DATABASE RESOURCES PRICING ABOUT US

{"id": "UB:CVE-2021-3481", "vendorId": null, "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2021-3481", "description": "A flaw was found in Qt. An out-of-bounds read vulnerability was found in\nQRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in\nQt/Qtbase. While rendering and displaying a crafted Scalable Vector\nGraphics (SVG) file this flaw may lead to an unauthorized memory access.\nThe highest threat from this vulnerability is to data confidentiality and\nthe application availability.\n\n#### Bugs\n\n * <https://bugzilla.redhat.com/show_bug.cgi?id=1931444>\n * <https://bugreports.qt.io/browse/QTBUG-91507>\n * <https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31668>\n", "published": "2021-04-03T00:00:00", "modified": "2021-04-03T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.2}, "href": "https://ubuntu.com/security/CVE-2021-3481", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3481", "https://codereview.qt-project.org/c/qt/qtsvg/+/337587", "https://ubuntu.com/security/notices/USN-5241-1", "https://nvd.nist.gov/vuln/detail/CVE-2021-3481", "https://launchpad.net/bugs/cve/CVE-2021-3481", "https://security-tracker.debian.org/tracker/CVE-2021-3481"], "cvelist": ["CVE-2021-3481"], "immutableFields": [], "lastseen": "2022-10-26T13:36:36", "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:4172"]}, {"type": "cve", "idList": ["CVE-2021-3481"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2885-1:0A4E0", "DEBIAN:DLA-2895-1:B4895"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-3481"]}, {"type": "mageia", "idList": ["MGASA-2021-0262"]}, {"type": "nessus", "idList": ["ALMA_LINUX_ALSA-2021-4172.NASL", "CENTOS8_RHSA-2021-4172.NASL", "DEBIAN_DLA-2885.NASL", "DEBIAN_DLA-2895.NASL", "OPENSUSE-2021-1371.NASL", "OPENSUSE-2021-3354.NASL", "REDHAT-RHSA-2021-4172.NASL", "SUSE_SU-2021-3333-1.NASL", "SUSE_SU-2021-3354-1.NASL", "SUSE_SU-2021-4155-1.NASL", "UBUNTU_USN-5241-1.NASL"]}, {"type": "osv", "idList": ["OSV:DLA-2885-1", "OSV:DLA-2895-1"]}, {"type": "redhat", "idList": ["RHSA-2021:4172", "RHSA-2021:4627", "RHSA-2021:5127", "RHSA-2021:5128", "RHSA-2021:5129", "RHSA-2021:5137", "RHSA-2022:0202", "RHSA-2022:5069"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-3481"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1371-1", "OPENSUSE-SU-2021:3354-1"]}, {"type": "ubuntu", "idList": ["USN-5241-1"]}, {"type": "veracode", "idList": ["VERACODE:33117"]}]}, "score": {"value": 0.8, "vector": "NONE"}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:4172"]}, {"type": "cve", "idList": ["CVE-2021-3481"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2885-1:0A4E0"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-3481"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-2885.NASL", "DEBIAN_DLA-2895.NASL", "OPENSUSE-2021-3354.NASL", "SUSE_SU-2021-3333-1.NASL", "SUSE_SU-2021-3354-1.NASL", "UBUNTU_USN-5241-1.NASL"]}, {"type": "redhat", "idList": ["RHSA-2022:0202"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-3481"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:3354-1"]}, {"type": "ubuntu", "idList": ["USN-5241-1"]}]}, "exploitation": null, "vulnersScore": 0.8}, "_state": {"dependencies": 1666791449, "score": 1666791548}, "_internal": {"score_hash": "f52da1749b2ba3777c880117abc43c8a"}, "affectedPackage": [{"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "qt4-x11"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "qt4-x11"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "qt4-x11"}, {"OS": "ubuntu", "OSVersion": "20.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "qtsvg-opensource-src"}, {"OS": "ubuntu", "OSVersion": "22.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "qtsvg-opensource-src"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "qtsvg-opensource-src"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "qtsvg-opensource-src"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "qtsvg-opensource-src"}], "bugs": ["https://bugzilla.redhat.com/show_bug.cgi?id=1931444", "https://bugreports.qt.io/browse/QTBUG-91507", "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31668"]}

{"almalinux": [{"lastseen": "2022-10-18T17:08:52", "description": "Qt is a software toolkit for developing applications.\n\nThe following packages have been upgraded to a later upstream version: adwaita-qt (1.2.1), python-qt5 (5.15.0), qgnomeplatform (0.7.1), qt5 (5.15.2), qt5-qt3d (5.15.2), qt5-qtbase (5.15.2), qt5-qtconnectivity (5.15.2), qt5-qtdeclarative (5.15.2), qt5-qtdoc (5.15.2), qt5-qtgraphicaleffects (5.15.2), qt5-qtimageformats (5.15.2), qt5-qtlocation (5.15.2), qt5-qtmultimedia (5.15.2), qt5-qtquickcontrols (5.15.2), qt5-qtquickcontrols2 (5.15.2), qt5-qtscript (5.15.2), qt5-qtsensors (5.15.2), qt5-qtserialbus (5.15.2), qt5-qtserialport (5.15.2), qt5-qtsvg (5.15.2), qt5-qttools (5.15.2), qt5-qttranslations (5.15.2), qt5-qtwayland (5.15.2), qt5-qtwebchannel (5.15.2), qt5-qtwebsockets (5.15.2), qt5-qtx11extras (5.15.2), qt5-qtxmlpatterns (5.15.2), sip (4.19.24). (BZ#1928156)\n\nSecurity Fix(es):\n\n* qt: Out of bounds read in function QRadialFetchSimd from crafted svg file (CVE-2021-3481)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2021-11-09T08:31:20", "type": "almalinux", "title": "Moderate: qt5 security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2021-3481"], "modified": "2021-11-12T10:20:56", "id": "ALSA-2021:4172", "href": "https://errata.almalinux.org/8/ALSA-2021-4172.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "mageia": [{"lastseen": "2022-08-25T06:17:18", "description": "An out of bounds read in function QRadialFetchSimd from crafted svg file may lead to information disclosure or other potential consequences. This update includes the backported upstream fix and should resolve the security issue (CVE-2021-3481). \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2021-06-16T20:22:25", "type": "mageia", "title": "Updated qt4 and qtsvg5 packages fix a security vulnerability\n", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2021-3481"], "modified": "2021-06-16T20:22:25", "id": "MGASA-2021-0262", "href": "https://advisories.mageia.org/MGASA-2021-0262.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "redhat": [{"lastseen": "2022-08-25T08:01:39", "description": "Qt is a software toolkit for developing applications.\n\nThe following packages have been upgraded to a later upstream version: adwaita-qt (1.2.1), python-qt5 (5.15.0), qgnomeplatform (0.7.1), qt5 (5.15.2), qt5-qt3d (5.15.2), qt5-qtbase (5.15.2), qt5-qtconnectivity (5.15.2), qt5-qtdeclarative (5.15.2), qt5-qtdoc (5.15.2), qt5-qtgraphicaleffects (5.15.2), qt5-qtimageformats (5.15.2), qt5-qtlocation (5.15.2), qt5-qtmultimedia (5.15.2), qt5-qtquickcontrols (5.15.2), qt5-qtquickcontrols2 (5.15.2), qt5-qtscript (5.15.2), qt5-qtsensors (5.15.2), qt5-qtserialbus (5.15.2), qt5-qtserialport (5.15.2), qt5-qtsvg (5.15.2), qt5-qttools (5.15.2), qt5-qttranslations (5.15.2), qt5-qtwayland (5.15.2), qt5-qtwebchannel (5.15.2), qt5-qtwebsockets (5.15.2), qt5-qtx11extras (5.15.2), qt5-qtxmlpatterns (5.15.2), sip (4.19.24). (BZ#1928156)\n\nSecurity Fix(es):\n\n* qt: Out of bounds read in function QRadialFetchSimd from crafted svg file (CVE-2021-3481)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2021-11-09T08:31:20", "type": "redhat", "title": "(RHSA-2021:4172) Moderate: qt5 security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2021-3481"], "modified": "2021-11-09T14:12:04", "id": "RHSA-2021:4172", "href": "https://access.redhat.com/errata/RHSA-2021:4172", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-12-16T20:43:27", "description": "Openshift Logging Security and Bug Fix Release (5.3.1)\n\nSecurity Fix(es):\n\n* log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)\n\n* netty: Request smuggling via content-length header (CVE-2021-21409)\n\n* netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-14T16:46:20", "type": "redhat", "title": "(RHSA-2021:5129) Moderate: Openshift Logging security and bug update (5.3.1)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-25009", "CVE-2018-25010", "CVE-2018-25012", "CVE-2018-25013", "CVE-2018-25014", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-17594", "CVE-2019-17595", "CVE-2019-18218", "CVE-2019-19603", "CVE-2019-20838", "CVE-2019-5827", "CVE-2020-12762", "CVE-2020-13435", "CVE-2020-14145", "CVE-2020-14155", "CVE-2020-16135", "CVE-2020-17541", "CVE-2020-24370", "CVE-2020-35521", "CVE-2020-35522", "CVE-2020-35523", "CVE-2020-35524", "CVE-2020-36330", "CVE-2020-36331", "CVE-2020-36332", "CVE-2021-20231", "CVE-2021-20232", "CVE-2021-20266", "CVE-2021-20317", "CVE-2021-21409", "CVE-2021-22876", "CVE-2021-22898", "CVE-2021-22925", "CVE-2021-27645", "CVE-2021-28153", "CVE-2021-31535", "CVE-2021-3200", "CVE-2021-33560", "CVE-2021-33574", "CVE-2021-3426", "CVE-2021-3445", "CVE-2021-3481", "CVE-2021-3572", "CVE-2021-3580", "CVE-2021-35942", "CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087", "CVE-2021-3712", "CVE-2021-37136", "CVE-2021-37137", "CVE-2021-3800", "CVE-2021-42574", "CVE-2021-43267", "CVE-2021-43527", "CVE-2021-44228", "CVE-2021-45046"], "modified": "2021-12-15T13:04:07", "id": "RHSA-2021:5129", "href": "https://access.redhat.com/errata/RHSA-2021:5129", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-16T20:41:31", "description": "Openshift Logging Security and Bug Fix Release (5.2.4)\n\nSecurity Fix(es):\n\n* log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)\n\n* netty: Request smuggling via content-length header (CVE-2021-21409)\n\n* netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-14T16:45:56", "type": "redhat", "title": "(RHSA-2021:5127) Moderate: Openshift Logging security and bug update (5.2.4)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-25009", "CVE-2018-25010", "CVE-2018-25012", "CVE-2018-25013", "CVE-2018-25014", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-17594", "CVE-2019-17595", "CVE-2019-18218", "CVE-2019-19603", "CVE-2019-20838", "CVE-2019-5827", "CVE-2020-12762", "CVE-2020-13435", "CVE-2020-14145", "CVE-2020-14155", "CVE-2020-16135", "CVE-2020-17541", "CVE-2020-24370", "CVE-2020-35521", "CVE-2020-35522", "CVE-2020-35523", "CVE-2020-35524", "CVE-2020-36330", "CVE-2020-36331", "CVE-2020-36332", "CVE-2021-20231", "CVE-2021-20232", "CVE-2021-20266", "CVE-2021-20317", "CVE-2021-21409", "CVE-2021-22876", "CVE-2021-22898", "CVE-2021-22925", "CVE-2021-27645", "CVE-2021-28153", "CVE-2021-31535", "CVE-2021-3200", "CVE-2021-33560", "CVE-2021-33574", "CVE-2021-3426", "CVE-2021-3445", "CVE-2021-3481", "CVE-2021-3572", "CVE-2021-3580", "CVE-2021-35942", "CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087", "CVE-2021-3712", "CVE-2021-37136", "CVE-2021-37137", "CVE-2021-3800", "CVE-2021-42574", "CVE-2021-43267", "CVE-2021-43527", "CVE-2021-44228", "CVE-2021-45046"], "modified": "2021-12-15T13:07:41", "id": "RHSA-2021:5127", "href": "https://access.redhat.com/errata/RHSA-2021:5127", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-16T20:44:30", "description": "Openshift Logging Security and Bug Fix Release (5.1.5)\n\nSecurity Fix(es):\n\n* log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)\n\n* netty: Request smuggling via content-length header (CVE-2021-21409)\n\n* netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-14T16:46:13", "type": "redhat", "title": "(RHSA-2021:5128) Moderate: Openshift Logging security and bug update (5.1.5)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20673", "CVE-2018-25009", "CVE-2018-25010", "CVE-2018-25012", "CVE-2018-25013", "CVE-2018-25014", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-17594", "CVE-2019-17595", "CVE-2019-18218", "CVE-2019-19603", "CVE-2019-20838", "CVE-2019-5827", "CVE-2020-12762", "CVE-2020-13435", "CVE-2020-14145", "CVE-2020-14155", "CVE-2020-16135", "CVE-2020-17541", "CVE-2020-24370", "CVE-2020-35521", "CVE-2020-35522", "CVE-2020-35523", "CVE-2020-35524", "CVE-2020-36330", "CVE-2020-36331", "CVE-2020-36332", "CVE-2021-20231", "CVE-2021-20232", "CVE-2021-20266", "CVE-2021-21409", "CVE-2021-22876", "CVE-2021-22898", "CVE-2021-22925", "CVE-2021-23840", "CVE-2021-23841", "CVE-2021-27645", "CVE-2021-28153", "CVE-2021-31535", "CVE-2021-3200", "CVE-2021-33560", "CVE-2021-33574", "CVE-2021-3426", "CVE-2021-3445", "CVE-2021-3481", "CVE-2021-3572", "CVE-2021-3580", "CVE-2021-35942", "CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087", "CVE-2021-3712", "CVE-2021-37136", "CVE-2021-37137", "CVE-2021-3778", "CVE-2021-3796", "CVE-2021-3800", "CVE-2021-42574", "CVE-2021-43527", "CVE-2021-44228", "CVE-2021-45046"], "modified": "2021-12-15T13:06:57", "id": "RHSA-2021:5128", "href": "https://access.redhat.com/errata/RHSA-2021:5128", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-29T02:04:26", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.11.0. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/RHSA-2022:5068\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nSecurity Fix(es):\n\n* go-getter: command injection vulnerability (CVE-2022-26945)\n* go-getter: unsafe download (issue 1 of 3) (CVE-2022-30321)\n* go-getter: unsafe download (issue 2 of 3) (CVE-2022-30322)\n* go-getter: unsafe download (issue 3 of 3) (CVE-2022-30323)\n* nanoid: Information disclosure via valueOf() function (CVE-2021-23566)\n* sanitize-url: XSS (CVE-2021-23648)\n* minimist: prototype pollution (CVE-2021-44906)\n* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)\n* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)\n* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)\n* go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses (CVE-2022-29810)\n* opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nYou may download the oc tool and use it to inspect release image metadata as follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.0-x86_64\n\nThe image digest is sha256:300bce8246cf880e792e106607925de0a404484637627edf5f517375517d54a4\n\n(For aarch64 architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.0-aarch64\n\nThe image digest is sha256:29fa8419da2afdb64b5475d2b43dad8cc9205e566db3968c5738e7a91cf96dfe\n\n(For s390x architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.0-s390x\n\nThe image digest is sha256:015d6180238b4024d11dfef6751143619a0458eccfb589f2058ceb1a6359dd46\n\n(For ppc64le architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.0-ppc64le\n\nThe image digest is sha256:5052f8d5597c6656ca9b6bfd3de521504c79917aa80feb915d3c8546241f86ca\n\nAll OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available\nat https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-10T10:23:32", "type": "redhat", "title": "(RHSA-2022:5069) Important: OpenShift Container Platform 4.11.0 bug fix and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-25009", "CVE-2018-25010", "CVE-2018-25012", "CVE-2018-25013", "CVE-2018-25014", "CVE-2018-25032", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-17594", "CVE-2019-17595", "CVE-2019-18218", "CVE-2019-19603", "CVE-2019-20838", "CVE-2019-5827", "CVE-2020-13435", "CVE-2020-14155", "CVE-2020-17541", "CVE-2020-19131", "CVE-2020-24370", "CVE-2020-28493", "CVE-2020-35492", "CVE-2020-36330", "CVE-2020-36331", "CVE-2020-36332", "CVE-2021-20095", "CVE-2021-20231", "CVE-2021-20232", "CVE-2021-23177", "CVE-2021-23566", "CVE-2021-23648", "CVE-2021-25219", "CVE-2021-31535", "CVE-2021-31566", "CVE-2021-3481", "CVE-2021-3580", "CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087", "CVE-2021-3634", "CVE-2021-3672", "CVE-2021-3695", "CVE-2021-3696", "CVE-2021-3697", "CVE-2021-3737", "CVE-2021-38185", "CVE-2021-38593", "CVE-2021-40528", "CVE-2021-4115", "CVE-2021-41190", "CVE-2021-4156", "CVE-2021-41617", "CVE-2021-4189", "CVE-2021-42771", "CVE-2021-43527", "CVE-2021-43565", "CVE-2021-43818", "CVE-2021-44225", "CVE-2021-44906", "CVE-2022-0235", "CVE-2022-0778", "CVE-2022-1012", "CVE-2022-1215", "CVE-2022-1271", "CVE-2022-1292", "CVE-2022-1586", "CVE-2022-1621", "CVE-2022-1629", "CVE-2022-1706", "CVE-2022-1729", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-21698", "CVE-2022-22576", "CVE-2022-23772", "CVE-2022-23773", "CVE-2022-23806", "CVE-2022-24407", "CVE-2022-24675", "CVE-2022-24903", "CVE-2022-24921", "CVE-2022-25313", "CVE-2022-25314", "CVE-2022-26691", "CVE-2022-26945", "CVE-2022-27191", "CVE-2022-27774", "CVE-2022-27776", "CVE-2022-27782", "CVE-2022-28327", "CVE-2022-28733", "CVE-2022-28734", "CVE-2022-28735", "CVE-2022-28736", "CVE-2022-28737", "CVE-2022-29162", "CVE-2022-29810", "CVE-2022-29824", "CVE-2022-30321", "CVE-2022-30322", "CVE-2022-30323", "CVE-2022-32250"], "modified": "2022-08-29T01:42:10", "id": "RHSA-2022:5069", "href": "https://access.redhat.com/errata/RHSA-2022:5069", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-22T18:39:11", "description": "Openshift Logging Bug Fix Release (5.3.0)\n\nSecurity Fix(es):\n\n* golang: x/net/html: infinite loop in ParseFragment (CVE-2021-33194)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-11-15T12:52:28", "type": "redhat", "title": "(RHSA-2021:4627) Moderate: Openshift Logging 5.3.0 bug fix