ID SSA-2015-111-13 Type slackware Reporter Slackware Linux Project Modified 2015-04-22T01:24:32
Description
New qt packages are available for Slackware 14.1, and -current to
fix security issues.
Here are the details from the Slackware 14.1 ChangeLog:
patches/packages/qt-4.8.6-i486-1_slack14.1.txz: Upgraded.
Fixed issues with BMP, ICO, and GIF handling that could lead to a denial
of service or the execution of arbitrary code when processing malformed
images.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0295
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1858
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1859
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1860
( Security fix )
Where to find the new packages:
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/qt-4.8.6-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/qt-4.8.6-x86_64-1_slack14.1.txz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/qt-4.8.6-i486-2.txz
Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/qt-4.8.6-x86_64-2.txz
Upgrade the package as root:
> upgradepkg qt-4.8.6-i486-1_slack14.1.txz
{"id": "SSA-2015-111-13", "type": "slackware", "bulletinFamily": "unix", "title": "[slackware-security] qt", "description": "New qt packages are available for Slackware 14.1, and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/qt-4.8.6-i486-1_slack14.1.txz: Upgraded.\n Fixed issues with BMP, ICO, and GIF handling that could lead to a denial\n of service or the execution of arbitrary code when processing malformed\n images.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0295\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1858\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1859\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1860\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/qt-4.8.6-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/qt-4.8.6-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/qt-4.8.6-i486-2.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/qt-4.8.6-x86_64-2.txz\n\n\nMD5 signatures:\n\nSlackware 14.1 package:\nfad30e220cfcfae0bc98d50acb8009d0 qt-4.8.6-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\ndb1a7d75f353287bac779e53219fb705 qt-4.8.6-x86_64-1_slack14.1.txz\n\nSlackware -current package:\nc42f919505996562f0ab02a5d13975d0 l/qt-4.8.6-i486-2.txz\n\nSlackware x86_64 -current package:\n195d68b1606883541b174130fc67acd3 l/qt-4.8.6-x86_64-2.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg qt-4.8.6-i486-1_slack14.1.txz", "published": "2015-04-22T01:24:32", "modified": "2015-04-22T01:24:32", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.357024", "reporter": "Slackware Linux Project", "references": [], "cvelist": ["CVE-2015-0295", "CVE-2015-1858", "CVE-2015-1859", "CVE-2015-1860"], "lastseen": "2020-10-25T16:36:19", "viewCount": 10, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310869625", "OPENVAS:1361412562310869331", "OPENVAS:1361412562310869583", "OPENVAS:1361412562310869344", "OPENVAS:1361412562310842217", "OPENVAS:1361412562310121452", "OPENVAS:1361412562310869333", "OPENVAS:1361412562310869297", "OPENVAS:1361412562310869332", "OPENVAS:1361412562310869296"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32006", "SECURITYVULNS:VULN:14449"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-201603-10.NASL", "FEDORA_2015-6364.NASL", "FEDORA_2015-6932.NASL", "SLACKWARE_SSA_2015-111-13.NASL", "SUSE_SU-2015-1359-1.NASL", "SUSE_SU-2015-0977-1.NASL", "FEDORA_2015-6925.NASL", "UBUNTU_USN-2626-1.NASL", "DEBIAN_DLA-210.NASL", "SUSE_SU-2015-1383-1.NASL"]}, {"type": "fedora", "idList": ["FEDORA:CF0456111524", "FEDORA:22B866087A7A", "FEDORA:D8FCE6087E0D", "FEDORA:4A539601477B", "FEDORA:3EC2760167DD", "FEDORA:81DEE60762A5", "FEDORA:C620F6075DBF", "FEDORA:BD5926087AF8", "FEDORA:881136044E39", "FEDORA:C1EFE6087C6E"]}, {"type": "cve", "idList": ["CVE-2015-0295", "CVE-2015-1858", "CVE-2015-1860", "CVE-2015-1859"]}, {"type": "ubuntu", "idList": ["USN-2626-1"]}, {"type": "debian", "idList": ["DEBIAN:DLA-210-1:A47BC"]}, {"type": "gentoo", "idList": ["GLSA-201603-10"]}, {"type": "freebsd", "idList": ["5713BFDA-E27D-11E4-B2CE-5453ED2E2B49", "C9C3374D-C2C1-11E4-B236-5453ED2E2B49"]}, {"type": "myhack58", "idList": ["MYHACK58:62201782823"]}], "modified": "2020-10-25T16:36:19", "rev": 2}, "score": {"value": 7.3, "vector": "NONE", "modified": "2020-10-25T16:36:19", "rev": 2}, "vulnersScore": 7.3}, "affectedPackage": [{"OS": "Slackware", "OSVersion": "14.1", "arch": "i486", "packageName": "qt", "packageVersion": "4.8.6", "packageFilename": "qt-4.8.6-i486-1_slack14.1.txz", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.1", "arch": "x86_64", "packageName": "qt", "packageVersion": "4.8.6", "packageFilename": "qt-4.8.6-x86_64-1_slack14.1.txz", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "current", "arch": "i486", "packageName": "qt", "packageVersion": "4.8.6", "packageFilename": "qt-4.8.6-i486-2.txz", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "current", "arch": "x86_64", "packageName": "qt", "packageVersion": "4.8.6", "packageFilename": "qt-4.8.6-x86_64-2.txz", "operator": "lt"}], "immutableFields": []}
{"fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0295", "CVE-2015-1858", "CVE-2015-1859", "CVE-2015-1860"], "description": "Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling. ", "modified": "2015-04-30T11:45:48", "published": "2015-04-30T11:45:48", "id": "FEDORA:C620F6075DBF", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: qt-4.8.6-28.fc21", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0295", "CVE-2015-1858", "CVE-2015-1859", "CVE-2015-1860"], "description": "Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling. ", "modified": "2015-04-26T12:45:53", "published": "2015-04-26T12:45:53", "id": "FEDORA:81DEE60762A5", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: qt5-qtbase-5.4.1-9.fc21", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0295", "CVE-2015-1858", "CVE-2015-1859", "CVE-2015-1860"], "description": "Qt is a GUI software toolkit which simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. Qt is written in C++ and is fully object-oriented. This package contains the shared library needed to run Qt 3 applications, as well as the README files for Qt 3. ", "modified": "2015-05-01T16:37:14", "published": "2015-05-01T16:37:14", "id": "FEDORA:BD5926087AF8", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: qt3-3.3.8b-63.fc21", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0295", "CVE-2015-1858", "CVE-2015-1859", "CVE-2015-1860"], "description": "This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler. ", "modified": "2015-05-01T16:52:39", "published": "2015-05-01T16:52:39", "id": "FEDORA:881136044E39", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: mingw-qt5-qtbase-5.4.1-2.fc22", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0295", "CVE-2015-1858", "CVE-2015-1859", "CVE-2015-1860"], "description": "This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler. ", "modified": "2015-05-04T15:30:04", "published": "2015-05-04T15:30:04", "id": "FEDORA:D8FCE6087E0D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: mingw-qt5-qtbase-5.4.1-2.fc21", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0190", "CVE-2015-0295", "CVE-2015-1858", "CVE-2015-1859", "CVE-2015-1860"], "description": "Qt is a GUI software toolkit which simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. Qt is written in C++ and is fully object-oriented. This package contains the shared library needed to run Qt 3 applications, as well as the README files for Qt 3. ", "modified": "2015-05-01T16:49:15", "published": "2015-05-01T16:49:15", "id": "FEDORA:3EC2760167DD", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: qt3-3.3.8b-63.fc20", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4549", "CVE-2015-0295", "CVE-2015-1858", "CVE-2015-1859", "CVE-2015-1860"], "description": "Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling. ", "modified": "2015-04-26T12:43:35", "published": "2015-04-26T12:43:35", "id": "FEDORA:4A539601477B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: qt5-qtbase-5.4.1-9.fc20", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2015-1858", "CVE-2015-1859", "CVE-2015-1860"], "description": "Qt is a GUI software toolkit which simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. Qt is written in C++ and is fully object-oriented. This package contains the shared library needed to run Qt 3 applications, as well as the README files for Qt 3. ", "modified": "2015-04-24T22:48:40", "published": "2015-04-24T22:48:40", "id": "FEDORA:22B866087A7A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: qt3-3.3.8b-63.fc22", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2015-1858", "CVE-2015-1859", "CVE-2015-1860"], "description": "Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling. ", "modified": "2015-04-23T16:10:14", "published": "2015-04-23T16:10:14", "id": "FEDORA:C1EFE6087C6E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: qt-4.8.6-28.fc22", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2015-1858", "CVE-2015-1859", "CVE-2015-1860"], "description": "Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling. ", "modified": "2015-04-21T19:11:45", "published": "2015-04-21T19:11:45", "id": "FEDORA:CF0456111524", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: qt5-qtbase-5.4.1-9.fc22", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:58", "bulletinFamily": "software", "cvelist": ["CVE-2015-1858", "CVE-2015-1859", "CVE-2015-0295", "CVE-2015-1860"], "description": "\r\n\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n[slackware-security] qt (SSA:2015-111-13)\r\n\r\nNew qt packages are available for Slackware 14.1, and -current to\r\nfix security issues.\r\n\r\n\r\nHere are the details from the Slackware 14.1 ChangeLog:\r\n+--------------------------+\r\npatches/packages/qt-4.8.6-i486-1_slack14.1.txz: Upgraded.\r\n Fixed issues with BMP, ICO, and GIF handling that could lead to a denial\r\n of service or the execution of arbitrary code when processing malformed\r\n images.\r\n For more information, see:\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0295\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1858\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1859\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1860\r\n (* Security fix *)\r\n+--------------------------+\r\n\r\n\r\nWhere to find the new packages:\r\n+-----------------------------+\r\n\r\nThanks to the friendly folks at the OSU Open Source Lab\r\n(http://osuosl.org) for donating FTP and rsync hosting\r\nto the Slackware project! \r\n\r\nAlso see the "Get Slack" section on http://slackware.com for\r\nadditional mirror sites near you.