": "qt4-dev-tools_4:4.6.3-4+squeeze3_all.deb", "packageName": "qt4-dev-tools", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4:4.6.3-4+squeeze3", "arch": "all", "packageFilename": "libqt4-designer_4:4.6.3-4+squeeze3_all.deb", "packageName": "libqt4-designer", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4:4.6.3-4+squeeze3", "arch": "all", "packageFilename": "qt4-demos-dbg_4:4.6.3-4+squeeze3_all.deb", "packageName": "qt4-demos-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4:4.6.3-4+squeeze3", "arch": "all", "packageFilename": "libqt4-core_4:4.6.3-4+squeeze3_all.deb", "packageName": "libqt4-core", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4:4.6.3-4+squeeze3", "arch": "all", "packageFilename": "libqt4-sql-ibase_4:4.6.3-4+squeeze3_all.deb", "packageName": "libqt4-sql-ibase", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4:4.6.3-4+squeeze3", "arch": "all", "packageFilename": "qt4-x11_4:4.6.3-4+squeeze3_all.deb", "packageName": "qt4-x11", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4:4.6.3-4+squeeze3", "arch": "all", "packageFilename": "libqt4-scripttools_4:4.6.3-4+squeeze3_all.deb", "packageName": "libqt4-scripttools", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4:4.6.3-4+squeeze3", "arch": "all", "packageFilename": "libqt4-assistant_4:4.6.3-4+squeeze3_all.deb", "packageName": "libqt4-assistant", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4:4.6.3-4+squeeze3", "arch": "all", "packageFilename": "libqt4-multimedia_4:4.6.3-4+squeeze3_all.deb", "packageName": "libqt4-multimedia", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4:4.6.3-4+squeeze3", "arch": "all", "packageFilename": "libqt4-sql-odbc_4:4.6.3-4+squeeze3_all.deb", "packageName": "libqt4-sql-odbc", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4:4.6.3-4+squeeze3", "arch": "all", "packageFilename": "libqtcore4_4:4.6.3-4+squeeze3_all.deb", "packageName": "libqtcore4", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4:4.6.3-4+squeeze3", "arch": "all", "packageFilename": "libqt4-dbg_4:4.6.3-4+squeeze3_all.deb", "packageName": "libqt4-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4:4.6.3-4+squeeze3", "arch": "all", "packageFilename": "qt4-qmake_4:4.6.3-4+squeeze3_all.deb", "packageName": "qt4-qmake", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4:4.6.3-4+squeeze3", "arch": "all", "packageFilename": "libqt4-sql-sqlite_4:4.6.3-4+squeeze3_all.deb", "packageName": "libqt4-sql-sqlite", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4:4.6.3-4+squeeze3", "arch": "all", "packageFilename": "qt4-doc-html_4:4.6.3-4+squeeze3_all.deb", "packageName": "qt4-doc-html", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4:4.6.3-4+squeeze3", "arch": "all", "packageFilename": "libqt4-qt3support_4:4.6.3-4+squeeze3_all.deb", "packageName": "libqt4-qt3support", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4:4.6.3-4+squeeze3", "arch": "all", "packageFilename": "qt4-doc_4:4.6.3-4+squeeze3_all.deb", "packageName": "qt4-doc", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4:4.6.3-4+squeeze3", "arch": "all", "packageFilename": "libqt4-dbus_4:4.6.3-4+squeeze3_all.deb", "packageName": "libqt4-dbus", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4:4.6.3-4+squeeze3", "arch": "all", "packageFilename": "libqt4-opengl-dev_4:4.6.3-4+squeeze3_all.deb", "packageName": "libqt4-opengl-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4:4.6.3-4+squeeze3", "arch": "all", "packageFilename": "libqt4-sql-sqlite2_4:4.6.3-4+squeeze3_all.deb", "packageName": "libqt4-sql-sqlite2", "operator": "lt"}], "description": "Package : qt4-x11\nVersion : 4:4.6.3-4+squeeze3\nCVE ID : CVE-2013-0254 CVE-2015-0295 CVE-2015-1858 CVE-2015-1859 \n CVE-2015-1860\nDebian Bug : 779550 783133\n\nThis update fixes multiple security issues in the Qt library.\n\nCVE-2013-0254\n\n The QSharedMemory class uses weak permissions (world-readable and\n world-writable) for shared memory segments, which allows local users\n to read sensitive information or modify critical program data, as\n demonstrated by reading a pixmap being sent to an X server.\n\nCVE-2015-0295 / CVE-2015-1858 / CVE-2015-1859 / CVE-2015-1860\n\n Denial of service (via segmentation faults) through crafted\n images (BMP, GIF, ICO).\n\n-- \nRapha\u00ebl Hertzog \u25c8 Debian Developer\n\nSupport Debian LTS: http://www.freexian.com/services/debian-lts.html\nLearn to master Debian: http://debian-handbook.info/get/\n", "edition": 1, "reporter": "Debian", "published": "2015-04-30T11:59:40", "title": "[SECURITY] [DLA 210-1] qt4-x11 security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:14:00", "vector": "NONE", "value": 2.1}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-0254", "CVE-2015-1858", "CVE-2015-1859", "CVE-2015-0295", "CVE-2015-1860"], "modified": "2015-04-30T11:59:40", "id": "DEBIAN:DLA-210-1:A47BC", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201504/msg00026.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}