and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20673", "CVE-2018-25009", "CVE-2018-25010", "CVE-2018-25012", "CVE-2018-25013", "CVE-2018-25014", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-14615", "CVE-2019-17594", "CVE-2019-17595", "CVE-2019-18218", "CVE-2019-19603", "CVE-2019-20838", "CVE-2019-5827", "CVE-2020-0427", "CVE-2020-10001", "CVE-2020-12762", "CVE-2020-13435", "CVE-2020-14145", "CVE-2020-14155", "CVE-2020-16135", "CVE-2020-17541", "CVE-2020-24370", "CVE-2020-24502", "CVE-2020-24503", "CVE-2020-24504", "CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-26139", "CVE-2020-26140", "CVE-2020-26141", "CVE-2020-26143", "CVE-2020-26144", "CVE-2020-26145", "CVE-2020-26146", "CVE-2020-26147", "CVE-2020-27777", "CVE-2020-29368", "CVE-2020-29660", "CVE-2020-35448", "CVE-2020-35521", "CVE-2020-35522", "CVE-2020-35523", "CVE-2020-35524", "CVE-2020-36158", "CVE-2020-36312", "CVE-2020-36330", "CVE-2020-36331", "CVE-2020-36332", "CVE-2020-36386", "CVE-2021-0129", "CVE-2021-20194", "CVE-2021-20197", "CVE-2021-20231", "CVE-2021-20232", "CVE-2021-20239", "CVE-2021-20266", "CVE-2021-20284", "CVE-2021-22876", "CVE-2021-22898", "CVE-2021-22925", "CVE-2021-23133", "CVE-2021-23840", "CVE-2021-23841", "CVE-2021-27645", "CVE-2021-28153", "CVE-2021-28950", "CVE-2021-28971", "CVE-2021-29155", "CVE-2021-29646", "CVE-2021-29650", "CVE-2021-31440", "CVE-2021-31535", "CVE-2021-31829", "CVE-2021-31916", "CVE-2021-3200", "CVE-2021-33033", "CVE-2021-33194", "CVE-2021-33200", "CVE-2021-3348", "CVE-2021-33560", "CVE-2021-33574", "CVE-2021-3426", "CVE-2021-3445", "CVE-2021-3481", "CVE-2021-3487", "CVE-2021-3489", "CVE-2021-3564", "CVE-2021-3572", "CVE-2021-3573", "CVE-2021-3580", "CVE-2021-35942", "CVE-2021-3600", "CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087", "CVE-2021-3635", "CVE-2021-3659", "CVE-2021-3679", "CVE-2021-3732", "CVE-2021-3778", "CVE-2021-3796", "CVE-2021-3800", "CVE-2021-42574"], "modified": "2021-11-15T12:52:54", "id": "RHSA-2021:4627", "href": "https://access.redhat.com/errata/RHSA-2021:4627", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-16T20:44:43", "description": "Openshift Logging Bug Fix Release (5.0.10)\n\nSecurity Fix(es):\n\n* log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-14T21:31:08", "type": "redhat", "title": "(RHSA-2021:5137) Moderate: Openshift Logging Security Release (5.0.10)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20673", "CVE-2018-25009", "CVE-2018-25010", "CVE-2018-25012", "CVE-2018-25013", "CVE-2018-25014", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-14615", "CVE-2019-17594", "CVE-2019-17595", "CVE-2019-18218", "CVE-2019-19603", "CVE-2019-20838", "CVE-2019-5827", "CVE-2020-0427", "CVE-2020-10001", "CVE-2020-12762", "CVE-2020-13435", "CVE-2020-14145", "CVE-2020-14155", "CVE-2020-16135", "CVE-2020-17541", "CVE-2020-24370", "CVE-2020-24502", "CVE-2020-24503", "CVE-2020-24504", "CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-26139", "CVE-2020-26140", "CVE-2020-26141", "CVE-2020-26143", "CVE-2020-26144", "CVE-2020-26145", "CVE-2020-26146", "CVE-2020-26147", "CVE-2020-27777", "CVE-2020-29368", "CVE-2020-29660", "CVE-2020-35448", "CVE-2020-35521", "CVE-2020-35522", "CVE-2020-35523", "CVE-2020-35524", "CVE-2020-36158", "CVE-2020-36312", "CVE-2020-36330", "CVE-2020-36331", "CVE-2020-36332", "CVE-2020-36386", "CVE-2021-0129", "CVE-2021-20194", "CVE-2021-20197", "CVE-2021-20231", "CVE-2021-20232", "CVE-2021-20239", "CVE-2021-20266", "CVE-2021-20284", "CVE-2021-22876", "CVE-2021-22898", "CVE-2021-22925", "CVE-2021-23133", "CVE-2021-23840", "CVE-2021-23841", "CVE-2021-27645", "CVE-2021-28153", "CVE-2021-28950", "CVE-2021-28971", "CVE-2021-29155", "CVE-2021-29646", "CVE-2021-29650", "CVE-2021-31440", "CVE-2021-31535", "CVE-2021-31829", "CVE-2021-31916", "CVE-2021-3200", "CVE-2021-33033", "CVE-2021-33200", "CVE-2021-3348", "CVE-2021-33560", "CVE-2021-33574", "CVE-2021-3426", "CVE-2021-3445", "CVE-2021-3481", "CVE-2021-3487", "CVE-2021-3489", "CVE-2021-3564", "CVE-2021-3572", "CVE-2021-3573", "CVE-2021-3580", "CVE-2021-35942", "CVE-2021-3600", "CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087", "CVE-2021-3635", "CVE-2021-3659", "CVE-2021-3679", "CVE-2021-3712", "CVE-2021-3732", "CVE-2021-3778", "CVE-2021-3796", "CVE-2021-3800", "CVE-2021-42574", "CVE-2021-43527", "CVE-2021-44228", "CVE-2021-45046"], "modified": "2021-12-15T13:05:11", "id": "RHSA-2021:5137", "href": "https://access.redhat.com/errata/RHSA-2021:5137", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-20T07:27:24", "description": "The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.\n\nSecurity Fix(es):\n\n* mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2022-01-20T06:27:36", "type": "redhat", "title": "(RHSA-2022:0202) Moderate: Migration Toolkit for Containers (MTC) 1.6.3 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4658", "CVE-2018-20845", "CVE-2018-20847", "CVE-2018-25009", "CVE-2018-25010", "CVE-2018-25012", "CVE-2018-25013", "CVE-2018-25014", "CVE-2018-5727", "CVE-2018-5785", "CVE-2019-12973", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-17594", "CVE-2019-17595", "CVE-2019-18218", "CVE-2019-19603", "CVE-2019-20838", "CVE-2019-5827", "CVE-2020-10001", "CVE-2020-12762", "CVE-2020-13435", "CVE-2020-13558", "CVE-2020-14145", "CVE-2020-14155", "CVE-2020-15389", "CVE-2020-16135", "CVE-2020-17541", "CVE-2020-18032", "CVE-2020-24370", "CVE-2020-24870", "CVE-2020-27814", "CVE-2020-27823", "CVE-2020-27824", "CVE-2020-27828", "CVE-2020-27842", "CVE-2020-27843", "CVE-2020-27845", "CVE-2020-27918", "CVE-2020-29623", "CVE-2020-35521", "CVE-2020-35522", "CVE-2020-35523", "CVE-2020-35524", "CVE-2020-36241", "CVE-2020-36330", "CVE-2020-36331", "CVE-2020-36332", "CVE-2021-1765", "CVE-2021-1788", "CVE-2021-1789", "CVE-2021-1799", "CVE-2021-1801", "CVE-2021-1844", "CVE-2021-1870", "CVE-2021-1871", "CVE-2021-20231", "CVE-2021-20232", "CVE-2021-20266", "CVE-2021-20271", "CVE-2021-20321", "CVE-2021-21775", "CVE-2021-21779", "CVE-2021-21806", "CVE-2021-22876", "CVE-2021-22898", "CVE-2021-22925", "CVE-2021-22946", "CVE-2021-22947", "CVE-2021-26926", "CVE-2021-26927", "CVE-2021-27645", "CVE-2021-28153", "CVE-2021-28650", "CVE-2021-29338", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30682", "CVE-2021-30689", "CVE-2021-30720", "CVE-2021-30734", "CVE-2021-30744", "CVE-2021-30749", "CVE-2021-30758", "CVE-2021-30795", "CVE-2021-30797", "CVE-2021-30799", "CVE-2021-31535", "CVE-2021-3200", "CVE-2021-3272", "CVE-2021-33560", "CVE-2021-33574", "CVE-2021-33928", "CVE-2021-33929", "CVE-2021-33930", "CVE-2021-33938", "CVE-2021-3426", "CVE-2021-3445", "CVE-2021-3481", "CVE-2021-3572", "CVE-2021-3575", "CVE-2021-3580", "CVE-2021-35942", "CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087", "CVE-2021-3712", "CVE-2021-3733", "CVE-2021-37750", "CVE-2021-3778", "CVE-2021-3796", "CVE-2021-3800", "CVE-2021-3948", "CVE-2021-41617", "CVE-2021-42574", "CVE-2021-43527"], "modified": "2022-01-20T06:28:12", "id": "RHSA-2022:0202", "href": "https://access.redhat.com/errata/RHSA-2022:0202", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "veracode": [{"lastseen": "2022-08-25T06:56:02", "description": "qt5 is vulnerable to denial of service. The vulnerability exists in the `QRadialFetchSimd` in `qt/qtbase/src/gui/painting/qdrawhelper_p. h` i of `Qt/Qtbase` when rendering and displaying a crafted scalable vector graphics (SVG) file, leading to an unauthorized memory access. \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2021-11-28T00:40:38", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2021-3481"], "modified": "2022-08-25T06:12:07", "id": "VERACODE:33117", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-33117/summary", "cvss": {"score": 0.0, "vector": "NONE"}}], "suse": [{"lastseen": "2022-11-06T12:08:56", "description": "An update that fixes one vulnerability is now available.\n\nDescription:\n\n This update for libqt5-qtsvg fixes the following issues:\n\n - CVE-2021-3481: Fixed an out of bounds read in function QRadialFetchSimd\n from crafted svg file. (bsc#1184783)\n\n This update was imported from the SUSE:SLE-15-SP2:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-1371=1", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2021-10-18T00:00:00", "type": "suse", "title": "Security update for libqt5-qtsvg (moderate)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2021-3481"], "modified": "2021-10-18T00:00:00", "id": "OPENSUSE-SU-2021:1371-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WUQQL3BSIDANFVPIE65N7IJDJSBTEPHN/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-11-06T12:08:56", "description": "An update that fixes one vulnerability is now available.\n\nDescription:\n\n This update for libqt5-qtsvg fixes the following issues:\n\n - CVE-2021-3481: Fixed an out of bounds read in function QRadialFetchSimd\n from crafted svg file. (bsc#1184783)\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2021-3354=1", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2021-10-12T00:00:00", "type": "suse", "title": "Security update for libqt5-qtsvg (moderate)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2021-3481"], "modified": "2021-10-12T00:00:00", "id": "OPENSUSE-SU-2021:3354-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BBFMOSZDI3WFGNU3EM54DUBD3HAM2LEV/", "cvss": {"score": 0.0, "vector": "NONE"}}], "redhatcve": [{"lastseen": "2022-12-06T20:14:04", "description": "A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality the application availability.\n#### Mitigation\n\nMitigation for this issue is either not available or the currently available options don&#x27;t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. \n\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2021-04-01T11:38:51", "type": "redhatcve", "title": "CVE-2021-3481", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-3481"], "modified": "2022-12-06T19:43:41", "id": "RH:CVE-2021-3481", "href": "https://access.redhat.com/security/cve/cve-2021-3481", "cvss": {"score": 0.0, "vector": "NONE"}}], "rocky": [{"lastseen": "2023-01-16T23:05:47", "description": "An update for qt5 is now available for Rocky Linux 8.\nRocky Enterprise Software Foundation Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\nQt is a software toolkit for developing applications.\nThe following packages have been upgraded to a later upstream version: adwaita-qt (1.2.1), python-qt5 (5.15.0), qgnomeplatform (0.7.1), qt5 (5.15.2), qt5-qt3d (5.15.2), qt5-qtbase (5.15.2), qt5-qtconnectivity (5.15.2), qt5-qtdeclarative (5.15.2), qt5-qtdoc (5.15.2), qt5-qtgraphicaleffects (5.15.2), qt5-qtimageformats (5.15.2), qt5-qtlocation (5.15.2), qt5-qtmultimedia (5.15.2), qt5-qtquickcontrols (5.15.2), qt5-qtquickcontrols2 (5.15.2), qt5-qtscript (5.15.2), qt5-qtsensors (5.15.2), qt5-qtserialbus (5.15.2), qt5-qtserialport (5.15.2), qt5-qtsvg (5.15.2), qt5-qttools (5.15.2), qt5-qttranslations (5.15.2), qt5-qtwayland (5.15.2), qt5-qtwebchannel (5.15.2), qt5-qtwebsockets (5.15.2), qt5-qtx11extras (5.15.2), qt5-qtxmlpatterns (5.15.2), sip (4.19.24). (BZ#1928156)\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\nAdditional Changes:\nFor detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2021-11-09T00:00:00", "type": "rocky", "title": "qt5 security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2021-3481"], "modified": "2021-11-09T00:00:00", "id": "RLSA-2021:4172", "href": "https://errata.rockylinux.org/RLSA-2021:4172", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2022-08-25T05:16:57", "description": "A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2022-08-22T15:15:00", "type": "cve", "title": "CVE-2021-3481", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2021-3481"], "modified": "2022-08-25T00:42:00", "cpe": ["cpe:/a:qt:qt:5.15.1", "cpe:/a:qt:qt:6.0.0", "cpe:/a:qt:qt:6.2.0", "cpe:/a:qt:qt:6.0.2"], "id": "CVE-2021-3481", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3481", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:a:qt:qt:5.15.1:*:*:*:*:*:*:*", "cpe:2.3:a:qt:qt:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:qt:qt:6.0.0:-:*:*:*:*:*:*", "cpe:2.3:a:qt:qt:6.2.0:-:*:*:*:*:*:*"]}], "debiancve": [{"lastseen": "2023-01-22T03:10:23", "description": "A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2022-08-22T15:15:00", "type": "debiancve", "title": "CVE-2021-3481", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-3481"], "modified": "2022-08-22T15:15:00", "id": "DEBIANCVE:CVE-2021-3481", "href": "https://security-tracker.debian.org/tracker/CVE-2021-3481", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2023-01-26T14:51:20", "description": "The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2021:4172 advisory.\n\n - qt: Out of bounds read in function QRadialFetchSimd from crafted svg file (CVE-2021-3481)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "CentOS 8 : qt5 (CESA-2021:4172)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3481"], "modified": "2022-12-13T00:00:00", "cpe": ["cpe:/o:centos:centos:8-stream", "p-cpe:/a:centos:centos:adwaita-qt5", "p-cpe:/a:centos:centos:libadwaita-qt5", "p-cpe:/a:centos:centos:python-qt5-rpm-macros", "p-cpe:/a:centos:centos:python3-pyqt5-sip", "p-cpe:/a:centos:centos:python3-qt5", "p-cpe:/a:centos:centos:python3-qt5-base", "p-cpe:/a:centos:centos:python3-qt5-devel", "p-cpe:/a:centos:centos:python3-sip-devel", "p-cpe:/a:centos:centos:python3-wx-siplib", "p-cpe:/a:centos:centos:qgnomeplatform", "p-cpe:/a:centos:centos:qt5-assistant", "p-cpe:/a:centos:centos:qt5-designer", "p-cpe:/a:centos:centos:qt5-devel", "p-cpe:/a:centos:centos:qt5-doctools", "p-cpe:/a:centos:centos:qt5-linguist", "p-cpe:/a:centos:centos:qt5-qdbusviewer", "p-cpe:/a:centos:centos:qt5-qt3d", "p-cpe:/a:centos:centos:qt5-qt3d-devel", "p-cpe:/a:centos:centos:qt5-qt3d-examples", "p-cpe:/a:centos:centos:qt5-qtbase", "p-cpe:/a:centos:centos:qt5-qtbase-common", "p-cpe:/a:centos:centos:qt5-qtbase-devel", "p-cpe:/a:centos:centos:qt5-qtbase-examples", "p-cpe:/a:centos:centos:qt5-qtbase-gui", "p-cpe:/a:centos:centos:qt5-qtbase-mysql", "p-cpe:/a:centos:centos:qt5-qtbase-odbc", "p-cpe:/a:centos:centos:qt5-qtbase-postgresql", "p-cpe:/a:centos:centos:qt5-qtbase-private-devel", "p-cpe:/a:centos:centos:qt5-qtbase-static", "p-cpe:/a:centos:centos:qt5-qtcanvas3d", "p-cpe:/a:centos:centos:qt5-qtcanvas3d-examples", "p-cpe:/a:centos:centos:qt5-qtconnectivity", "p-cpe:/a:centos:centos:qt5-qtconnectivity-devel", "p-cpe:/a:centos:centos:qt5-qtconnectivity-examples", "p-cpe:/a:centos:centos:qt5-qtdeclarative", "p-cpe:/a:centos:centos:qt5-qtdeclarative-devel", "p-cpe:/a:centos:centos:qt5-qtdeclarative-examples", "p-cpe:/a:centos:centos:qt5-qtdeclarative-static", "p-cpe:/a:centos:centos:qt5-qtdoc", "p-cpe:/a:centos:centos:qt5-qtgraphicaleffects", "p-cpe:/a:centos:centos:qt5-qtimageformats", "p-cpe:/a:centos:centos:qt5-qtlocation", "p-cpe:/a:centos:centos:qt5-qtlocation-devel", "p-cpe:/a:centos:centos:qt5-qtlocation-examples", "p-cpe:/a:centos:centos:qt5-qtmultimedia", "p-cpe:/a:centos:centos:qt5-qtmultimedia-devel", "p-cpe:/a:centos:centos:qt5-qtmultimedia-examples", "p-cpe:/a:centos:centos:qt5-qtquickcontrols", "p-cpe:/a:centos:centos:qt5-qtquickcontrols-examples", "p-cpe:/a:centos:centos:qt5-qtquickcontrols2", "p-cpe:/a:centos:centos:qt5-qtquickcontrols2-devel", "p-cpe:/a:centos:centos:qt5-qtquickcontrols2-examples", "p-cpe:/a:centos:centos:qt5-qtscript", "p-cpe:/a:centos:centos:qt5-qtscript-devel", "p-cpe:/a:centos:centos:qt5-qtscript-examples", "p-cpe:/a:centos:centos:qt5-qtsensors", "p-cpe:/a:centos:centos:qt5-qtsensors-devel", "p-cpe:/a:centos:centos:qt5-qtsensors-examples", "p-cpe:/a:centos:centos:qt5-qtserialbus", "p-cpe:/a:centos:centos:qt5-qtserialbus-devel", "p-cpe:/a:centos:centos:qt5-qtserialbus-examples", "p-cpe:/a:centos:centos:qt5-qtserialport", "p-cpe:/a:centos:centos:qt5-qtserialport-devel", "p-cpe:/a:centos:centos:qt5-qtserialport-examples", "p-cpe:/a:centos:centos:qt5-qtsvg", "p-cpe:/a:centos:centos:qt5-qtsvg-devel", "p-cpe:/a:centos:centos:qt5-qtsvg-examples", "p-cpe:/a:centos:centos:qt5-qttools", "p-cpe:/a:centos:centos:qt5-qttools-common", "p-cpe:/a:centos:centos:qt5-qttools-devel", "p-cpe:/a:centos:centos:qt5-qttools-examples", "p-cpe:/a:centos:centos:qt5-qttools-libs-designer", "p-cpe:/a:centos:centos:qt5-qttools-libs-designercomponents", "p-cpe:/a:centos:centos:qt5-qttools-libs-help", "p-cpe:/a:centos:centos:qt5-qttools-static", "p-cpe:/a:centos:centos:qt5-qttranslations", "p-cpe:/a:centos:centos:qt5-qtwayland", "p-cpe:/a:centos:centos:qt5-qtwayland-devel", "p-cpe:/a:centos:centos:qt5-qtwayland-examples", "p-cpe:/a:centos:centos:qt5-qtwebchannel", "p-cpe:/a:centos:centos:qt5-qtwebchannel-devel", "p-cpe:/a:centos:centos:qt5-qtwebchannel-examples", "p-cpe:/a:centos:centos:qt5-qtwebsockets", "p-cpe:/a:centos:centos:qt5-qtwebsockets-devel", "p-cpe:/a:centos:centos:qt5-qtwebsockets-examples", "p-cpe:/a:centos:centos:qt5-qtx11extras", "p-cpe:/a:centos:centos:qt5-qtx11extras-devel", "p-cpe:/a:centos:centos:qt5-qtxmlpatterns", "p-cpe:/a:centos:centos:qt5-qtxmlpatterns-devel", "p-cpe:/a:centos:centos:qt5-qtxmlpatterns-examples", "p-cpe:/a:centos:centos:qt5-rpm-macros", "p-cpe:/a:centos:centos:qt5-srpm-macros", "p-cpe:/a:centos:centos:sip"], "id": "CENTOS8_RHSA-2021-4172.NASL", "href": "https://www.tenable.com/plugins/nessus/155055", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:4172. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155055);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/13\");\n\n script_cve_id(\"CVE-2021-3481\");\n script_xref(name:\"RHSA\", value:\"2021:4172\");\n\n script_name(english:\"CentOS 8 : qt5 (CESA-2021:4172)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nCESA-2021:4172 advisory.