\r\n\r\nUpdated package for Slackware 14.1:\r\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/qt-4.8.6-i486-1_slack14.1.txz\r\n\r\nUpdated package for Slackware x86_64 14.1:\r\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/qt-4.8.6-x86_64-1_slack14.1.txz\r\n\r\nUpdated package for Slackware -current:\r\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/qt-4.8.6-i486-2.txz\r\n\r\nUpdated package for Slackware x86_64 -current:\r\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/qt-4.8.6-x86_64-2.txz\r\n\r\n\r\nMD5 signatures:\r\n+-------------+\r\n\r\nSlackware 14.1 package:\r\nfad30e220cfcfae0bc98d50acb8009d0 qt-4.8.6-i486-1_slack14.1.txz\r\n\r\nSlackware x86_64 14.1 package:\r\ndb1a7d75f353287bac779e53219fb705 qt-4.8.6-x86_64-1_slack14.1.txz\r\n\r\nSlackware -current package:\r\nc42f919505996562f0ab02a5d13975d0 l/qt-4.8.6-i486-2.txz\r\n\r\nSlackware x86_64 -current package:\r\n195d68b1606883541b174130fc67acd3 l/qt-4.8.6-x86_64-2.txz\r\n\r\n\r\nInstallation instructions:\r\n+------------------------+\r\n\r\nUpgrade the package as root:\r\n# upgradepkg qt-4.8.6-i486-1_slack14.1.txz\r\n\r\n\r\n+-----+\r\n\r\nSlackware Linux Security Team\r\nhttp://slackware.com/gpg-key\r\nsecurity@slackware.com\r\n\r\n+------------------------------------------------------------------------+\r\n| To leave the slackware-security mailing list: |\r\n+------------------------------------------------------------------------+\r\n| Send an email to majordomo@slackware.com with this text in the body of |\r\n| the email message: |\r\n| |\r\n| unsubscribe slackware-security |\r\n| |\r\n| You will get a confirmation message back containing instructions to |\r\n| complete the process. Please do not reply to this email address. |\r\n+------------------------------------------------------------------------+\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niEYEARECAAYFAlU2zZYACgkQakRjwEAQIjOp+ACcDxtpYJ7AClA0wyGEi5ZHFupl\r\nmukAoIgXufm+tx5a2rg4pqb/IsAr747K\r\n=67nG\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2015-05-05T00:00:00", "published": "2015-05-05T00:00:00", "id": "SECURITYVULNS:DOC:32006", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32006", "title": "[slackware-security] qt (SSA:2015-111-13)", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:00", "bulletinFamily": "software", "cvelist": ["CVE-2015-1858", "CVE-2015-1859", "CVE-2015-0295", "CVE-2015-1860"], "description": "Memory corruptions on different graphics formats parsing.", "edition": 1, "modified": "2015-05-05T00:00:00", "published": "2015-05-05T00:00:00", "id": "SECURITYVULNS:VULN:14449", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14449", "title": "qt multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2019-05-29T18:36:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1858", "CVE-2015-1859", "CVE-2015-0295", "CVE-2015-1860"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-07-07T00:00:00", "id": "OPENVAS:1361412562310869625", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869625", "type": "openvas", "title": "Fedora Update for mingw-qt5-qtbase FEDORA-2015-6932", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-qt5-qtbase FEDORA-2015-6932\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869625\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-07 06:29:52 +0200 (Tue, 07 Jul 2015)\");\n script_cve_id(\"CVE-2015-0295\", \"CVE-2015-1858\", \"CVE-2015-1859\", \"CVE-2015-1860\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mingw-qt5-qtbase FEDORA-2015-6932\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-qt5-qtbase'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mingw-qt5-qtbase on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-6932\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-May/156952.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-qt5-qtbase\", rpm:\"mingw-qt5-qtbase~5.4.1~2.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1858", "CVE-2015-1859", "CVE-2015-0295", "CVE-2015-1860"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-05-01T00:00:00", "id": "OPENVAS:1361412562310869331", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869331", "type": "openvas", "title": "Fedora Update for qt FEDORA-2015-6252", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt FEDORA-2015-6252\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869331\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-05-01 05:49:36 +0200 (Fri, 01 May 2015)\");\n script_cve_id(\"CVE-2015-1859\", \"CVE-2015-1858\", \"CVE-2015-1860\", \"CVE-2015-0295\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for qt FEDORA-2015-6252\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qt'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"qt on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-6252\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt\", rpm:\"qt~4.8.6~28.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1858", "CVE-2015-1859", "CVE-2015-0295", "CVE-2015-1860"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-05-02T00:00:00", "id": "OPENVAS:1361412562310869332", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869332", "type": "openvas", "title": "Fedora Update for qt3 FEDORA-2015-6661", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt3 FEDORA-2015-6661\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869332\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-05-02 05:42:45 +0200 (Sat, 02 May 2015)\");\n script_cve_id(\"CVE-2015-1860\", \"CVE-2015-1858\", \"CVE-2015-1859\", \"CVE-2015-0295\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for qt3 FEDORA-2015-6661\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qt3'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"qt3 on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-6661\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-May/156761.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt3\", rpm:\"qt3~3.3.8b~63.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1858", "CVE-2015-1859", "CVE-2015-0295", "CVE-2015-1860"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-04-27T00:00:00", "id": "OPENVAS:1361412562310869297", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869297", "type": "openvas", "title": "Fedora Update for qt5-qtbase FEDORA-2015-6364", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt5-qtbase FEDORA-2015-6364\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869297\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-27 05:38:31 +0200 (Mon, 27 Apr 2015)\");\n script_cve_id(\"CVE-2015-1860\", \"CVE-2015-1859\", \"CVE-2015-1858\", \"CVE-2015-0295\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for qt5-qtbase FEDORA-2015-6364\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qt5-qtbase'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"qt5-qtbase on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-6364\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt5-qtbase\", rpm:\"qt5-qtbase~5.4.1~9.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1858", "CVE-2015-1859", "CVE-2015-0295", "CVE-2015-1860"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-05-05T00:00:00", "id": "OPENVAS:1361412562310869344", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869344", "type": "openvas", "title": "Fedora Update for mingw-qt5-qtbase FEDORA-2015-6925", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-qt5-qtbase FEDORA-2015-6925\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869344\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-05-05 06:12:57 +0200 (Tue, 05 May 2015)\");\n script_cve_id(\"CVE-2015-0295\", \"CVE-2015-1858\", \"CVE-2015-1859\", \"CVE-2015-1860\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mingw-qt5-qtbase FEDORA-2015-6925\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-qt5-qtbase'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mingw-qt5-qtbase on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-6925\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-May/157203.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-qt5-qtbase\", rpm:\"mingw-qt5-qtbase~5.4.1~2.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1858", "CVE-2015-1859", "CVE-2014-0190", "CVE-2015-0295", "CVE-2015-1860"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-05-02T00:00:00", "id": "OPENVAS:1361412562310869333", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869333", "type": "openvas", "title": "Fedora Update for qt3 FEDORA-2015-6573", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt3 FEDORA-2015-6573\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869333\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-05-02 05:42:50 +0200 (Sat, 02 May 2015)\");\n script_cve_id(\"CVE-2015-1860\", \"CVE-2015-1858\", \"CVE-2015-1859\", \"CVE-2015-0295\",\n \"CVE-2014-0190\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for qt3 FEDORA-2015-6573\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qt3'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"qt3 on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-6573\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-May/156937.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt3\", rpm:\"qt3~3.3.8b~63.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1858", "CVE-2015-1859", "CVE-2015-0295", "CVE-2013-4549", "CVE-2015-1860"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-04-27T00:00:00", "id": "OPENVAS:1361412562310869296", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869296", "type": "openvas", "title": "Fedora Update for qt5-qtbase FEDORA-2015-6315", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt5-qtbase FEDORA-2015-6315\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869296\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-27 05:38:25 +0200 (Mon, 27 Apr 2015)\");\n script_cve_id(\"CVE-2015-1860\", \"CVE-2015-1859\", \"CVE-2015-1858\", \"CVE-2015-0295\",\n \"CVE-2013-4549\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for qt5-qtbase FEDORA-2015-6315\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qt5-qtbase'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"qt5-qtbase on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-6315\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt5-qtbase\", rpm:\"qt5-qtbase~5.4.1~9.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1858", "CVE-2015-1859", "CVE-2014-0190", "CVE-2015-0295", "CVE-2015-1860"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-06-09T00:00:00", "id": "OPENVAS:1361412562310842217", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842217", "type": "openvas", "title": "Ubuntu Update for qt4-x11 USN-2626-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for qt4-x11 USN-2626-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842217\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-09 11:07:43 +0200 (Tue, 09 Jun 2015)\");\n script_cve_id(\"CVE-2014-0190\", \"CVE-2015-0295\", \"CVE-2015-1858\", \"CVE-2015-1859\",\n \"CVE-2015-1860\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for qt4-x11 USN-2626-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qt4-x11'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Wolfgang Schenk discovered that Qt\nincorrectly handled certain malformed GIF images. If a user or automated\nsystem were tricked into opening a specially crafted GIF image, a remote attacker\ncould use this issue to cause Qt to crash, resulting in a denial of service. This\nissue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-0190)\n\nFabian Vogt discovered that Qt incorrectly handled certain malformed BMP\nimages. If a user or automated system were tricked into opening a specially\ncrafted BMP image, a remote attacker could use this issue to cause Qt to\ncrash, resulting in a denial of service. (CVE-2015-0295)\n\nRichard Moore and Fabian Vogt discovered that Qt incorrectly handled\ncertain malformed BMP images. If a user or automated system were tricked\ninto opening a specially crafted BMP image, a remote attacker could use\nthis issue to cause Qt to crash, resulting in a denial of service, or\npossibly execute arbitrary code. (CVE-2015-1858)\n\nRichard Moore and Fabian Vogt discovered that Qt incorrectly handled\ncertain malformed ICO images. If a user or automated system were tricked\ninto opening a specially crafted ICO image, a remote attacker could use\nthis issue to cause Qt to crash, resulting in a denial of service, or\npossibly execute arbitrary code. (CVE-2015-1859)\n\nRichard Moore and Fabian Vogt discovered that Qt incorrectly handled\ncertain malformed GIF images. If a user or automated system were tricked\ninto opening a specially crafted GIF image, a remote attacker could use\nthis issue to cause Qt to crash, resulting in a denial of service, or\npossibly execute arbitrary code. (CVE-2015-1860)\");\n script_tag(name:\"affected\", value:\"qt4-x11 on Ubuntu 14.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2626-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2626-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS|12\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt5gui5:amd64\", ver:\"5.3.0+dfsg-2ubuntu9.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n if ((res = isdpkgvuln(pkg:\"libqt5gui5:i386\", ver:\"5.3.0+dfsg-2ubuntu9.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n\n if ((res = isdpkgvuln(pkg:\"libqtgui4:amd64\", ver:\"4:4.8.6+git49-gbc62005+dfsg-1ubuntu1.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n if ((res = isdpkgvuln(pkg:\"libqtgui4:i386\", ver:\"4:4.8.6+git49-gbc62005+dfsg-1ubuntu1.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt5gui5:amd64\", ver:\"5.2.1+dfsg-1ubuntu14.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n if ((res = isdpkgvuln(pkg:\"libqt5gui5:i386\", ver:\"5.2.1+dfsg-1ubuntu14.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqtgui4:amd64\", ver:\"4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqtgui4:i386\", ver:\"4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqtgui4\", ver:\"4:4.8.1-0ubuntu4.9\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1858", "CVE-2015-1859", "CVE-2015-1860"], "description": "Gentoo Linux Local Security Checks", "modified": "2018-10-12T00:00:00", "published": "2016-03-14T00:00:00", "id": "OPENVAS:1361412562310121452", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121452", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201603-10", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201603-10.nasl 11856 2018-10-12 07:45:29Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.fi>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121452\");\n script_version(\"$Revision: 11856 $\");\n script_tag(name:\"creation_date\", value:\"2016-03-14 15:52:46 +0200 (Mon, 14 Mar 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 09:45:29 +0200 (Fri, 12 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201603-10\");\n script_tag(name:\"insight\", value:\"Multiple buffer overflow vulnerabilities have been discovered in QtGui. It is possible for remote attackers to construct specially crafted BMP, ICO, or GIF images that lead to buffer overflows. After successfully overflowing the buffer the remote attacker can then cause a Denial of Service or execute arbitrary code.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201603-10\");\n script_cve_id(\"CVE-2015-1858\", \"CVE-2015-1859\", \"CVE-2015-1860\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"dev-qt/qtgui\", unaffected: make_list(\"ge 5.4.1-r1\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-qt/qtgui\", unaffected: make_list(\"ge 4.8.6-r4\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-qt/qtgui\", unaffected: make_list(\"ge 4.8.7\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-qt/qtgui\", unaffected: make_list(), vulnerable: make_list(\"lt 5.4.1-r1\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1858", "CVE-2015-1859", "CVE-2015-1860"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-07-07T00:00:00", "id": "OPENVAS:1361412562310869551", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869551", "type": "openvas", "title": "Fedora Update for qt3 FEDORA-2015-6613", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt3 FEDORA-2015-6613\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869551\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-07 06:24:47 +0200 (Tue, 07 Jul 2015)\");\n script_cve_id(\"CVE-2015-1860\", \"CVE-2015-1858\", \"CVE-2015-1859\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for qt3 FEDORA-2015-6613\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qt3'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"qt3 on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-6613\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155947.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt3\", rpm:\"qt3~3.3.8b~63.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-12T10:13:44", "description": "Fix CVE-2015-0295, CVE-2015-1858, CVE-2015-1859 and CVE-2015-1860\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 15, "published": "2015-05-04T00:00:00", "title": "Fedora 22 : mingw-qt5-qtbase-5.4.1-2.fc22 (2015-6932)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1858", "CVE-2015-1859", "CVE-2015-0295", "CVE-2015-1860"], "modified": "2015-05-04T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:22", "p-cpe:/a:fedoraproject:fedora:mingw-qt5-qtbase"], "id": "FEDORA_2015-6932.NASL", "href": "https://www.tenable.com/plugins/nessus/83215", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-6932.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83215);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2015-6932\");\n\n script_name(english:\"Fedora 22 : mingw-qt5-qtbase-5.4.1-2.fc22 (2015-6932)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix CVE-2015-0295, CVE-2015-1858, CVE-2015-1859 and CVE-2015-1860\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-May/156952.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b8ae85cf\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-qt5-qtbase package.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-qt5-qtbase\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"mingw-qt5-qtbase-5.4.1-2.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-qt5-qtbase\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T14:22:37", "description": "The libqt4 library was updated to fix several security issues :\n\nCVE-2015-0295: Division by zero when processing malformed BMP files.\n(bsc#921999)\n\nCVE-2015-1858: Segmentation fault in BMP Qt Image Format Handling.\n(bsc#927806)\n\nCVE-2015-1859: Segmentation fault in ICO Qt Image Format Handling.\n(bsc#927807)\n\nCVE-2015-1860: Segmentation fault in GIF Qt Image Format Handling.\n(bsc#927808)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2015-06-02T00:00:00", "title": "SUSE SLED11 / SLES11 Security Update : libqt4 (SUSE-SU-2015:0977-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1858", "CVE-2015-1859", "CVE-2015-0295", "CVE-2015-1860"], "modified": "2015-06-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libqt4-x11", "p-cpe:/a:novell:suse_linux:libqt4-sql-sqlite", "p-cpe:/a:novell:suse_linux:libqt4-sql-postgresql", "p-cpe:/a:novell:suse_linux:qt4-x11-tools", "p-cpe:/a:novell:suse_linux:libqt4-sql", "p-cpe:/a:novell:suse_linux:libQtWebKit4", "p-cpe:/a:novell:suse_linux:libqt4-sql-unixODBC", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:libqt4-qt3support", "p-cpe:/a:novell:suse_linux:libqt4", "p-cpe:/a:novell:suse_linux:libqt4-sql-mysql"], "id": "SUSE_SU-2015-0977-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83946", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:0977-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83946);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-0295\", \"CVE-2015-1858\", \"CVE-2015-1859\", \"CVE-2015-1860\");\n script_bugtraq_id(73029, 74302, 74307, 74309, 74310);\n\n script_name(english:\"SUSE SLED11 / SLES11 Security Update : libqt4 (SUSE-SU-2015:0977-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The libqt4 library was updated to fix several security issues :\n\nCVE-2015-0295: Division by zero when processing malformed BMP files.\n(bsc#921999)\n\nCVE-2015-1858: Segmentation fault in BMP Qt Image Format Handling.\n(bsc#927806)\n\nCVE-2015-1859: Segmentation fault in ICO Qt Image Format Handling.\n(bsc#927807)\n\nCVE-2015-1860: Segmentation fault in GIF Qt Image Format Handling.\n(bsc#927808)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=921999\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=927806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=927807\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=927808\"\n );\n # https://download.suse.com/patch/finder/?keywords=9689c635e31524ec167e859d445097b5\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?12926c30\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-0295/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1858/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1859/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1860/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20150977-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6ded2579\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11 SP3 :\n\nzypper in -t patch sdksp3-libqt4-201505=10690\n\nSUSE Linux Enterprise Server 11 SP3 for VMware :\n\nzypper in -t patch slessp3-libqt4-201505=10690\n\nSUSE Linux Enterprise Server 11 SP3 :\n\nzypper in -t patch slessp3-libqt4-201505=10690\n\nSUSE Linux Enterprise Desktop 11 SP3 :\n\nzypper in -t patch sledsp3-libqt4-201505=10690\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQtWebKit4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-qt3support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-sql-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-sql-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-sql-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-sql-unixODBC\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qt4-x11-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED11|SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED11 / SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED11 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"libQtWebKit4-32bit-4.6.3-5.34.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"libqt4-32bit-4.6.3-5.34.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"libqt4-qt3support-32bit-4.6.3-5.34.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"libqt4-sql-32bit-4.6.3-5.34.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"libqt4-x11-32bit-4.6.3-5.34.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"libQtWebKit4-32bit-4.6.3-5.34.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"libqt4-32bit-4.6.3-5.34.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"libqt4-qt3support-32bit-4.6.3-5.34.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"libqt4-sql-32bit-4.6.3-5.34.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"libqt4-x11-32bit-4.6.3-5.34.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libQtWebKit4-4.6.3-5.34.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libqt4-4.6.3-5.34.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libqt4-qt3support-4.6.3-5.34.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libqt4-sql-4.6.3-5.34.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libqt4-sql-mysql-4.6.3-5.34.