\n\n - qt: Out of bounds read in function QRadialFetchSimd from crafted svg file (CVE-2021-3481)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:4172\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3481\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:adwaita-qt5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libadwaita-qt5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-qt5-rpm-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-pyqt5-sip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-qt5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-qt5-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-qt5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-sip-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-wx-siplib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qgnomeplatform\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-assistant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-designer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-doctools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-linguist\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qdbusviewer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qt3d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qt3d-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qt3d-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtbase-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtbase-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtbase-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtbase-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtbase-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtbase-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtbase-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtbase-private-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtbase-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtcanvas3d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtcanvas3d-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtconnectivity\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtconnectivity-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtconnectivity-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtdeclarative\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtdeclarative-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtdeclarative-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtdeclarative-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtgraphicaleffects\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtimageformats\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtlocation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtlocation-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtlocation-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtmultimedia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtmultimedia-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtmultimedia-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtquickcontrols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtquickcontrols-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtquickcontrols2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtquickcontrols2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtquickcontrols2-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtscript\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtscript-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtscript-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtsensors\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtsensors-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtsensors-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtserialbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtserialbus-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtserialbus-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtserialport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtserialport-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtserialport-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtsvg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtsvg-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtsvg-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qttools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qttools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qttools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qttools-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qttools-libs-designer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qttools-libs-designercomponents\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qttools-libs-help\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qttools-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qttranslations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtwayland\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtwayland-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtwayland-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtwebchannel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtwebchannel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtwebchannel-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtwebsockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtwebsockets-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtwebsockets-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtx11extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtx11extras-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtxmlpatterns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtxmlpatterns-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-qtxmlpatterns-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-rpm-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt5-srpm-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:sip\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nvar os_ver = os_ver[1];\nif ('CentOS Stream' >!< release) audit(AUDIT_OS_NOT, 'CentOS 8-Stream');\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar pkgs = [\n {'reference':'adwaita-qt5-1.2.1-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'adwaita-qt5-1.2.1-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libadwaita-qt5-1.2.1-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libadwaita-qt5-1.2.1-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-qt5-rpm-macros-5.15.0-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-qt5-rpm-macros-5.15.0-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-pyqt5-sip-4.19.24-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-pyqt5-sip-4.19.24-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qt5-5.15.0-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qt5-5.15.0-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qt5-base-5.15.0-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qt5-base-5.15.0-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qt5-devel-5.15.0-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qt5-devel-5.15.0-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-sip-devel-4.19.24-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-sip-devel-4.19.24-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-wx-siplib-4.19.24-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-wx-siplib-4.19.24-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qgnomeplatform-0.7.1-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qgnomeplatform-0.7.1-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-assistant-5.15.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-assistant-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-designer-5.15.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-designer-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-devel-5.15.2-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-devel-5.15.2-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-doctools-5.15.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-doctools-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-linguist-5.15.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-linguist-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qdbusviewer-5.15.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qdbusviewer-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qt3d-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qt3d-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qt3d-devel-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qt3d-devel-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qt3d-examples-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qt3d-examples-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-5.15.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-common-5.15.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-common-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-devel-5.15.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-devel-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-examples-5.15.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-examples-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-gui-5.15.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-gui-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-mysql-5.15.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-mysql-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-odbc-5.15.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-odbc-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-postgresql-5.15.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-postgresql-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-private-devel-5.15.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-private-devel-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-static-5.15.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-static-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtcanvas3d-5.12.5-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtcanvas3d-5.12.5-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtcanvas3d-examples-5.12.5-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtcanvas3d-examples-5.12.5-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtconnectivity-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtconnectivity-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtconnectivity-devel-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtconnectivity-devel-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtconnectivity-examples-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtconnectivity-examples-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdeclarative-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdeclarative-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdeclarative-devel-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdeclarative-devel-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdeclarative-examples-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdeclarative-examples-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdeclarative-static-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdeclarative-static-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdoc-5.15.2-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdoc-5.15.2-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtgraphicaleffects-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtgraphicaleffects-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtimageformats-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtimageformats-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtlocation-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtlocation-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtlocation-devel-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtlocation-devel-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtlocation-examples-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtlocation-examples-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtmultimedia-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtmultimedia-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtmultimedia-devel-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtmultimedia-devel-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtmultimedia-examples-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtmultimedia-examples-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols-examples-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols-examples-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols2-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols2-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols2-devel-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols2-devel-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols2-examples-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols2-examples-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtscript-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtscript-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtscript-devel-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtscript-devel-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtscript-examples-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtscript-examples-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsensors-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsensors-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsensors-devel-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsensors-devel-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsensors-examples-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsensors-examples-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialbus-5.15.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialbus-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialbus-devel-5.15.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialbus-devel-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialbus-examples-5.15.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialbus-examples-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialport-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialport-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialport-devel-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialport-devel-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialport-examples-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialport-examples-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsvg-5.15.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsvg-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsvg-devel-5.15.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsvg-devel-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsvg-examples-5.15.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsvg-examples-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-5.15.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-common-5.15.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-common-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-devel-5.15.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-devel-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-examples-5.15.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-examples-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-libs-designer-5.15.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-libs-designer-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-libs-designercomponents-5.15.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-libs-designercomponents-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-libs-help-5.15.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-libs-help-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-static-5.15.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-static-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttranslations-5.15.2-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttranslations-5.15.2-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwayland-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwayland-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwayland-devel-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwayland-devel-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwayland-examples-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwayland-examples-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebchannel-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebchannel-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebchannel-devel-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebchannel-devel-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebchannel-examples-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebchannel-examples-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebsockets-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebsockets-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebsockets-devel-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebsockets-devel-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebsockets-examples-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebsockets-examples-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtx11extras-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtx11extras-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtx11extras-devel-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtx11extras-devel-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtxmlpatterns-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtxmlpatterns-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtxmlpatterns-devel-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtxmlpatterns-devel-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtxmlpatterns-examples-5.15.