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libqt4-sql-sqlite-4.6.3-5.34.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libqt4-x11-4.6.3-5.34.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"qt4-x11-tools-4.6.3-5.34.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"libQtWebKit4-4.6.3-5.34.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"libqt4-4.6.3-5.34.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"libqt4-qt3support-4.6.3-5.34.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"libqt4-sql-4.6.3-5.34.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"libqt4-sql-mysql-4.6.3-5.34.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"libqt4-sql-postgresql-4.6.3-5.34.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"libqt4-sql-sqlite-4.6.3-5.34.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"libqt4-sql-unixODBC-4.6.3-5.34.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"libqt4-x11-4.6.3-5.34.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"libQtWebKit4-32bit-4.6.3-5.34.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"libqt4-32bit-4.6.3-5.34.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"libqt4-qt3support-32bit-4.6.3-5.34.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"libqt4-sql-32bit-4.6.3-5.34.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"libqt4-sql-mysql-32bit-4.6.3-5.34.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"libqt4-sql-postgresql-32bit-4.6.3-5.34.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"libqt4-sql-sqlite-32bit-4.6.3-5.34.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"libqt4-sql-unixODBC-32bit-4.6.3-5.34.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"libqt4-x11-32bit-4.6.3-5.34.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"libQtWebKit4-4.6.3-5.34.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"libqt4-4.6.3-5.34.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"libqt4-qt3support-4.6.3-5.34.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"libqt4-sql-4.6.3-5.34.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"libqt4-sql-mysql-4.6.3-5.34.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"libqt4-sql-postgresql-4.6.3-5.34.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"libqt4-sql-sqlite-4.6.3-5.34.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"libqt4-sql-unixODBC-4.6.3-5.34.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"libqt4-x11-4.6.3-5.34.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libqt4\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:13:44", "description": "Fix CVE-2015-0295, CVE-2015-1858, CVE-2015-1859 and CVE-2015-1860\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 15, "published": "2015-05-05T00:00:00", "title": "Fedora 21 : mingw-qt5-qtbase-5.4.1-2.fc21 (2015-6925)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1858", "CVE-2015-1859", "CVE-2015-0295", "CVE-2015-1860"], "modified": "2015-05-05T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:21", "p-cpe:/a:fedoraproject:fedora:mingw-qt5-qtbase"], "id": "FEDORA_2015-6925.NASL", "href": "https://www.tenable.com/plugins/nessus/83241", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-6925.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83241);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2015-6925\");\n\n script_name(english:\"Fedora 21 : mingw-qt5-qtbase-5.4.1-2.fc21 (2015-6925)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix CVE-2015-0295, CVE-2015-1858, CVE-2015-1859 and CVE-2015-1860\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-May/157203.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e8f04ba8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-qt5-qtbase package.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-qt5-qtbase\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"mingw-qt5-qtbase-5.4.1-2.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-qt5-qtbase\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T09:10:47", "description": "New qt packages are available for Slackware 14.1, and -current to fix\nsecurity issues.", "edition": 23, "published": "2015-04-22T00:00:00", "title": "Slackware 14.1 / current : qt (SSA:2015-111-13)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1858", "CVE-2015-1859", "CVE-2015-0295", "CVE-2015-1860"], "modified": "2015-04-22T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:14.1", "p-cpe:/a:slackware:slackware_linux:qt", "cpe:/o:slackware:slackware_linux"], "id": "SLACKWARE_SSA_2015-111-13.NASL", "href": "https://www.tenable.com/plugins/nessus/82926", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2015-111-13. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82926);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-0295\", \"CVE-2015-1858\", \"CVE-2015-1859\", \"CVE-2015-1860\");\n script_bugtraq_id(73029);\n script_xref(name:\"SSA\", value:\"2015-111-13\");\n\n script_name(english:\"Slackware 14.1 / current : qt (SSA:2015-111-13)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New qt packages are available for Slackware 14.1, and -current to fix\nsecurity issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.357024\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0dc126a2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qt package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:qt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.1\", pkgname:\"qt\", pkgver:\"4.8.6\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"qt\", pkgver:\"4.8.6\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"qt\", pkgver:\"4.8.6\", pkgarch:\"i486\", pkgnum:\"2\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"qt\", pkgver:\"4.8.6\", pkgarch:\"x86_64\", pkgnum:\"2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T14:22:56", "description": "The libqt4 library was updated to fix several security and non\nsecurity issues.\n\nThe following vulnerabilities were fixed :\n\n - bsc#921999: CVE-2015-0295: division by zero when\n processing malformed BMP files\n\n - bsc#927806: CVE-2015-1858: segmentation fault in BMP Qt\n Image Format Handling\n\n - bsc#927807: CVE-2015-1859: segmentation fault in ICO Qt\n Image Format Handling\n\n - bsc#927808: CVE-2015-1860: segmentation fault in GIF Qt\n Image Format Handling\n\nThe following non-secuirty issues were fixed :\n\n - bsc#929688: Critical Problem in Qt Network Stack\n\n - bsc#847880: kde/qt rendering error in qemu cirrus i586\n\n - Update use-freetype-default.diff to use same method as\n with libqt5-qtbase package: Qt itself already does\n runtime check whether subpixel rendering is available,\n but only when FT_CONFIG_OPTION_SUBPIXEL_RENDERING is\n defined. Thus it is enough to only remove that condition\n\n - The -devel subpackage requires Mesa-devel, not only at\n build time\n\n - Fixed compilation on SLE_11_SP3 by making it build\n against Mesa-devel on that system\n\n - Replace patch l-qclipboard_fix_recursive.patch with\n qtcore-4.8.5-qeventdispatcher-recursive.patch. The later\n one seems to work better and really resolves the issue\n in LibreOffice\n\n - Added kde4_qt_plugin_path.patch, so kde4 plugins are\n magically found/known outside kde4 enviroment/session\n\n - added _constraints. building took up to 7GB of disk\n space on s390x, and more than 6GB on x86_64\n\n - Add 3 patches for Qt bugs to make LibreOffice KDE4 file\n picker work properly again :\n\n - Add glib-honor-ExcludeSocketNotifiers-flag.diff\n (QTBUG-37380)\n\n - Add l-qclipboard_fix_recursive.patch (QTBUG-34614)\n\n - Add l-qclipboard_delay.patch (QTBUG-38585)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2015-08-13T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : libqt4 (SUSE-SU-2015:1359-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1858", "CVE-2015-1859", "CVE-2015-0295", "CVE-2015-1860"], "modified": "2015-08-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libqt4-x11", "p-cpe:/a:novell:suse_linux:libqt4-sql-sqlite", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:qt4-x11-tools-debuginfo", "p-cpe:/a:novell:suse_linux:libqt4-x11-debuginfo", "p-cpe:/a:novell:suse_linux:libqt4-sql-postgresql", "p-cpe:/a:novell:suse_linux:libqt4-debugsource", "p-cpe:/a:novell:suse_linux:qt4-x11-tools", "p-cpe:/a:novell:suse_linux:libqt4-sql", "p-cpe:/a:novell:suse_linux:libqt4-qt3support-debuginfo", "p-cpe:/a:novell:suse_linux:libqt4-sql-unixODBC", "p-cpe:/a:novell:suse_linux:libqt4-sql-sqlite-debuginfo", "p-cpe:/a:novell:suse_linux:libqt4-devel-doc-debuginfo", "p-cpe:/a:novell:suse_linux:libqt4-qt3support", "p-cpe:/a:novell:suse_linux:libqt4-devel-doc-debugsource", "p-cpe:/a:novell:suse_linux:libqt4", "p-cpe:/a:novell:suse_linux:libqt4-sql-debuginfo", "p-cpe:/a:novell:suse_linux:libqt4-sql-mysql", "p-cpe:/a:novell:suse_linux:libqt4-debuginfo"], "id": "SUSE_SU-2015-1359-1.NASL", "href": "https://www.tenable.com/plugins/nessus/85374", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1359-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85374);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-0295\", \"CVE-2015-1858\", \"CVE-2015-1859\", \"CVE-2015-1860\");\n script_bugtraq_id(73029, 74302, 74307, 74309, 74310);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : libqt4 (SUSE-SU-2015:1359-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The libqt4 library was updated to fix several security and non\nsecurity issues.\n\nThe following vulnerabilities were fixed :\n\n - bsc#921999: CVE-2015-0295: division by zero when\n processing malformed BMP files\n\n - bsc#927806: CVE-2015-1858: segmentation fault in BMP Qt\n Image Format Handling\n\n - bsc#927807: CVE-2015-1859: segmentation fault in ICO Qt\n Image Format Handling\n\n - bsc#927808: CVE-2015-1860: segmentation fault in GIF Qt\n Image Format Handling\n\nThe following non-secuirty issues were fixed :\n\n - bsc#929688: Critical Problem in Qt Network Stack\n\n - bsc#847880: kde/qt rendering error in qemu cirrus i586\n\n - Update use-freetype-default.diff to use same method as\n with libqt5-qtbase package: Qt itself already does\n runtime check whether subpixel rendering is available,\n but only when FT_CONFIG_OPTION_SUBPIXEL_RENDERING is\n defined. Thus it is enough to only remove that condition\n\n - The -devel subpackage requires Mesa-devel, not only at\n build time\n\n - Fixed compilation on SLE_11_SP3 by making it build\n against Mesa-devel on that system\n\n - Replace patch l-qclipboard_fix_recursive.patch with\n qtcore-4.8.5-qeventdispatcher-recursive.patch. The later\n one seems to work better and really resolves the issue\n in LibreOffice\n\n - Added kde4_qt_plugin_path.patch, so kde4 plugins are\n magically found/known outside kde4 enviroment/session\n\n - added _constraints. building took up to 7GB of disk\n space on s390x, and more than 6GB on x86_64\n\n - Add 3 patches for Qt bugs to make LibreOffice KDE4 file\n picker work properly again :\n\n - Add glib-honor-ExcludeSocketNotifiers-flag.diff\n (QTBUG-37380)\n\n - Add l-qclipboard_fix_recursive.patch (QTBUG-34614)\n\n - Add l-qclipboard_delay.patch (QTBUG-38585)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=847880\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=921999\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=927806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=927807\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=927808\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=929688\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-0295/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1858/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1859/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1860/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151359-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?376c25ed\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12 :\n\nzypper in -t patch SUSE-SLE-WE-12-2015-380=1\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2015-380=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2015-380=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-380=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-devel-doc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-devel-doc-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-qt3support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-qt3support-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-sql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-sql-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-sql-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-sql-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-sql-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-sql-unixODBC\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-x11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qt4-x11-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qt4-x11-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libqt4-4.8.6-4.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libqt4-debuginfo-4.8.6-4.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libqt4-debugsource-4.8.6-4.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libqt4-devel-doc-debuginfo-4.8.6-4.6\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libqt4-devel-doc-debugsource-4.8.6-4.6\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libqt4-qt3support-4.8.6-4.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libqt4-qt3support-debuginfo-4.8.6-4.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libqt4-sql-4.8.6-4.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libqt4-sql-debuginfo-4.8.6-4.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libqt4-sql-mysql-4.8.6-4.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libqt4-sql-sqlite-4.8.6-4.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libqt4-sql-sqlite-debuginfo-4.8.6-4.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libqt4-x11-4.8.6-4.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libqt4-x11-debuginfo-4.8.6-4.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"qt4-x11-tools-4.8.6-4.6\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"qt4-x11-tools-debuginfo-4.8.6-4.6\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libqt4-32bit-4.8.6-4.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libqt4-debuginfo-32bit-4.8.6-4.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libqt4-qt3support-32bit-4.8.6-4.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libqt4-qt3support-debuginfo-32bit-4.8.6-4.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libqt4-sql-32bit-4.8.6-4.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libqt4-sql-debuginfo-32bit-4.8.6-4.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libqt4-x11-32bit-4.8.6-4.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libqt4-x11-debuginfo-32bit-4.8.6-4.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libqt4-32bit-4.8.6-4.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libqt4-4.8.6-4.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libqt4-debuginfo-32bit-4.8.6-4.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libqt4-debuginfo-4.8.6-4.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libqt4-debugsource-4.8.6-4.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libqt4-qt3support-32bit-4.8.6-4.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libqt4-qt3support-4.8.6-4.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libqt4-qt3support-debuginfo-32bit-4.8.6-4.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libqt4-qt3support-debuginfo-4.8.6-4.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libqt4-sql-32bit-4.8.6-4.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libqt4-sql-4.8.6-4.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libqt4-sql-debuginfo-32bit-4.8.6-4.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libqt4-sql-debuginfo-4.8.6-4.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libqt4-sql-mysql-32bit-4.8.6-4.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libqt4-sql-mysql-4.8.6-4.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libqt4-sql-postgresql-32bit-4.8.6-4.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libqt4-sql-postgresql-4.8.6-4.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libqt4-sql-sqlite-32bit-4.8.6-4.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libqt4-sql-sqlite-4.8.6-4.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libqt4-sql-sqlite-debuginfo-32bit-4.8.6-4.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libqt4-sql-sqlite-debuginfo-4.8.6-4.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libqt4-sql-unixODBC-32bit-4.8.6-4.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libqt4-sql-unixODBC-4.8.6-4.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libqt4-x11-32bit-4.8.6-4.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libqt4-x11-4.8.6-4.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libqt4-x11-debuginfo-32bit-4.8.6-4.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libqt4-x11-debuginfo-4.8.6-4.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libqt4\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T14:22:57", "description": "This security update fixes the following issues :\n\n - Add\n libqt5-Fix-a-division-by-zero-processing-malformed-BMP.p\n atch\n\n - QTBUG-44547, bsc#921999 (CVE-2015-0295)\n\n - Add\n libqt5-Fixes-crash-in-bmp-and-ico-image-decoding.patch\n\n - bsc#927806 (CVE-2015-1858), bsc#927807 (CVE-2015-1859)\n\n - Add libqt5-Fixes-crash-in-gif-image-decoder.patch\n\n - bsc#927808 (CVE-2015-1860)\n\n - Add libqt5-fix-use-after-free-bug.patch from upstream\n\n - fixes the use-after-free bug in backingstore, boo#870151\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2015-08-18T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : libqt5-qtbase (SUSE-SU-2015:1383-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1858", "CVE-2015-1859", "CVE-2015-0295", "CVE-2015-1860"], "modified": "2015-08-18T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libqt5-qtbase-debugsource", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:libQt5DBus5", "p-cpe:/a:novell:suse_linux:libQt5Core5", "p-cpe:/a:novell:suse_linux:libQt5Widgets5", "p-cpe:/a:novell:suse_linux:libQt5Gui5", "p-cpe:/a:novell:suse_linux:libQt5DBus5-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5Gui5-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5Core5-debuginfo", "p-cpe:/a:novell:suse_linux:libQt5Widgets5-debuginfo"], "id": "SUSE_SU-2015-1383-1.NASL", "href": "https://www.tenable.com/plugins/nessus/85504", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1383-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85504);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-0295\", \"CVE-2015-1858\", \"CVE-2015-1859\", \"CVE-2015-1860\");\n script_bugtraq_id(73029, 74302, 74307, 74309, 74310);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : libqt5-qtbase (SUSE-SU-2015:1383-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This security update fixes the following issues :\n\n - Add\n libqt5-Fix-a-division-by-zero-processing-malformed-BMP.p\n atch\n\n - QTBUG-44547, bsc#921999 (CVE-2015-0295)\n\n - Add\n libqt5-Fixes-crash-in-bmp-and-ico-image-decoding.patch\n\n - bsc#927806 (CVE-2015-1858), bsc#927807 (CVE-2015-1859)\n\n - Add libqt5-Fixes-crash-in-gif-image-decoder.patch\n\n - bsc#927808 (CVE-2015-1860)\n\n - Add libqt5-fix-use-after-free-bug.patch from upstream\n\n - fixes the use-after-free bug in backingstore, boo#870151\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=870151\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=921999\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=927806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=927807\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=927808\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-0295/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1858/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1859/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1860/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151383-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4139d95e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2015-399=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2015-399=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-399=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Core5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Core5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5DBus5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5DBus5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Gui5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Gui5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Widgets5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Widgets5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt5-qtbase-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libQt5Core5-5.3.1-4.4.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libQt5Core5-debuginfo-5.3.1-4.4.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libQt5DBus5-5.3.1-4.4.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libQt5DBus5-debuginfo-5.3.1-4.4.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libQt5Gui5-5.3.1-4.4.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libQt5Gui5-debuginfo-5.3.1-4.4.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libQt5Widgets5-5.3.1-4.4.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libQt5Widgets5-debuginfo-5.3.1-4.4.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libqt5-qtbase-debugsource-5.3.1-4.4.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libQt5Core5-5.3.1-4.4.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libQt5Core5-debuginfo-5.3.1-4.4.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libQt5DBus5-5.3.1-4.4.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libQt5DBus5-debuginfo-5.3.1-4.4.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libQt5Gui5-5.3.1-4.4.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libQt5Gui5-debuginfo-5.3.1-4.4.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libQt5Widgets5-5.3.1-4.4.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libQt5Widgets5-debuginfo-5.3.1-4.4.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libqt5-qtbase-debugsource-5.3.1-4.4.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libqt5-qtbase\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T15:28:53", "description": "Wolfgang Schenk discovered that Qt incorrectly handled certain\nmalformed GIF images. If a user or automated system were tricked into\nopening a specially crafted GIF image, a remote attacker could use\nthis issue to cause Qt to crash, resulting in a denial of service.