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtxmlpatterns-examples-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-rpm-macros-5.15.2-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-rpm-macros-5.15.2-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-srpm-macros-5.15.2-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-srpm-macros-5.15.2-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sip-4.19.24-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sip-4.19.24-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'adwaita-qt5 / libadwaita-qt5 / python-qt5-rpm-macros / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-26T14:49:43", "description": "The remote SUSE Linux SLED12 / SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:3333-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2021-10-12T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : libqt5-qtsvg (SUSE-SU-2021:3333-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3481"], "modified": "2022-12-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libQt5Svg5", "p-cpe:/a:novell:suse_linux:libqt5-qtsvg-devel", "p-cpe:/a:novell:suse_linux:libqt5-qtsvg-private-headers-devel", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-3333-1.NASL", "href": "https://www.tenable.com/plugins/nessus/154002", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:3333-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154002);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/13\");\n\n script_cve_id(\"CVE-2021-3481\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:3333-1\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : libqt5-qtsvg (SUSE-SU-2021:3333-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED12 / SLES12 host has packages installed that are affected by a vulnerability as referenced in\nthe SUSE-SU-2021:3333-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the\napplication's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184783\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-October/009558.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c43d744f\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3481\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libQt5Svg5, libqt5-qtsvg-devel and / or libqt5-qtsvg-private-headers-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3481\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Svg5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt5-qtsvg-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt5-qtsvg-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED12 / SLES12', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP5\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'libQt5Svg5-5.6.2-3.6.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'libqt5-qtsvg-devel-5.6.2-3.6.1', 'sp':'5', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'libqt5-qtsvg-devel-5.6.2-3.6.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'libqt5-qtsvg-private-headers-devel-5.6.2-3.6.1', 'sp':'5', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'libqt5-qtsvg-private-headers-devel-5.6.2-3.6.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'libQt5Svg5-5.6.2-3.6.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n if (!rpm_exists(release:release, rpm:exists_check)) continue;\n if ('ltss' >< tolower(exists_check)) ltss_caveat_required = TRUE;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libQt5Svg5 / libqt5-qtsvg-devel / libqt5-qtsvg-private-headers-devel');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-26T14:51:01", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:4172 advisory.\n\n - qt: Out of bounds read in function QRadialFetchSimd from crafted svg file (CVE-2021-3481)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "RHEL 8 : qt5 (RHSA-2021:4172)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3481"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:adwaita-qt5", "p-cpe:/a:redhat:enterprise_linux:libadwaita-qt5", "p-cpe:/a:redhat:enterprise_linux:python-qt5-rpm-macros", "p-cpe:/a:redhat:enterprise_linux:python3-pyqt5-sip", "p-cpe:/a:redhat:enterprise_linux:python3-qt5", "p-cpe:/a:redhat:enterprise_linux:python3-qt5-base", "p-cpe:/a:redhat:enterprise_linux:python3-qt5-devel", "p-cpe:/a:redhat:enterprise_linux:python3-sip-devel", "p-cpe:/a:redhat:enterprise_linux:python3-wx-siplib", "p-cpe:/a:redhat:enterprise_linux:qgnomeplatform", "p-cpe:/a:redhat:enterprise_linux:qt5-assistant", "p-cpe:/a:redhat:enterprise_linux:qt5-designer", "p-cpe:/a:redhat:enterprise_linux:qt5-devel", "p-cpe:/a:redhat:enterprise_linux:qt5-doctools", "p-cpe:/a:redhat:enterprise_linux:qt5-linguist", "p-cpe:/a:redhat:enterprise_linux:qt5-qdbusviewer", "p-cpe:/a:redhat:enterprise_linux:qt5-qt3d", "p-cpe:/a:redhat:enterprise_linux:qt5-qt3d-devel", "p-cpe:/a:redhat:enterprise_linux:qt5-qt3d-examples", "p-cpe:/a:redhat:enterprise_linux:qt5-qtbase", "p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-common", "p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-devel", "p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-examples", "p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-gui", "p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-mysql", "p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-odbc", "p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-postgresql", "p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-private-devel", "p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-static", "p-cpe:/a:redhat:enterprise_linux:qt5-qtcanvas3d", "p-cpe:/a:redhat:enterprise_linux:qt5-qtcanvas3d-examples", "p-cpe:/a:redhat:enterprise_linux:qt5-qtconnectivity", "p-cpe:/a:redhat:enterprise_linux:qt5-qtconnectivity-devel", "p-cpe:/a:redhat:enterprise_linux:qt5-qtconnectivity-examples", "p-cpe:/a:redhat:enterprise_linux:qt5-qtdeclarative", "p-cpe:/a:redhat:enterprise_linux:qt5-qtdeclarative-devel", "p-cpe:/a:redhat:enterprise_linux:qt5-qtdeclarative-examples", "p-cpe:/a:redhat:enterprise_linux:qt5-qtdeclarative-static", "p-cpe:/a:redhat:enterprise_linux:qt5-qtdoc", "p-cpe:/a:redhat:enterprise_linux:qt5-qtgraphicaleffects", "p-cpe:/a:redhat:enterprise_linux:qt5-qtimageformats", "p-cpe:/a:redhat:enterprise_linux:qt5-qtlocation", "p-cpe:/a:redhat:enterprise_linux:qt5-qtlocation-devel", "p-cpe:/a:redhat:enterprise_linux:qt5-qtlocation-examples", "p-cpe:/a:redhat:enterprise_linux:qt5-qtmultimedia", "p-cpe:/a:redhat:enterprise_linux:qt5-qtmultimedia-devel", "p-cpe:/a:redhat:enterprise_linux:qt5-qtmultimedia-examples", "p-cpe:/a:redhat:enterprise_linux:qt5-qtquickcontrols", "p-cpe:/a:redhat:enterprise_linux:qt5-qtquickcontrols-examples", "p-cpe:/a:redhat:enterprise_linux:qt5-qtquickcontrols2", "p-cpe:/a:redhat:enterprise_linux:qt5-qtquickcontrols2-devel", "p-cpe:/a:redhat:enterprise_linux:qt5-qtquickcontrols2-examples", "p-cpe:/a:redhat:enterprise_linux:qt5-qtscript", "p-cpe:/a:redhat:enterprise_linux:qt5-qtscript-devel", "p-cpe:/a:redhat:enterprise_linux:qt5-qtscript-examples", "p-cpe:/a:redhat:enterprise_linux:qt5-qtsensors", "p-cpe:/a:redhat:enterprise_linux:qt5-qtsensors-devel", "p-cpe:/a:redhat:enterprise_linux:qt5-qtsensors-examples", "p-cpe:/a:redhat:enterprise_linux:qt5-qtserialbus", "p-cpe:/a:redhat:enterprise_linux:qt5-qtserialbus-devel", "p-cpe:/a:redhat:enterprise_linux:qt5-qtserialbus-examples", "p-cpe:/a:redhat:enterprise_linux:qt5-qtserialport", "p-cpe:/a:redhat:enterprise_linux:qt5-qtserialport-devel", "p-cpe:/a:redhat:enterprise_linux:qt5-qtserialport-examples", "p-cpe:/a:redhat:enterprise_linux:qt5-qtsvg", "p-cpe:/a:redhat:enterprise_linux:qt5-qtsvg-devel", "p-cpe:/a:redhat:enterprise_linux:qt5-qtsvg-examples", "p-cpe:/a:redhat:enterprise_linux:qt5-qttools", "p-cpe:/a:redhat:enterprise_linux:qt5-qttools-common", "p-cpe:/a:redhat:enterprise_linux:qt5-qttools-devel", "p-cpe:/a:redhat:enterprise_linux:qt5-qttools-examples", "p-cpe:/a:redhat:enterprise_linux:qt5-qttools-libs-designer", "p-cpe:/a:redhat:enterprise_linux:qt5-qttools-libs-designercomponents", "p-cpe:/a:redhat:enterprise_linux:qt5-qttools-libs-help", "p-cpe:/a:redhat:enterprise_linux:qt5-qttools-static", "p-cpe:/a:redhat:enterprise_linux:qt5-qttranslations", "p-cpe:/a:redhat:enterprise_linux:qt5-qtwayland", "p-cpe:/a:redhat:enterprise_linux:qt5-qtwayland-devel", "p-cpe:/a:redhat:enterprise_linux:qt5-qtwayland-examples", "p-cpe:/a:redhat:enterprise_linux:qt5-qtwebchannel", "p-cpe:/a:redhat:enterprise_linux:qt5-qtwebchannel-devel", "p-cpe:/a:redhat:enterprise_linux:qt5-qtwebchannel-examples", "p-cpe:/a:redhat:enterprise_linux:qt5-qtwebsockets", "p-cpe:/a:redhat:enterprise_linux:qt5-qtwebsockets-devel", "p-cpe:/a:redhat:enterprise_linux:qt5-qtwebsockets-examples", "p-cpe:/a:redhat:enterprise_linux:qt5-qtx11extras", "p-cpe:/a:redhat:enterprise_linux:qt5-qtx11extras-devel", "p-cpe:/a:redhat:enterprise_linux:qt5-qtxmlpatterns", "p-cpe:/a:redhat:enterprise_linux:qt5-qtxmlpatterns-devel", "p-cpe:/a:redhat:enterprise_linux:qt5-qtxmlpatterns-examples", "p-cpe:/a:redhat:enterprise_linux:qt5-rpm-macros", "p-cpe:/a:redhat:enterprise_linux:qt5-srpm-macros", "p-cpe:/a:redhat:enterprise_linux:sip"], "id": "REDHAT-RHSA-2021-4172.NASL", "href": "https://www.tenable.com/plugins/nessus/155094", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:4172. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155094);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2021-3481\");\n script_xref(name:\"RHSA\", value:\"2021:4172\");\n\n script_name(english:\"RHEL 8 : qt5 (RHSA-2021:4172)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2021:4172 advisory.\n\n - qt: Out of bounds read in function QRadialFetchSimd from crafted svg file (CVE-2021-3481)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3481\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:4172\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1931444\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3481\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(125);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:adwaita-qt5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libadwaita-qt5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-qt5-rpm-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-pyqt5-sip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-qt5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-qt5-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-qt5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-sip-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-wx-siplib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qgnomeplatform\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-assistant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-designer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-doctools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-linguist\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qdbusviewer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qt3d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qt3d-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qt3d-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-private-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtbase-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtcanvas3d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtcanvas3d-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtconnectivity\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtconnectivity-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtconnectivity-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtdeclarative\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtdeclarative-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtdeclarative-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtdeclarative-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtgraphicaleffects\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtimageformats\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtlocation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtlocation-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtlocation-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtmultimedia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtmultimedia-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtmultimedia-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtquickcontrols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtquickcontrols-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtquickcontrols2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtquickcontrols2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtquickcontrols2-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtscript\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtscript-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtscript-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtsensors\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtsensors-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtsensors-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtserialbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtserialbus-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtserialbus-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtserialport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtserialport-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtserialport-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtsvg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtsvg-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtsvg-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qttools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qttools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qttools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qttools-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qttools-libs-designer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qttools-libs-designercomponents\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qttools-libs-help\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qttools-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qttranslations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtwayland\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtwayland-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtwayland-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtwebchannel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtwebchannel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtwebchannel-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtwebsockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtwebsockets-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtwebsockets-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtx11extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtx11extras-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtxmlpatterns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtxmlpatterns-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-qtxmlpatterns-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-rpm-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt5-srpm-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sip\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'adwaita-qt5-1.2.1-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libadwaita-qt5-1.2.1-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-qt5-rpm-macros-5.15.0-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-pyqt5-sip-4.19.24-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qt5-5.15.0-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qt5-base-5.15.0-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qt5-devel-5.15.0-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-sip-devel-4.19.24-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-wx-siplib-4.19.24-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qgnomeplatform-0.7.1-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-assistant-5.15.2-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-designer-5.15.2-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-devel-5.15.2-1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-doctools-5.15.2-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-linguist-5.15.2-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qdbusviewer-5.15.2-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qt3d-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qt3d-devel-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qt3d-examples-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-5.15.2-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-common-5.15.2-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-devel-5.15.2-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-examples-5.15.2-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-gui-5.15.2-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-mysql-5.15.2-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-odbc-5.15.2-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-postgresql-5.15.2-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-private-devel-5.15.2-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-static-5.15.2-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtcanvas3d-5.12.5-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtcanvas3d-examples-5.12.5-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtconnectivity-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtconnectivity-devel-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtconnectivity-examples-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdeclarative-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdeclarative-devel-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdeclarative-examples-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdeclarative-static-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdoc-5.15.2-1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtgraphicaleffects-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtimageformats-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtlocation-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtlocation-devel-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtlocation-examples-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtmultimedia-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtmultimedia-devel-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtmultimedia-examples-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols-examples-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols2-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols2-devel-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols2-examples-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtscript-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtscript-devel-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtscript-examples-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsensors-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsensors-devel-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsensors-examples-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialbus-5.15.2-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialbus-devel-5.15.2-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialbus-examples-5.15.2-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialport-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialport-devel-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialport-examples-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsvg-5.15.2-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsvg-devel-5.15.2-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsvg-examples-5.15.2-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-5.15.2-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-common-5.15.2-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-devel-5.15.2-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-examples-5.15.2-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-libs-designer-5.15.2-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-libs-designercomponents-5.15.2-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-libs-help-5.15.2-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-static-5.15.2-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttranslations-5.15.2-1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwayland-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwayland-devel-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwayland-examples-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebchannel-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebchannel-devel-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebchannel-examples-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebsockets-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebsockets-devel-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebsockets-examples-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtx11extras-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtx11extras-devel-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtxmlpatterns-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtxmlpatterns-devel-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtxmlpatterns-examples-5.15.2-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-rpm-macros-5.15.2-1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-srpm-macros-5.15.2-1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sip-4.19.24-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'adwaita-qt5-1.2.1-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libadwaita-qt5-1.2.1-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-qt5-rpm-macros-5.15.0-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-pyqt5-sip-4.19.24-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qt5-5.15.0-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qt5-base-5.15.0-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qt5-devel-5.15.0-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-sip-devel-4.19.24-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-wx-siplib-4.19.24-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qgnomeplatform-0.7.1-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-assistant-5.15.2-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-designer-5.15.2-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-devel-5.15.2-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-doctools-5.15.2-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-linguist-5.15.2-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qdbusviewer-5.15.2-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qt3d-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qt3d-devel-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qt3d-examples-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-5.15.2-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-common-5.15.2-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-devel-5.15.2-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-examples-5.15.2-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-gui-5.15.2-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-mysql-5.15.2-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-odbc-5.15.2-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-postgresql-5.15.2-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-private-devel-5.15.2-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-static-5.15.2-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtcanvas3d-5.12.5-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtcanvas3d-examples-5.12.5-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtconnectivity-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtconnectivity-devel-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtconnectivity-examples-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdeclarative-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdeclarative-devel-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdeclarative-examples-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdeclarative-static-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdoc-5.15.2-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtgraphicaleffects-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtimageformats-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtlocation-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtlocation-devel-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtlocation-examples-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtmultimedia-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtmultimedia-devel-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtmultimedia-examples-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols-examples-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols2-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols2-devel-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols2-examples-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtscript-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtscript-devel-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtscript-examples-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsensors-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsensors-devel-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsensors-examples-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialbus-5.15.2-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialbus-devel-5.15.2-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialbus-examples-5.15.2-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialport-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialport-devel-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialport-examples-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsvg-5.15.2-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsvg-devel-5.15.2-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsvg-examples-5.15.2-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-5.15.2-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-common-5.15.2-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-devel-5.15.2-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-examples-5.15.2-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-libs-designer-5.15.2-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-libs-designercomponents-5.15.2-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-libs-help-5.15.2-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-static-5.15.2-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttranslations-5.15.2-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwayland-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwayland-devel-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwayland-examples-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebchannel-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebchannel-devel-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebchannel-examples-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebsockets-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebsockets-devel-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebsockets-examples-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtx11extras-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtx11extras-devel-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtxmlpatterns-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtxmlpatterns-devel-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtxmlpatterns-examples-5.15.2-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-rpm-macros-5.15.2-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-srpm-macros-5.15.2-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sip-4.19.24-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'adwaita-qt5 / libadwaita-qt5 / python-qt5-rpm-macros / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-26T14:36:20", "description": "The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:4172 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : qt5 (ALSA-2021:4172)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3481"], "modified": "2022-12-13T00:00:00", "cpe": ["p-cpe:/a:alma:linux:adwaita-qt5", "p-cpe:/a:alma:linux:libadwaita-qt5", "p-cpe:/a:alma:linux:python-qt5-rpm-macros", "p-cpe:/a:alma:linux:python3-pyqt5-sip", "p-cpe:/a:alma:linux:python3-qt5", "p-cpe:/a:alma:linux:python3-qt5-base", "p-cpe:/a:alma:linux:python3-qt5-devel", "p-cpe:/a:alma:linux:python3-sip-devel", "p-cpe:/a:alma:linux:python3-wx-siplib", "p-cpe:/a:alma:linux:qgnomeplatform", "p-cpe:/a:alma:linux:qt5-assistant", "p-cpe:/a:alma:linux:qt5-designer", "p-cpe:/a:alma:linux:qt5-devel", "p-cpe:/a:alma:linux:qt5-doctools", "p-cpe:/a:alma:linux:qt5-linguist", "p-cpe:/a:alma:linux:qt5-qdbusviewer", "p-cpe:/a:alma:linux:qt5-qt3d", "p-cpe:/a:alma:linux:qt5-qt3d-devel", "p-cpe:/a:alma:linux:qt5-qt3d-examples", "p-cpe:/a:alma:linux:qt5-qtbase", "p-cpe:/a:alma:linux:qt5-qtbase-common", "p-cpe:/a:alma:linux:qt5-qtbase-devel", "p-cpe:/a:alma:linux:qt5-qtbase-examples", "p-cpe:/a:alma:linux:qt5-qtbase-gui", "p-cpe:/a:alma:linux:qt5-qtbase-mysql", "p-cpe:/a:alma:linux:qt5-qtbase-odbc", "p-cpe:/a:alma:linux:qt5-qtbase-postgresql", "p-cpe:/a:alma:linux:qt5-qtbase-private-devel", "p-cpe:/a:alma:linux:qt5-qtbase-static", "p-cpe:/a:alma:linux:qt5-qtcanvas3d", "p-cpe:/a:alma:linux:qt5-qtcanvas3d-examples", "p-cpe:/a:alma:linux:qt5-qtconnectivity", "p-cpe:/a:alma:linux:qt5-qtconnectivity-devel", "p-cpe:/a:alma:linux:qt5-qtconnectivity-examples", "p-cpe:/a:alma:linux:qt5-qtdeclarative", "p-cpe:/a:alma:linux:qt5-qtdeclarative-devel", "p-cpe:/a:alma:linux:qt5-qtdeclarative-examples", "p-cpe:/a:alma:linux:qt5-qtdeclarative-static", "p-cpe:/a:alma:linux:qt5-qtdoc", "p-cpe:/a:alma:linux:qt5-qtgraphicaleffects", "p-cpe:/a:alma:linux:qt5-qtimageformats", "p-cpe:/a:alma:linux:qt5-qtlocation", "p-cpe:/a:alma:linux:qt5-qtlocation-devel", "p-cpe:/a:alma:linux:qt5-qtlocation-examples", "p-cpe:/a:alma:linux:qt5-qtmultimedia", "p-cpe:/a:alma:linux:qt5-qtmultimedia-devel", "p-cpe:/a:alma:linux:qt5-qtmultimedia-examples", "p-cpe:/a:alma:linux:qt5-qtquickcontrols", "p-cpe:/a:alma:linux:qt5-qtquickcontrols-examples", "p-cpe:/a:alma:linux:qt5-qtquickcontrols2", "p-cpe:/a:alma:linux:qt5-qtquickcontrols2-devel", "p-cpe:/a:alma:linux:qt5-qtquickcontrols2-examples", "p-cpe:/a:alma:linux:qt5-qtscript", "p-cpe:/a:alma:linux:qt5-qtscript-devel", "p-cpe:/a:alma:linux:qt5-qtscript-examples", "p-cpe:/a:alma:linux:qt5-qtsensors", "p-cpe:/a:alma:linux:qt5-qtsensors-devel", "p-cpe:/a:alma:linux:qt5-qtsensors-examples", "p-cpe:/a:alma:linux:qt5-qtserialbus", "p-cpe:/a:alma:linux:qt5-qtserialbus-devel", "p-cpe:/a:alma:linux:qt5-qtserialbus-examples", "p-cpe:/a:alma:linux:qt5-qtserialport", "p-cpe:/a:alma:linux:qt5-qtserialport-devel", "p-cpe:/a:alma:linux:qt5-qtserialport-examples", "p-cpe:/a:alma:linux:qt5-qtsvg", "p-cpe:/a:alma:linux:qt5-qtsvg-devel", "p-cpe:/a:alma:linux:qt5-qtsvg-examples", "p-cpe:/a:alma:linux:qt5-qttools", "p-cpe:/a:alma:linux:qt5-qttools-common", "p-cpe:/a:alma:linux:qt5-qttools-devel", "p-cpe:/a:alma:linux:qt5-qttools-examples", "p-cpe:/a:alma:linux:qt5-qttools-libs-designer", "p-cpe:/a:alma:linux:qt5-qttools-libs-designercomponents", "p-cpe:/a:alma:linux:qt5-qttools-libs-help", "p-cpe:/a:alma:linux:qt5-qttools-static", "p-cpe:/a:alma:linux:qt5-qttranslations", "p-cpe:/a:alma:linux:qt5-qtwayland", "p-cpe:/a:alma:linux:qt5-qtwayland-devel", "p-cpe:/a:alma:linux:qt5-qtwayland-examples", "p-cpe:/a:alma:linux:qt5-qtwebchannel", "p-cpe:/a:alma:linux:qt5-qtwebchannel-devel", "p-cpe:/a:alma:linux:qt5-qtwebchannel-examples", "p-cpe:/a:alma:linux:qt5-qtwebsockets", "p-cpe:/a:alma:linux:qt5-qtwebsockets-devel", "p-cpe:/a:alma:linux:qt5-qtwebsockets-examples", "p-cpe:/a:alma:linux:qt5-qtx11extras", "p-cpe:/a:alma:linux:qt5-qtx11extras-devel", "p-cpe:/a:alma:linux:qt5-qtxmlpatterns", "p-cpe:/a:alma:linux:qt5-qtxmlpatterns-devel", "p-cpe:/a:alma:linux:qt5-qtxmlpatterns-examples", "p-cpe:/a:alma:linux:qt5-rpm-macros", "p-cpe:/a:alma:linux:qt5-srpm-macros", "p-cpe:/a:alma:linux:sip", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2021-4172.NASL", "href": "https://www.tenable.com/plugins/nessus/157564", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2021:4172.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157564);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/13\");\n\n script_cve_id(\"CVE-2021-3481\");\n script_xref(name:\"ALSA\", value:\"2021:4172\");\n\n script_name(english:\"AlmaLinux 8 : qt5 (ALSA-2021:4172)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the\nALSA-2021:4172 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2021-4172.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3481\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:adwaita-qt5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:libadwaita-qt5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python-qt5-rpm-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-pyqt5-sip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-qt5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-qt5-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-qt5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-sip-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-wx-siplib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qgnomeplatform\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-assistant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-designer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-doctools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-linguist\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qdbusviewer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qt3d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qt3d-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qt3d-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtbase-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtbase-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtbase-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtbase-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtbase-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtbase-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtbase-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtbase-private-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtbase-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtcanvas3d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtcanvas3d-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtconnectivity\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtconnectivity-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtconnectivity-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtdeclarative\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtdeclarative-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtdeclarative-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtdeclarative-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtgraphicaleffects\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtimageformats\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtlocation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtlocation-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtlocation-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtmultimedia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtmultimedia-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtmultimedia-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtquickcontrols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtquickcontrols-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtquickcontrols2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtquickcontrols2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtquickcontrols2-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtscript\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtscript-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtscript-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtsensors\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtsensors-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtsensors-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtserialbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtserialbus-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtserialbus-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtserialport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtserialport-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtserialport-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtsvg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtsvg-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtsvg-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qttools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qttools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qttools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qttools-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qttools-libs-designer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qttools-libs-designercomponents\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qttools-libs-help\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qttools-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qttranslations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtwayland\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtwayland-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtwayland-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtwebchannel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtwebchannel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtwebchannel-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtwebsockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtwebsockets-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtwebsockets-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtx11extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtx11extras-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtxmlpatterns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtxmlpatterns-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-qtxmlpatterns-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-rpm-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:qt5-srpm-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:sip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'adwaita-qt5-1.2.1-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'adwaita-qt5-1.2.1-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libadwaita-qt5-1.2.1-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libadwaita-qt5-1.2.1-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-qt5-rpm-macros-5.15.0-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-pyqt5-sip-4.19.24-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qt5-5.15.0-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qt5-5.15.0-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qt5-base-5.15.0-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qt5-base-5.15.0-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qt5-devel-5.15.0-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qt5-devel-5.15.0-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-sip-devel-4.19.24-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-sip-devel-4.19.24-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-wx-siplib-4.19.24-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qgnomeplatform-0.7.1-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qgnomeplatform-0.7.1-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-assistant-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-designer-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-devel-5.15.2-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-doctools-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-linguist-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qdbusviewer-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qt3d-5.15.2-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qt3d-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qt3d-devel-5.15.2-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qt3d-devel-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qt3d-examples-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-5.15.2-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-common-5.15.2-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-devel-5.15.2-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-devel-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-examples-5.15.2-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-examples-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-gui-5.15.2-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-gui-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-mysql-5.15.2-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-mysql-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-odbc-5.15.2-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-odbc-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-postgresql-5.15.2-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-postgresql-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-private-devel-5.15.2-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-private-devel-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-static-5.15.2-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtbase-static-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtcanvas3d-5.12.5-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtcanvas3d-5.12.5-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtcanvas3d-examples-5.12.5-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtconnectivity-5.15.2-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtconnectivity-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtconnectivity-devel-5.15.2-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtconnectivity-devel-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtconnectivity-examples-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdeclarative-5.15.2-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdeclarative-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdeclarative-devel-5.15.2-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdeclarative-devel-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdeclarative-examples-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdeclarative-static-5.15.2-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdeclarative-static-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtdoc-5.15.2-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtgraphicaleffects-5.15.2-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtgraphicaleffects-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtimageformats-5.15.2-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtimageformats-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtlocation-5.15.2-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtlocation-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtlocation-devel-5.15.2-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtlocation-devel-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtlocation-examples-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtmultimedia-5.15.2-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtmultimedia-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtmultimedia-devel-5.15.2-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtmultimedia-devel-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtmultimedia-examples-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols-5.15.2-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols-examples-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols2-5.15.2-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols2-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols2-devel-5.15.2-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols2-devel-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtquickcontrols2-examples-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtscript-5.15.2-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtscript-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtscript-devel-5.15.2-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtscript-devel-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtscript-examples-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsensors-5.15.2-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsensors-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsensors-devel-5.15.2-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsensors-devel-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsensors-examples-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialbus-5.15.2-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialbus-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialbus-devel-5.15.2-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialbus-devel-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialbus-examples-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialport-5.15.2-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialport-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialport-devel-5.15.2-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialport-devel-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtserialport-examples-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsvg-5.15.2-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsvg-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsvg-devel-5.15.2-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsvg-devel-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtsvg-examples-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-common-5.15.2-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-devel-5.15.2-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-devel-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-examples-5.15.2-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-examples-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-libs-designer-5.15.2-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-libs-designer-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-libs-designercomponents-5.15.2-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-libs-designercomponents-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-libs-help-5.15.2-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-libs-help-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-static-5.15.2-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttools-static-5.15.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qttranslations-5.15.2-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwayland-5.15.2-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwayland-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwayland-devel-5.15.2-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwayland-devel-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwayland-examples-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebchannel-5.15.2-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebchannel-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebchannel-devel-5.15.2-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebchannel-devel-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebchannel-examples-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebsockets-5.15.2-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebsockets-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebsockets-devel-5.15.2-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebsockets-devel-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtwebsockets-examples-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtx11extras-5.15.2-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtx11extras-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtx11extras-devel-5.15.2-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtx11extras-devel-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtxmlpatterns-5.15.2-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtxmlpatterns-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtxmlpatterns-devel-5.15.2-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtxmlpatterns-devel-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-qtxmlpatterns-examples-5.15.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-rpm-macros-5.15.2-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'qt5-srpm-macros-5.15.2-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sip-4.19.24-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'adwaita-qt5 / libadwaita-qt5 / python-qt5-rpm-macros / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-27T14:34:21", "description": "The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:3354-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2021-10-13T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : libqt5-qtsvg (SUSE-SU-2021:3354-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3481"], "modified": "2022-12-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libQt5Svg5", "p-cpe:/a:novell:suse_linux:libqt5-qtsvg-devel", "p-cpe:/a:novell:suse_linux:libqt5-qtsvg-private-headers-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-3354-1.NASL", "href": "https://www.tenable.com/plugins/nessus/154062", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:3354-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154062);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/13\");\n\n script_cve_id(\"CVE-2021-3481\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:3354-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : libqt5-qtsvg (SUSE-SU-2021:3354-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by a vulnerability as referenced in\nthe SUSE-SU-2021:3354-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the\napplication's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184783\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-October/009575.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1b9141ff\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3481\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libQt5Svg5, libqt5-qtsvg-devel and / or libqt5-qtsvg-private-headers-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3481\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQt5Svg5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt5-qtsvg-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt5-qtsvg-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2/3\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'libQt5Svg5-5.12.7-3.3.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.2'},\n {'reference':'libQt5Svg5-5.12.7-3.3.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.2'},\n {'reference':'libqt5-qtsvg-devel-5.12.7-3.3.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.2'},\n {'reference':'libqt5-qtsvg-devel-5.12.7-3.3.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.2'},\n {'reference':'libQt5Svg5-5.12.7-3.3.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libQt5Svg5-5.12.7-3.3.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libqt5-qtsvg-devel-5.12.7-3.3.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libqt5-qtsvg-devel-5.12.7-3.3.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libqt5-qtsvg-private-headers-devel-5.12.7-3.3.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-desktop-applications-release-15.2'},\n {'reference':'libqt5-qtsvg-private-headers-devel-5.12.7-3.3.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-desktop-applications-release-15.2'},\n {'reference':'libqt5-qtsvg-private-headers-devel-5.12.7-3.3.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-desktop-applications-release-15.3'},\n {'reference':'libqt5-qtsvg-private-headers-devel-5.12.7-3.3.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-desktop-applications-release-15.3'}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n if (!rpm_exists(release:release, rpm:exists_check)) continue;\n if ('ltss' >< tolower(exists_check)) ltss_caveat_required = TRUE;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libQt5Svg5 / libqt5-qtsvg-devel / libqt5-qtsvg-private-headers-devel');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-27T14:34:02", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:3354-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2021-10-13T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : libqt5-qtsvg (openSUSE-SU-2021:3354-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3481"], "modified": "2022-12-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libQt5Svg5", "p-cpe:/a:novell:opensuse:libQt5Svg5-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtsvg-devel", "p-cpe:/a:novell:opensuse:libqt5-qtsvg-devel-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtsvg-examples", "p-cpe:/a:novell:opensuse:libqt5-qtsvg-private-headers-devel", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2021-3354.NASL", "href": "https://www.tenable.com/plugins/nessus/154064", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:3354-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154064);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/13\");\n\n script_cve_id(\"CVE-2021-3481\");\n\n script_name(english:\"openSUSE 15 Security Update : libqt5-qtsvg (openSUSE-SU-2021:3354-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the\nopenSUSE-SU-2021:3354-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the\napplication's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184783\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BBFMOSZDI3WFGNU3EM54DUBD3HAM2LEV/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9351893b\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3481\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3481\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Svg5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Svg5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtsvg-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtsvg-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtsvg-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtsvg-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'libQt5Svg5-32bit-5.12.7-3.