\nThis issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.\n(CVE-2014-0190)\n\nFabian Vogt discovered that Qt incorrectly handled certain malformed\nBMP images. If a user or automated system were tricked into opening a\nspecially crafted BMP image, a remote attacker could use this issue to\ncause Qt to crash, resulting in a denial of service. (CVE-2015-0295)\n\nRichard Moore and Fabian Vogt discovered that Qt incorrectly handled\ncertain malformed BMP images. If a user or automated system were\ntricked into opening a specially crafted BMP image, a remote attacker\ncould use this issue to cause Qt to crash, resulting in a denial of\nservice, or possibly execute arbitrary code. (CVE-2015-1858)\n\nRichard Moore and Fabian Vogt discovered that Qt incorrectly handled\ncertain malformed ICO images. If a user or automated system were\ntricked into opening a specially crafted ICO image, a remote attacker\ncould use this issue to cause Qt to crash, resulting in a denial of\nservice, or possibly execute arbitrary code. (CVE-2015-1859)\n\nRichard Moore and Fabian Vogt discovered that Qt incorrectly handled\ncertain malformed GIF images. If a user or automated system were\ntricked into opening a specially crafted GIF image, a remote attacker\ncould use this issue to cause Qt to crash, resulting in a denial of\nservice, or possibly execute arbitrary code. (CVE-2015-1860).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 22, "published": "2015-06-04T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : qt4-x11, qtbase-opensource-src vulnerabilities (USN-2626-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1858", "CVE-2015-1859", "CVE-2014-0190", "CVE-2015-0295", "CVE-2015-1860"], "modified": "2015-06-04T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libqtgui4", "cpe:/o:canonical:ubuntu_linux:15.04", "p-cpe:/a:canonical:ubuntu_linux:libqt5gui5", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2626-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83989", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2626-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83989);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-0190\", \"CVE-2015-0295\", \"CVE-2015-1858\", \"CVE-2015-1859\", \"CVE-2015-1860\");\n script_bugtraq_id(67087, 73029, 74302, 74307, 74309, 74310);\n script_xref(name:\"USN\", value:\"2626-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : qt4-x11, qtbase-opensource-src vulnerabilities (USN-2626-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Wolfgang Schenk discovered that Qt incorrectly handled certain\nmalformed GIF images. If a user or automated system were tricked into\nopening a specially crafted GIF image, a remote attacker could use\nthis issue to cause Qt to crash, resulting in a denial of service.\nThis issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.\n(CVE-2014-0190)\n\nFabian Vogt discovered that Qt incorrectly handled certain malformed\nBMP images. If a user or automated system were tricked into opening a\nspecially crafted BMP image, a remote attacker could use this issue to\ncause Qt to crash, resulting in a denial of service. (CVE-2015-0295)\n\nRichard Moore and Fabian Vogt discovered that Qt incorrectly handled\ncertain malformed BMP images. If a user or automated system were\ntricked into opening a specially crafted BMP image, a remote attacker\ncould use this issue to cause Qt to crash, resulting in a denial of\nservice, or possibly execute arbitrary code. (CVE-2015-1858)\n\nRichard Moore and Fabian Vogt discovered that Qt incorrectly handled\ncertain malformed ICO images. If a user or automated system were\ntricked into opening a specially crafted ICO image, a remote attacker\ncould use this issue to cause Qt to crash, resulting in a denial of\nservice, or possibly execute arbitrary code. (CVE-2015-1859)\n\nRichard Moore and Fabian Vogt discovered that Qt incorrectly handled\ncertain malformed GIF images. If a user or automated system were\ntricked into opening a specially crafted GIF image, a remote attacker\ncould use this issue to cause Qt to crash, resulting in a denial of\nservice, or possibly execute arbitrary code. (CVE-2015-1860).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2626-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libqt5gui5 and / or libqtgui4 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libqt5gui5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libqtgui4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|14\\.10|15\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 14.10 / 15.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libqtgui4\", pkgver:\"4:4.8.1-0ubuntu4.9\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libqt5gui5\", pkgver:\"5.2.1+dfsg-1ubuntu14.3\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libqtgui4\", pkgver:\"4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"libqt5gui5\", pkgver:\"5.3.0+dfsg-2ubuntu9.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"libqtgui4\", pkgver:\"4:4.8.6+git49-gbc62005+dfsg-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"libqt5gui5\", pkgver:\"5.4.1+dfsg-2ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"libqtgui4\", pkgver:\"4:4.8.6+git64-g5dc8b2b+dfsg-3~ubuntu6.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libqt5gui5 / libqtgui4\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:42:06", "description": "This update fixes multiple security issues in the Qt library.\n\nCVE-2013-0254\n\nThe QSharedMemory class uses weak permissions (world-readable and\nworld-writable) for shared memory segments, which allows local users\nto read sensitive information or modify critical program data, as\ndemonstrated by reading a pixmap being sent to an X server.\n\nCVE-2015-0295 / CVE-2015-1858 / CVE-2015-1859 / CVE-2015-1860\n\nDenial of service (via segmentation faults) through crafted images\n(BMP, GIF, ICO).\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 14, "published": "2015-05-01T00:00:00", "title": "Debian DLA-210-1 : qt4-x11 security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0254", "CVE-2015-1858", "CVE-2015-1859", "CVE-2015-0295", "CVE-2015-1860"], "modified": "2015-05-01T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:libqt4-sql-tds", "p-cpe:/a:debian:debian_linux:libqt4-dbg", "p-cpe:/a:debian:debian_linux:libqt4-script", "p-cpe:/a:debian:debian_linux:libqt4-sql", "p-cpe:/a:debian:debian_linux:libqt4-opengl-dev", "p-cpe:/a:debian:debian_linux:libqt4-sql-psql", "p-cpe:/a:debian:debian_linux:libqt4-opengl", "p-cpe:/a:debian:debian_linux:libqt4-xmlpatterns", "p-cpe:/a:debian:debian_linux:libqt4-qt3support", "p-cpe:/a:debian:debian_linux:qt4-qmake", "p-cpe:/a:debian:debian_linux:libqt4-core", "p-cpe:/a:debian:debian_linux:libqt4-multimedia", "p-cpe:/a:debian:debian_linux:qt4-dev-tools", "p-cpe:/a:debian:debian_linux:libqt4-sql-odbc", "p-cpe:/a:debian:debian_linux:libqt4-scripttools", "p-cpe:/a:debian:debian_linux:libqt4-help", "p-cpe:/a:debian:debian_linux:qt4-qtconfig", "p-cpe:/a:debian:debian_linux:libqt4-dbus", "p-cpe:/a:debian:debian_linux:libqt4-assistant", "p-cpe:/a:debian:debian_linux:libqt4-sql-sqlite2", "p-cpe:/a:debian:debian_linux:libqt4-webkit-dbg", "p-cpe:/a:debian:debian_linux:libqt4-sql-mysql", "p-cpe:/a:debian:debian_linux:libqt4-webkit", "p-cpe:/a:debian:debian_linux:libqt4-sql-ibase", "p-cpe:/a:debian:debian_linux:qt4-designer", "p-cpe:/a:debian:debian_linux:qt4-doc", "p-cpe:/a:debian:debian_linux:libqt4-gui", "p-cpe:/a:debian:debian_linux:qt4-demos", "p-cpe:/a:debian:debian_linux:libqt4-network", "p-cpe:/a:debian:debian_linux:libqt4-xml", "p-cpe:/a:debian:debian_linux:libqt4-dev", "p-cpe:/a:debian:debian_linux:libqtgui4", "p-cpe:/a:debian:debian_linux:libqt4-svg", "p-cpe:/a:debian:debian_linux:libqt4-xmlpatterns-dbg", "p-cpe:/a:debian:debian_linux:qt4-doc-html", "p-cpe:/a:debian:debian_linux:libqtcore4", "p-cpe:/a:debian:debian_linux:libqt4-designer", "p-cpe:/a:debian:debian_linux:libqt4-test", "p-cpe:/a:debian:debian_linux:libqt4-phonon", "p-cpe:/a:debian:debian_linux:libqt4-sql-sqlite", "p-cpe:/a:debian:debian_linux:qt4-demos-dbg"], "id": "DEBIAN_DLA-210.NASL", "href": "https://www.tenable.com/plugins/nessus/83164", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-210-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83164);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-0254\", \"CVE-2015-0295\", \"CVE-2015-1858\", \"CVE-2015-1859\", \"CVE-2015-1860\");\n script_bugtraq_id(57772, 73029, 74302, 74307, 74309, 74310);\n\n script_name(english:\"Debian DLA-210-1 : qt4-x11 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes multiple security issues in the Qt library.\n\nCVE-2013-0254\n\nThe QSharedMemory class uses weak permissions (world-readable and\nworld-writable) for shared memory segments, which allows local users\nto read sensitive information or modify critical program data, as\ndemonstrated by reading a pixmap being sent to an X server.\n\nCVE-2015-0295 / CVE-2015-1858 / CVE-2015-1859 / CVE-2015-1860\n\nDenial of service (via segmentation faults) through crafted images\n(BMP, GIF, ICO).\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/04/msg00026.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/qt4-x11\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-assistant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-dbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-designer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-help\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-multimedia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-opengl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-opengl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-phonon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-qt3support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-script\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-scripttools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-sql-ibase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-sql-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-sql-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-sql-psql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-sql-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-sql-sqlite2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-sql-tds\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-svg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-webkit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-webkit-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-xmlpatterns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-xmlpatterns-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqtcore4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqtgui4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt4-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt4-demos-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt4-designer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt4-dev-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt4-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt4-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt4-qmake\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt4-qtconfig\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libqt4-assistant\", reference:\"4:4.6.3-4+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libqt4-core\", reference:\"4:4.6.3-4+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libqt4-dbg\", reference:\"4:4.6.3-4+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libqt4-dbus\", reference:\"4:4.6.3-4+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libqt4-designer\", reference:\"4:4.6.3-4+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libqt4-dev\", reference:\"4:4.6.3-4+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libqt4-gui\", reference:\"4:4.6.3-4+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libqt4-help\", reference:\"4:4.6.3-4+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libqt4-multimedia\", reference:\"4:4.6.3-4+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libqt4-network\", reference:\"4:4.6.3-4+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libqt4-opengl\", reference:\"4:4.6.3-4+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libqt4-opengl-dev\", reference:\"4:4.6.3-4+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libqt4-phonon\", reference:\"4:4.6.3-4+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libqt4-qt3support\", reference:\"4:4.6.3-4+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libqt4-script\", reference:\"4:4.6.3-4+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libqt4-scripttools\", reference:\"4:4.6.3-4+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libqt4-sql\", reference:\"4:4.6.3-4+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libqt4-sql-ibase\", reference:\"4:4.6.3-4+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libqt4-sql-mysql\", reference:\"4:4.6.3-4+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libqt4-sql-odbc\", reference:\"4:4.6.3-4+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libqt4-sql-psql\", reference:\"4:4.6.3-4+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libqt4-sql-sqlite\", reference:\"4:4.6.3-4+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libqt4-sql-sqlite2\", reference:\"4:4.6.3-4+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libqt4-sql-tds\", reference:\"4:4.6.3-4+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libqt4-svg\", reference:\"4:4.6.3-4+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libqt4-test\", reference:\"4:4.6.3-4+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libqt4-webkit\", reference:\"4:4.6.3-4+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libqt4-webkit-dbg\", reference:\"4:4.6.3-4+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libqt4-xml\", reference:\"4:4.6.3-4+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libqt4-xmlpatterns\", reference:\"4:4.6.3-4+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libqt4-xmlpatterns-dbg\", reference:\"4:4.6.3-4+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libqtcore4\", reference:\"4:4.6.3-4+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libqtgui4\", reference:\"4:4.6.3-4+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"qt4-demos\", reference:\"4:4.6.3-4+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"qt4-demos-dbg\", reference:\"4:4.6.3-4+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"qt4-designer\", reference:\"4:4.6.3-4+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"qt4-dev-tools\", reference:\"4:4.6.3-4+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"qt4-doc\", reference:\"4:4.6.3-4+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"qt4-doc-html\", reference:\"4:4.6.3-4+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"qt4-qmake\", reference:\"4:4.6.3-4+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"qt4-qtconfig\", reference:\"4:4.6.3-4+squeeze3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:13:41", "description": "Multiple vulnerabilities were found in Qt image format handling of\nBMP, ICO and GIF files. The issues exposed included denial of service\nand buffer overflows leading to heap corruption. It is possible the\nlatter could be used to perform remote code execution.\n\nSee also\nhttp://lists.qt-project.org/pipermail/announce/2015-April/000067.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 18, "published": "2015-04-27T00:00:00", "title": "Fedora 21 : qt5-qtbase-5.4.1-9.fc21 (2015-6364)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1858", "CVE-2015-1859", "CVE-2015-1860"], "modified": "2015-04-27T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:qt5-qtbase", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2015-6364.NASL", "href": "https://www.tenable.com/plugins/nessus/83072", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-6364.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83072);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-1858\", \"CVE-2015-1859\", \"CVE-2015-1860\");\n script_xref(name:\"FEDORA\", value:\"2015-6364\");\n\n script_name(english:\"Fedora 21 : qt5-qtbase-5.4.1-9.fc21 (2015-6364)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were found in Qt image format handling of\nBMP, ICO and GIF files. The issues exposed included denial of service\nand buffer overflows leading to heap corruption. It is possible the\nlatter could be used to perform remote code execution.\n\nSee also\nhttp://lists.qt-project.org/pipermail/announce/2015-April/000067.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://lists.qt-project.org/pipermail/announce/2015-April/000067.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.qt-project.org/pipermail/announce/2015-April/000067.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1210673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1210674\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1210675\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bce77ef2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected qt5-qtbase package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:qt5-qtbase\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"qt5-qtbase-5.4.1-9.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt5-qtbase\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:13:42", "description": "This update fixes CVE-2015-1860, a buffer overflow when loading some\nspecific invalid GIF image files, which could be exploited for denial\nof service (application crash) and possibly even arbitrary code\nexecution attacks. The security patch is backported from Qt 4.\n\n(Please note that Qt 3 is NOT vulnerable to the simultaneously\npublished issues CVE-2015-1858 and CVE-2015-1859.)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "published": "2015-05-04T00:00:00", "title": "Fedora 21 : qt3-3.3.8b-63.fc21 (2015-6661)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1858", "CVE-2015-1859", "CVE-2015-1860"], "modified": "2015-05-04T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:21", "p-cpe:/a:fedoraproject:fedora:qt3"], "id": "FEDORA_2015-6661.NASL", "href": "https://www.tenable.com/plugins/nessus/83206", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-6661.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83206);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-1860\");\n script_xref(name:\"FEDORA\", value:\"2015-6661\");\n\n script_name(english:\"Fedora 21 : qt3-3.3.8b-63.fc21 (2015-6661)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes CVE-2015-1860, a buffer overflow when loading some\nspecific invalid GIF image files, which could be exploited for denial\nof service (application crash) and possibly even arbitrary code\nexecution attacks. The security patch is backported from Qt 4.\n\n(Please note that Qt 3 is NOT vulnerable to the simultaneously\npublished issues CVE-2015-1858 and CVE-2015-1859.)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1210675\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-May/156761.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?61e4f167\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qt3 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:qt3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"qt3-3.3.8b-63.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt3\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2021-02-02T06:21:22", "description": "Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image.", "edition": 6, "cvss3": {}, "published": "2015-05-12T19:59:00", "title": "CVE-2015-1858", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1858"], "modified": "2016-12-31T02:59:00", "cpe": ["cpe:/a:digia:qt:4.8.6", "cpe:/a:digia:qt:5.2.1", "cpe:/a:digia:qt:5.1.0", "cpe:/o:fedoraproject:fedora:21", "cpe:/a:digia:qt:5.0.1", "cpe:/a:digia:qt:5.0.0", "cpe:/o:fedoraproject:fedora:20", "cpe:/a:digia:qt:5.4.1", "cpe:/o:fedoraproject:fedora:22", "cpe:/a:digia:qt:5.3.0", "cpe:/a:digia:qt:5.2.0", "cpe:/a:digia:qt:5.0.2"], "id": "CVE-2015-1858", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1858", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "cpe:2.3:a:digia:qt:4.8.6:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe:2.3:a:digia:qt:5.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:digia:qt:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:digia:qt:5.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:digia:qt:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:digia:qt:5.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:digia:qt:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "cpe:2.3:a:digia:qt:5.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:digia:qt:5.3.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:21:22", "description": "Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image.", "edition": 6, "cvss3": {}, "published": "2015-05-12T19:59:00", "title": "CVE-2015-1859", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1859"], "modified": "2016-12-31T02:59:00", "cpe": ["cpe:/a:digia:qt:4.8.6", "cpe:/a:digia:qt:5.2.1", "cpe:/a:digia:qt:5.1.0", "cpe:/o:fedoraproject:fedora:21", "cpe:/a:digia:qt:5.0.1", "cpe:/a:digia:qt:5.0.0", "cpe:/o:fedoraproject:fedora:20", "cpe:/a:digia:qt:5.4.1", "cpe:/o:fedoraproject:fedora:22", "cpe:/a:digia:qt:5.3.0", "cpe:/a:digia:qt:5.2.0", "cpe:/a:digia:qt:5.0.2"], "id": "CVE-2015-1859", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1859", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "cpe:2.3:a:digia:qt:4.8.6:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe:2.3:a:digia:qt:5.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:digia:qt:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:digia:qt:5.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:digia:qt:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:digia:qt:5.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:digia:qt:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "cpe:2.3:a:digia:qt:5.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:digia:qt:5.3.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:21:20", "description": "The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file.", "edition": 6, "cvss3": {}, "published": "2015-03-25T14:59:00", "title": "CVE-2015-0295", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0295"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/o:opensuse:opensuse:13.1", "cpe:/o:fedoraproject:fedora:21", "cpe:/o:fedoraproject:fedora:20", "cpe:/a:digia:qt:5.4.1", "cpe:/o:fedoraproject:fedora:22"], "id": "CVE-2015-0295", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0295", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:a:digia:qt:5.