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libQt5Svg5-5.12.7-3.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libqt5-qtsvg-devel-32bit-5.12.7-3.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libqt5-qtsvg-devel-5.12.7-3.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libqt5-qtsvg-examples-5.12.7-3.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libqt5-qtsvg-private-headers-devel-5.12.7-3.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libQt5Svg5 / libQt5Svg5-32bit / libqt5-qtsvg-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-27T14:33:35", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1371-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2021-10-19T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : libqt5-qtsvg (openSUSE-SU-2021:1371-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3481"], "modified": "2022-12-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libQt5Svg5", "p-cpe:/a:novell:opensuse:libQt5Svg5-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtsvg-devel", "p-cpe:/a:novell:opensuse:libqt5-qtsvg-devel-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtsvg-examples", "p-cpe:/a:novell:opensuse:libqt5-qtsvg-private-headers-devel", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-1371.NASL", "href": "https://www.tenable.com/plugins/nessus/154209", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1371-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154209);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/13\");\n\n script_cve_id(\"CVE-2021-3481\");\n\n script_name(english:\"openSUSE 15 Security Update : libqt5-qtsvg (openSUSE-SU-2021:1371-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the\nopenSUSE-SU-2021:1371-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the\napplication's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184783\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WUQQL3BSIDANFVPIE65N7IJDJSBTEPHN/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?17760ca7\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3481\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3481\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Svg5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Svg5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtsvg-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtsvg-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtsvg-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtsvg-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'libQt5Svg5-32bit-5.12.7-lp152.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libQt5Svg5-5.12.7-lp152.2.3.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libqt5-qtsvg-devel-32bit-5.12.7-lp152.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libqt5-qtsvg-devel-5.12.7-lp152.2.3.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libqt5-qtsvg-examples-5.12.7-lp152.2.3.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libqt5-qtsvg-private-headers-devel-5.12.7-lp152.2.3.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libQt5Svg5 / libQt5Svg5-32bit / libqt5-qtsvg-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-25T14:39:21", "description": "The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2895 advisory.\n\n - Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend (called from QPainterPath::addPath and QPathClipper::intersect). (CVE-2021-45930)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2022-01-24T00:00:00", "type": "nessus", "title": "Debian DLA-2895-1 : qt4-x11 - LTS security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3481", "CVE-2021-45930"], "modified": "2022-08-25T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libqt4-dbg", "p-cpe:/a:debian:debian_linux:libqt4-dbus", "p-cpe:/a:debian:debian_linux:libqt4-declarative", "p-cpe:/a:debian:debian_linux:libqt4-declarative-folderlistmodel", "p-cpe:/a:debian:debian_linux:libqt4-declarative-gestures", "p-cpe:/a:debian:debian_linux:libqt4-declarative-particles", "p-cpe:/a:debian:debian_linux:libqt4-declarative-shaders", "p-cpe:/a:debian:debian_linux:libqt4-designer", "p-cpe:/a:debian:debian_linux:libqt4-designer-dbg", "p-cpe:/a:debian:debian_linux:libqt4-dev", "p-cpe:/a:debian:debian_linux:libqt4-dev-bin", "p-cpe:/a:debian:debian_linux:libqt4-help", "p-cpe:/a:debian:debian_linux:libqt4-network", "p-cpe:/a:debian:debian_linux:libqt4-opengl", "p-cpe:/a:debian:debian_linux:libqt4-opengl-dev", "p-cpe:/a:debian:debian_linux:libqt4-phonon", "p-cpe:/a:debian:debian_linux:libqt4-qt3support", "p-cpe:/a:debian:debian_linux:libqt4-qt3support-dbg", "p-cpe:/a:debian:debian_linux:libqt4-script", "p-cpe:/a:debian:debian_linux:libqt4-script-dbg", "p-cpe:/a:debian:debian_linux:libqt4-scripttools", "p-cpe:/a:debian:debian_linux:libqt4-sql", "p-cpe:/a:debian:debian_linux:libqt4-sql-ibase", "p-cpe:/a:debian:debian_linux:libqt4-sql-mysql", "p-cpe:/a:debian:debian_linux:libqt4-sql-odbc", "p-cpe:/a:debian:debian_linux:libqt4-sql-psql", "p-cpe:/a:debian:debian_linux:libqt4-sql-sqlite", "p-cpe:/a:debian:debian_linux:libqt4-sql-sqlite2", "p-cpe:/a:debian:debian_linux:libqt4-sql-tds", "p-cpe:/a:debian:debian_linux:libqt4-svg", "p-cpe:/a:debian:debian_linux:libqt4-test", "p-cpe:/a:debian:debian_linux:libqt4-xml", "p-cpe:/a:debian:debian_linux:libqt4-xmlpatterns", "p-cpe:/a:debian:debian_linux:libqt4-xmlpatterns-dbg", "p-cpe:/a:debian:debian_linux:libqtcore4", "p-cpe:/a:debian:debian_linux:libqtdbus4", "p-cpe:/a:debian:debian_linux:libqtgui4", "p-cpe:/a:debian:debian_linux:qdbus", "p-cpe:/a:debian:debian_linux:qt4-bin-dbg", "p-cpe:/a:debian:debian_linux:qt4-default", "p-cpe:/a:debian:debian_linux:qt4-demos", "p-cpe:/a:debian:debian_linux:qt4-demos-dbg", "p-cpe:/a:debian:debian_linux:qt4-designer", "p-cpe:/a:debian:debian_linux:qt4-dev-tools", "p-cpe:/a:debian:debian_linux:qt4-doc", "p-cpe:/a:debian:debian_linux:qt4-doc-html", "p-cpe:/a:debian:debian_linux:qt4-linguist-tools", "p-cpe:/a:debian:debian_linux:qt4-qmake", "p-cpe:/a:debian:debian_linux:qt4-qmlviewer", "p-cpe:/a:debian:debian_linux:qt4-qtconfig", "p-cpe:/a:debian:debian_linux:qtcore4-l10n", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2895.NASL", "href": "https://www.tenable.com/plugins/nessus/157047", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dla-2895. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157047);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/08/25\");\n\n script_cve_id(\"CVE-2021-3481\", \"CVE-2021-45930\");\n\n script_name(english:\"Debian DLA-2895-1 : qt4-x11 - LTS security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndla-2895 advisory.\n\n - Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in\n QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend (called from QPainterPath::addPath and\n QPathClipper::intersect). (CVE-2021-45930)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986798\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/qt4-x11\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/lts/security/2022/dla-2895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-3481\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-45930\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/stretch/qt4-x11\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the qt4-x11 packages.\n\nFor Debian 9 stretch, these problems have been fixed in version 4\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-45930\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-3481\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-dbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-declarative\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-declarative-folderlistmodel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-declarative-gestures\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-declarative-particles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-declarative-shaders\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-designer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-designer-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-dev-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-help\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-opengl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-opengl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-phonon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-qt3support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-qt3support-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-script\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-script-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-scripttools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-sql-ibase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-sql-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-sql-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-sql-psql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-sql-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-sql-sqlite2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-sql-tds\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-svg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-xmlpatterns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt4-xmlpatterns-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqtcore4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqtdbus4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqtgui4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qdbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt4-bin-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt4-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt4-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt4-demos-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt4-designer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt4-dev-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt4-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt4-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt4-linguist-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt4-qmake\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt4-qmlviewer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qt4-qtconfig\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qtcore4-l10n\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"false\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(9)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 9.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '9.0', 'prefix': 'libqt4-dbg', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'libqt4-dbus', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'libqt4-declarative', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'libqt4-declarative-folderlistmodel', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'libqt4-declarative-gestures', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'libqt4-declarative-particles', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'libqt4-declarative-shaders', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'libqt4-designer', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'libqt4-designer-dbg', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'libqt4-dev', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'libqt4-dev-bin', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'libqt4-help', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'libqt4-network', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'libqt4-opengl', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'libqt4-opengl-dev', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'libqt4-phonon', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'libqt4-qt3support', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'libqt4-qt3support-dbg', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'libqt4-script', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'libqt4-script-dbg', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'libqt4-scripttools', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'libqt4-sql', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'libqt4-sql-ibase', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'libqt4-sql-mysql', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'libqt4-sql-odbc', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'libqt4-sql-psql', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'libqt4-sql-sqlite', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'libqt4-sql-sqlite2', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'libqt4-sql-tds', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'libqt4-svg', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'libqt4-test', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'libqt4-xml', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'libqt4-xmlpatterns', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'libqt4-xmlpatterns-dbg', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'libqtcore4', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'libqtdbus4', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'libqtgui4', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'qdbus', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'qt4-bin-dbg', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'qt4-default', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'qt4-demos', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'qt4-demos-dbg', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'qt4-designer', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'qt4-dev-tools', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'qt4-doc', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'qt4-doc-html', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'qt4-linguist-tools', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'qt4-qmake', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'qt4-qmlviewer', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'qt4-qtconfig', 'reference': '4:4.8.7+dfsg-11+deb9u3'},\n {'release': '9.0', 'prefix': 'qtcore4-l10n', 'reference': '4:4.8.7+dfsg-11+deb9u3'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libqt4-dbg / libqt4-dbus / libqt4-declarative / etc');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-26T14:52:35", "description": "The remote SUSE Linux SLED12 / SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:4155-1 advisory.\n\n - An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read. (CVE-2020-17507)\n\n - qt: Out of bounds read in function QRadialFetchSimd from crafted svg file (CVE-2021-3481)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2021-12-25T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : libqt4 (SUSE-SU-2021:4155-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17507", "CVE-2021-3481"], "modified": "2022-08-25T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libqt4", "p-cpe:/a:novell:suse_linux:libqt4-32bit", "p-cpe:/a:novell:suse_linux:libqt4-devel", "p-cpe:/a:novell:suse_linux:libqt4-devel-doc", "p-cpe:/a:novell:suse_linux:libqt4-devel-doc-data", "p-cpe:/a:novell:suse_linux:libqt4-linguist", "p-cpe:/a:novell:suse_linux:libqt4-private-headers-devel", "p-cpe:/a:novell:suse_linux:libqt4-qt3support", "p-cpe:/a:novell:suse_linux:libqt4-qt3support-32bit", "p-cpe:/a:novell:suse_linux:libqt4-sql", "p-cpe:/a:novell:suse_linux:libqt4-sql-32bit", "p-cpe:/a:novell:suse_linux:libqt4-sql-mysql", "p-cpe:/a:novell:suse_linux:libqt4-sql-mysql-32bit", "p-cpe:/a:novell:suse_linux:libqt4-sql-postgresql", "p-cpe:/a:novell:suse_linux:libqt4-sql-postgresql-32bit", "p-cpe:/a:novell:suse_linux:libqt4-sql-sqlite", "p-cpe:/a:novell:suse_linux:libqt4-sql-sqlite-32bit", "p-cpe:/a:novell:suse_linux:libqt4-sql-unixODBC", "p-cpe:/a:novell:suse_linux:libqt4-sql-unixODBC-32bit", "p-cpe:/a:novell:suse_linux:libqt4-x11", "p-cpe:/a:novell:suse_linux:libqt4-x11-32bit", "p-cpe:/a:novell:suse_linux:qt4-x11-tools", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-4155-1.NASL", "href": "https://www.tenable.com/plugins/nessus/156285", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:4155-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156285);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/08/25\");\n\n script_cve_id(\"CVE-2020-17507\", \"CVE-2021-3481\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:4155-1\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : libqt4 (SUSE-SU-2021:4155-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED12 / SLES12 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2021:4155-1 advisory.\n\n - An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in\n gui/image/qxbmhandler.cpp has a buffer over-read. (CVE-2020-17507)\n\n - qt: Out of bounds read in function QRadialFetchSimd from crafted svg file (CVE-2021-3481)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184783\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-December/009927.