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:21:22", "description": "Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.", "edition": 6, "cvss3": {}, "published": "2015-05-12T19:59:00", "title": "CVE-2015-1860", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1860"], "modified": "2016-12-31T02:59:00", "cpe": ["cpe:/a:digia:qt:4.8.6", "cpe:/a:digia:qt:5.2.1", "cpe:/a:digia:qt:5.1.0", "cpe:/o:fedoraproject:fedora:21", "cpe:/a:digia:qt:5.0.1", "cpe:/a:digia:qt:5.0.0", "cpe:/o:fedoraproject:fedora:20", "cpe:/a:digia:qt:5.4.1", "cpe:/o:fedoraproject:fedora:22", "cpe:/a:digia:qt:5.3.0", "cpe:/a:digia:qt:5.2.0", "cpe:/a:digia:qt:5.0.2"], "id": "CVE-2015-1860", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1860", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "cpe:2.3:a:digia:qt:4.8.6:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe:2.3:a:digia:qt:5.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:digia:qt:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:digia:qt:5.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:digia:qt:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:digia:qt:5.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:digia:qt:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "cpe:2.3:a:digia:qt:5.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:digia:qt:5.3.0:*:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-02T11:38:55", "bulletinFamily": "unix", "cvelist": ["CVE-2015-1858", "CVE-2015-1859", "CVE-2014-0190", "CVE-2015-0295", "CVE-2015-1860"], "description": "Wolfgang Schenk discovered that Qt incorrectly handled certain malformed \nGIF images. If a user or automated system were tricked into opening a \nspecially crafted GIF image, a remote attacker could use this issue to \ncause Qt to crash, resulting in a denial of service. This issue only \napplied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-0190)\n\nFabian Vogt discovered that Qt incorrectly handled certain malformed BMP \nimages. If a user or automated system were tricked into opening a specially \ncrafted BMP image, a remote attacker could use this issue to cause Qt to \ncrash, resulting in a denial of service. (CVE-2015-0295)\n\nRichard Moore and Fabian Vogt discovered that Qt incorrectly handled \ncertain malformed BMP images. If a user or automated system were tricked \ninto opening a specially crafted BMP image, a remote attacker could use \nthis issue to cause Qt to crash, resulting in a denial of service, or \npossibly execute arbitrary code. (CVE-2015-1858)\n\nRichard Moore and Fabian Vogt discovered that Qt incorrectly handled \ncertain malformed ICO images. If a user or automated system were tricked \ninto opening a specially crafted ICO image, a remote attacker could use \nthis issue to cause Qt to crash, resulting in a denial of service, or \npossibly execute arbitrary code. (CVE-2015-1859)\n\nRichard Moore and Fabian Vogt discovered that Qt incorrectly handled \ncertain malformed GIF images. If a user or automated system were tricked \ninto opening a specially crafted GIF image, a remote attacker could use \nthis issue to cause Qt to crash, resulting in a denial of service, or \npossibly execute arbitrary code. (CVE-2015-1860)", "edition": 5, "modified": "2015-06-03T00:00:00", "published": "2015-06-03T00:00:00", "id": "USN-2626-1", "href": "https://ubuntu.com/security/notices/USN-2626-1", "title": "Qt vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-11-11T13:28:30", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0254", "CVE-2015-1858", "CVE-2015-1859", "CVE-2015-0295", "CVE-2015-1860"], "description": "Package : qt4-x11\nVersion : 4:4.6.3-4+squeeze3\nCVE ID : CVE-2013-0254 CVE-2015-0295 CVE-2015-1858 CVE-2015-1859 \n CVE-2015-1860\nDebian Bug : 779550 783133\n\nThis update fixes multiple security issues in the Qt library.\n\nCVE-2013-0254\n\n The QSharedMemory class uses weak permissions (world-readable and\n world-writable) for shared memory segments, which allows local users\n to read sensitive information or modify critical program data, as\n demonstrated by reading a pixmap being sent to an X server.\n\nCVE-2015-0295 / CVE-2015-1858 / CVE-2015-1859 / CVE-2015-1860\n\n Denial of service (via segmentation faults) through crafted\n images (BMP, GIF, ICO).\n\n-- \nRapha\u00ebl Hertzog \u25c8 Debian Developer\n\nSupport Debian LTS: http://www.freexian.com/services/debian-lts.html\nLearn to master Debian: http://debian-handbook.info/get/\n", "edition": 9, "modified": "2015-04-30T11:59:40", "published": "2015-04-30T11:59:40", "id": "DEBIAN:DLA-210-1:A47BC", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201504/msg00026.html", "title": "[SECURITY] [DLA 210-1] qt4-x11 security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:17", "bulletinFamily": "unix", "cvelist": ["CVE-2015-1858", "CVE-2015-1859", "CVE-2015-1860"], "description": "\nRichard J. Moore reports:\n\nDue to two recent vulnerabilities identified in the built-in image\n\t format handling code, it was decided that this area required further\n\t testing to determine if further issues remained. Fuzzing using\n\t afl-fuzz located a number of issues in the handling of BMP, ICO and\n\t GIF files. The issues exposed included denial of service and buffer\n\t overflows leading to heap corruption. It is possible the latter could\n\t be used to perform remote code execution.\n\n", "edition": 4, "modified": "2015-04-12T00:00:00", "published": "2015-04-12T00:00:00", "id": "5713BFDA-E27D-11E4-B2CE-5453ED2E2B49", "href": "https://vuxml.freebsd.org/freebsd/5713bfda-e27d-11e4-b2ce-5453ed2e2b49.html", "title": "qt4-imageformats, qt4-gui, qt5-gui -- Multiple Vulnerabilities in Qt Image Format Handling", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:19", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0295"], "description": "\nRichard J. Moore reports:\n\nThe builtin BMP decoder in QtGui prior to Qt 5.5 contained a bug\n\t that would lead to a division by zero when loading certain corrupt\n\t BMP files. This in turn would cause the application loading these\n\t hand crafted BMPs to crash.\n\n", "edition": 5, "modified": "2015-02-22T00:00:00", "published": "2015-02-22T00:00:00", "id": "C9C3374D-C2C1-11E4-B236-5453ED2E2B49", "href": "https://vuxml.freebsd.org/freebsd/c9c3374d-c2c1-11e4-b236-5453ed2e2b49.html", "title": "qt4-gui, qt5-gui -- DoS vulnerability in the BMP image handler", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:56", "bulletinFamily": "unix", "cvelist": ["CVE-2015-1858", "CVE-2015-1859", "CVE-2015-1860"], "description": "### Background\n\nQtGui is the GUI module and platform plugins for the Qt framework\n\n### Description\n\nMultiple buffer overflow vulnerabilities have been discovered in QtGui. It is possible for remote attackers to construct specially crafted BMP, ICO, or GIF images that lead to buffer overflows. After successfully overflowing the buffer the remote attacker can then cause a Denial of Service or execute arbitrary code. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code or cause Denial of Service. \n\n### Workaround\n\nThere is no known work around at this time.\n\n### Resolution\n\nAll QtGui 4.8 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-qt/qtgui-4.8.6-r4\"\n \n\nAll QtGui 5.4 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-qt/qtgui-5.4.1-r1\"", "edition": 1, "modified": "2016-03-12T00:00:00", "published": "2016-03-12T00:00:00", "id": "GLSA-201603-10", "href": "https://security.gentoo.org/glsa/201603-10", "type": "gentoo", "title": "QtGui: Multiple vulnerabilities", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "myhack58": [{"lastseen": "2017-01-14T09:01:33", "bulletinFamily": "info", "cvelist": [], "edition": 1, "description": "Vulnerability background\nQt is a cross-platform graphical interface programming Framework, and its version is less than 4. 8. 7 and 5. x is less than 5. 4. 2 analytical picture of the process for cross-border inspections of improper handling, will result in the memcpy of the process occurs out of bounds error, this vulnerability has been disclosed, but Qt as the underlying library, many based on Qt software and not update, while the Qt cross-platform software is widely used, and therefore there is a significant risk, while the network is not on the PoC, the author through analysis of the written PoC. \nVulnerability causes\nQGIFFormat::nextY()in processing, for cross-border without inspection, the outside is set on a cross-border flag, the interior is still still running, this will be a problem. Code issues, we can control the Qt code Review to take a look. \n! [](/Article/UploadPic/2017-1/2017114470249. png? www. myhack58. com) \n\u6700\u7ec8 \u95ee\u9898 \u5728 /src/gui/image/gifhandler.cpp the QGIFFormat::nextY().memcpy, where we can control the left,so that right-left is less than 0, Then the copy time can be very large, but because such a copy of the data is too large, can only lead to collapse, you can not use. \nvoid QGIFFormat::nextY(unsigned char *bits, int bpl) \n{ \nint my; \nswitch (interlace) {my = qMin(7, bottom-y); \n// Don't dup with transparency \nif (trans_index \nfor (i=1; i \nmemcpy(FAST_SCAN_LINE(bits, bpl, y+i)+left*sizeof(QRgb), FAST_SCAN_LINE(bits, bpl, y)+left*sizeof(QRgb), \n(right-left+1)*sizeof(QRgb)); \n} \n} \n.... \nQGIFFormat::nextY()key at the disassembled code below. \n. text:68F015EE loc_68F015EE: ; CODE XREF: gif_nexty+1EEj \n. text:68F015EE mov esi, [eax+60h] ; left \n. text:68F015F1 lea ebx, ds:0[esi*4] \n. text:68F015F8 lea ecx, [edi+edx] \n. text:68F015FB imul ecx, [ebp+t_bpl] \n. text:68F015FF add ecx, ebx \n. text:68F01601 add ecx, [ebp+arg_4] \n. text:68F01604 mov [ebp+var_10], ecx \n. text:68F01607 mov ecx, [eax+68h] ; right \n. text:68F0160A sub ecx, esi ; right-left \n. text:68F0160C lea ecx, ds:4[ecx*4] \n. text:68F01613 imul edi, [ebp+t_bpl] \n. text:68F01617 lea esi, [edi+ebx] \n. text:68F0161A add esi, [ebp+arg_4] \n. text:68F0161D ; 72: while ( 1 ) \n. text:68F0161D mov edi, [ebp+var_10] \n. text:68F01620 rep movsb ; memcpy \nVulnerability reproduction\nHere is the gif file parsing, so we have to learn gif file format knowledge. On this knowledge, there are many blogs explaining in great detail, we can refer to http://blog. csdn. net/wzy198852/Article/details/17266507 \nNot repeat them here, directly to the everyone A and Qt GIFFormat::decode function inside a variable of the corresponding good example of it. \n! [](/Article/UploadPic/2017-1/2017114470181. png? www. myhack58. com) \nBelow we first look at the source code QGIFFormat::decode()function in the part of the code. From 490 row to the 560 line, here is related to call QGIFFormat::nextY function of the core code, The Middle is mainly a period related to the LZW decoding algorithm, the decoding obtained after GlobalColormap in the index, and the pixel corresponding to the color value is copied to the bits corresponding to the array to go inside. \n\n\n**[1] [[2]](<82823_2.htm>) [[3]](<82823_3.htm>) [[4]](<82823_4.htm>) [[5]](<82823_5.htm>) [next](<82823_2.htm>)**\n", "modified": "2017-01-14T00:00:00", "published": "2017-01-14T00:00:00", "href": "http://www.myhack58.com/Article/html/3/62/2017/82823.htm", "id": "MYHACK58:62201782823", "type": "myhack58", "title": "CVE-2015-1860 analysis: Qt module for processing GIFs cause a crash-bug warning-the black bar safety net", "cvss": {"score": 0.0, "vector": "NONE"}}]}