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0532df3f\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-17507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3481\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-17507\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-3481\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-devel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-devel-doc-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-linguist\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-qt3support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-qt3support-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-sql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-sql-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-sql-mysql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-sql-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-sql-postgresql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-sql-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-sql-sqlite-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-sql-unixODBC\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-sql-unixODBC-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libqt4-x11-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qt4-x11-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"false\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED12 / SLES12', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP5\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'libqt4-32bit-4.8.7-8.16.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'libqt4-4.8.7-8.16.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'libqt4-qt3support-32bit-4.8.7-8.16.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'libqt4-qt3support-4.8.7-8.16.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'libqt4-sql-32bit-4.8.7-8.16.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'libqt4-sql-4.8.7-8.16.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'libqt4-sql-mysql-4.8.7-8.16.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'libqt4-sql-sqlite-4.8.7-8.16.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'libqt4-x11-32bit-4.8.7-8.16.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'libqt4-x11-4.8.7-8.16.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'qt4-x11-tools-4.8.7-8.16.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'libqt4-devel-4.8.7-8.16.1', 'sp':'5', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'libqt4-devel-4.8.7-8.16.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'libqt4-devel-doc-4.8.7-8.16.2', 'sp':'5', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'libqt4-devel-doc-4.8.7-8.16.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'libqt4-devel-doc-data-4.8.7-8.16.2', 'sp':'5', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'libqt4-devel-doc-data-4.8.7-8.16.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'libqt4-linguist-4.8.7-8.16.1', 'sp':'5', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'libqt4-linguist-4.8.7-8.16.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'libqt4-private-headers-devel-4.8.7-8.16.1', 'sp':'5', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'libqt4-private-headers-devel-4.8.7-8.16.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'libqt4-sql-postgresql-32bit-4.8.7-8.16.1', 'sp':'5', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'libqt4-sql-postgresql-32bit-4.8.7-8.16.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'libqt4-sql-postgresql-4.8.7-8.16.1', 'sp':'5', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'libqt4-sql-postgresql-4.8.7-8.16.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'libqt4-sql-unixODBC-32bit-4.8.7-8.16.1', 'sp':'5', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'libqt4-sql-unixODBC-32bit-4.8.7-8.16.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'libqt4-sql-unixODBC-4.8.7-8.16.1', 'sp':'5', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'libqt4-sql-unixODBC-4.8.7-8.16.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'libqt4-sql-mysql-32bit-4.8.7-8.16.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-12.5'},\n {'reference':'libqt4-sql-mysql-32bit-4.8.7-8.16.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-12.5'},\n {'reference':'libqt4-sql-postgresql-32bit-4.8.7-8.16.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-12.5'},\n {'reference':'libqt4-sql-postgresql-32bit-4.8.7-8.16.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-12.5'},\n {'reference':'libqt4-sql-postgresql-4.8.7-8.16.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-12.5'},\n {'reference':'libqt4-sql-postgresql-4.8.7-8.16.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-12.5'},\n {'reference':'libqt4-sql-sqlite-32bit-4.8.7-8.16.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-12.5'},\n {'reference':'libqt4-sql-sqlite-32bit-4.8.7-8.16.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-12.5'},\n {'reference':'libqt4-sql-unixODBC-32bit-4.8.7-8.16.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-12.5'},\n {'reference':'libqt4-sql-unixODBC-32bit-4.8.7-8.16.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-12.5'},\n {'reference':'libqt4-sql-unixODBC-4.8.7-8.16.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-12.5'},\n {'reference':'libqt4-sql-unixODBC-4.8.7-8.16.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-12.5'},\n {'reference':'libqt4-32bit-4.8.7-8.16.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'libqt4-4.8.7-8.16.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'libqt4-qt3support-32bit-4.8.7-8.16.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'libqt4-qt3support-4.8.7-8.16.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'libqt4-sql-32bit-4.8.7-8.16.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'libqt4-sql-4.8.7-8.16.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'libqt4-sql-mysql-4.8.7-8.16.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'libqt4-sql-sqlite-4.8.7-8.16.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'libqt4-x11-32bit-4.8.7-8.16.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'libqt4-x11-4.8.7-8.16.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'qt4-x11-tools-4.8.7-8.16.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n if (!rpm_exists(release:release, rpm:exists_check)) continue;\n if ('ltss' >< tolower(exists_check)) ltss_caveat_required = TRUE;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libqt4 / libqt4-32bit / libqt4-devel / libqt4-devel-doc / etc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-26T14:34:21", "description": "The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2885 advisory.\n\n - Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend (called from QPainterPath::addPath and QPathClipper::intersect). (CVE-2021-45930)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2022-01-23T00:00:00", "type": "nessus", "title": "Debian DLA-2885-1 : qtsvg-opensource-src - LTS security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3481", "CVE-2021-45930"], "modified": "2022-08-25T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libqt5svg5", "p-cpe:/a:debian:debian_linux:libqt5svg5-dev", "p-cpe:/a:debian:debian_linux:qtsvg5-dbg", "p-cpe:/a:debian:debian_linux:qtsvg5-doc", "p-cpe:/a:debian:debian_linux:qtsvg5-doc-html", "p-cpe:/a:debian:debian_linux:qtsvg5-examples", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2885.NASL", "href": "https://www.tenable.com/plugins/nessus/156964", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dla-2885. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156964);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/08/25\");\n\n script_cve_id(\"CVE-2021-3481\", \"CVE-2021-45930\");\n\n script_name(english:\"Debian DLA-2885-1 : qtsvg-opensource-src - LTS security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndla-2885 advisory.\n\n - Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in\n QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend (called from QPainterPath::addPath and\n QPathClipper::intersect). (CVE-2021-45930)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986798\");\n # https://security-tracker.debian.org/tracker/source-package/qtsvg-opensource-src\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?de7057e6\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/lts/security/2022/dla-2885\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-3481\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-45930\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/stretch/qtsvg-opensource-src\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the qtsvg-opensource-src packages.\n\nFor Debian 9 stretch, these problems have been fixed in version 5.7.1~20161021-2.1+deb9u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-45930\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-3481\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt5svg5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqt5svg5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qtsvg5-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qtsvg5-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qtsvg5-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qtsvg5-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"false\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(9)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 9.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '9.0', 'prefix': 'libqt5svg5', 'reference': '5.7.1~20161021-2.1+deb9u1'},\n {'release': '9.0', 'prefix': 'libqt5svg5-dev', 'reference': '5.7.1~20161021-2.1+deb9u1'},\n {'release': '9.0', 'prefix': 'qtsvg5-dbg', 'reference': '5.7.1~20161021-2.1+deb9u1'},\n {'release': '9.0', 'prefix': 'qtsvg5-doc', 'reference': '5.7.1~20161021-2.1+deb9u1'},\n {'release': '9.0', 'prefix': 'qtsvg5-doc-html', 'reference': '5.7.1~20161021-2.1+deb9u1'},\n {'release': '9.0', 'prefix': 'qtsvg5-examples', 'reference': '5.7.1~20161021-2.1+deb9u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libqt5svg5 / libqt5svg5-dev / qtsvg5-dbg / qtsvg5-doc / etc');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-26T14:35:35", "description": "The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5241-1 advisory.\n\n - An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp. (CVE-2018-19869)\n\n - Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend (called from QPainterPath::addPath and QPathClipper::intersect). (CVE-2021-45930)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2022-01-20T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS : QtSvg vulnerabilities (USN-5241-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-19869", "CVE-2021-3481", "CVE-2021-45930"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libqt5svg5", "p-cpe:/a:canonical:ubuntu_linux:libqt5svg5-dev", "p-cpe:/a:canonical:ubuntu_linux:qtsvg5-examples"], "id": "UBUNTU_USN-5241-1.NASL", "href": "https://www.tenable.com/plugins/nessus/156880", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5241-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156880);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2018-19869\", \"CVE-2021-3481\", \"CVE-2021-45930\");\n script_xref(name:\"USN\", value:\"5241-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS : QtSvg vulnerabilities (USN-5241-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-5241-1 advisory.\n\n - An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in\n qsvghandler.cpp. (CVE-2018-19869)\n\n - Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in\n QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend (called from QPainterPath::addPath and\n QPathClipper::intersect). (CVE-2021-45930)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5241-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libqt5svg5, libqt5svg5-dev and / or qtsvg5-examples packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-45930\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-3481\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libqt5svg5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libqt5svg5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qtsvg5-examples\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"false\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\nvar pkgs = [\n {'osver': '18.04', 'pkgname': 'libqt5svg5', 'pkgver': '5.9.5-0ubuntu1.1'},\n {'osver': '18.04', 'pkgname': 'libqt5svg5-dev', 'pkgver': '5.9.5-0ubuntu1.1'},\n {'osver': '18.04', 'pkgname': 'qtsvg5-examples', 'pkgver': '5.9.5-0ubuntu1.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libqt5svg5 / libqt5svg5-dev / qtsvg5-examples');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2022-08-25T06:22:34", "description": "- -----------------------------------------------------------------------\nDebian LTS Advisory DLA-2885-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Utkarsh Gupta\nJanuary 17, 2022 https://wiki.debian.org/LTS\n- -----------------------------------------------------------------------\n\nPackage : qtsvg-opensource-src\nVersion : 5.7.1~20161021-2.1+deb9u1\nCVE ID : CVE-2021-3481 CVE-2021-45930\nDebian Bug : 986798 1002991\n\nMultiple out-of-bounds error were discovered in qtsvg-opensource-src.\nThe highest threat from CVE-2021-3481 (at least) is to data\nconfidentiality the application availability.\n\nFor Debian 9 stretch, these problems have been fixed in version\n5.7.1~20161021-2.1+deb9u1.\n\nWe recommend that you upgrade your qtsvg-opensource-src packages.\n\nFor the detailed security status of qtsvg-opensource-src please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/qtsvg-opensource-src\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2022-01-23T20:47:44", "type": "debian", "title": "[SECURITY] [DLA 2885-1] qtsvg-opensource-src security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3481", "CVE-2021-45930"], "modified": "2022-01-23T20:47:44", "id": "DEBIAN:DLA-2885-1:0A4E0", "href": "https://lists.debian.org/debian-lts-announce/2022/01/msg00020.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-25T06:22:32", "description": "- -----------------------------------------------------------------------\nDebian LTS Advisory DLA-2895-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Utkarsh Gupta\nJanuary 24, 2022 https://wiki.debian.org/LTS\n- -----------------------------------------------------------------------\n\nPackage : qt4-x11\nVersion : 4:4.8.7+dfsg-11+deb9u3\nCVE ID : CVE-2021-3481 CVE-2021-45930\nDebian Bug : 986798 1002991\n\nMultiple out-of-bounds error were discovered in qt4-x11.\nThe highest threat from CVE-2021-3481 (at least) is to data\nconfidentiality the application availability.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4:4.8.7+dfsg-11+deb9u3.\n\nWe recommend that you upgrade your qt4-x11 packages.\n\nFor the detailed security status of qt4-x11 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/qt4-x11\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2022-01-24T17:33:30", "type": "debian", "title": "[SECURITY] [DLA 2895-1] qt4-x11 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3481", "CVE-2021-45930"], "modified": "2022-01-24T17:33:30", "id": "DEBIAN:DLA-2895-1:B4895", "href": "https://lists.debian.org/debian-lts-announce/2022/01/msg00022.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "osv": [{"lastseen": "2022-08-05T05:19:19", "description": "\nMultiple out-of-bounds error were discovered in qt4-x11.\nThe highest threat from [CVE-2021-3481](https://security-tracker.debian.org/tracker/CVE-2021-3481) (at least) is to data\nconfidentiality the application availability.\n\n\nFor Debian 9 stretch, these problems have been fixed in version\n4:4.8.7+dfsg-11+deb9u3.\n\n\nWe recommend that you upgrade your qt4-x11 packages.\n\n\nFor the detailed security status of qt4-x11 please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/qt4-x11>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-01-24T00:00:00", "type": "osv", "title": "qt4-x11 - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-45930", "CVE-2021-3481"], "modified": "2022-08-05T05:19:17", "id": "OSV:DLA-2895-1", "href": "https://osv.dev/vulnerability/DLA-2895-1", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-05T05:19:18", "description": "\nMultiple out-of-bounds error were discovered in qtsvg-opensource-src.\nThe highest threat from [CVE-2021-3481](https://security-tracker.debian.org/tracker/CVE-2021-3481) (at least) is to data\nconfidentiality the application availability.\n\n\nFor Debian 9 stretch, these problems have been fixed in version\n5.7.1~20161021-2.1+deb9u1.\n\n\nWe recommend that you upgrade your qtsvg-opensource-src packages.\n\n\nFor the detailed security status of qtsvg-opensource-src please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/qtsvg-opensource-src>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-01-24T00:00:00", "type": "osv", "title": "qtsvg-opensource-src - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-45930", "CVE-2021-3481"], "modified": "2022-08-05T05:19:16", "id": "OSV:DLA-2885-1", "href": "https://osv.dev/vulnerability/DLA-2885-1", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2023-01-26T15:16:48", "description": "## Releases\n\n * Ubuntu 18.04 LTS\n\n## Packages\n\n * qtsvg-opensource-src \\- Qt 5 SVG module\n\nIt was discovered that QtSvg incorrectly handled certain malformed SVG \nimages. If a user or automated system were tricked into opening a specially \ncrafted image file, a remote attacker could use this issue to cause QtSvg \nto crash, resulting in a denial of service, or possibly execute arbitrary \ncode.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2022-01-19T00:00:00", "type": "ubuntu", "title": "QtSvg vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-19869", "CVE-2021-3481", "CVE-2021-45930"], "modified": "2022-01-19T00:00:00", "id": "USN-5241-1", "href": "https://ubuntu.com/security/notices/USN-5241-1", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}]}