Vulnerabilities > CVE-2014-0190 - NULL Pointer Dereference vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2014-6083.NASL description New upstream stable bugfix release, as well as a fix for : DoS vulnerability in the GIF image handler (QTBUG-38367). See also http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-05-25 plugin id 74165 published 2014-05-25 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74165 title Fedora 19 : qt-4.8.6-5.fc19 (2014-6083) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2014-6083. # include("compat.inc"); if (description) { script_id(74165); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-0190"); script_bugtraq_id(67087); script_xref(name:"FEDORA", value:"2014-6083"); script_name(english:"Fedora 19 : qt-4.8.6-5.fc19 (2014-6083)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "New upstream stable bugfix release, as well as a fix for : DoS vulnerability in the GIF image handler (QTBUG-38367). See also http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?932c61c6" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1088142" ); # https://lists.fedoraproject.org/pipermail/package-announce/2014-May/133633.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?31256464" ); script_set_attribute(attribute:"solution", value:"Update the affected qt package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:qt"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19"); script_set_attribute(attribute:"patch_publication_date", value:"2014/05/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^19([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC19", reference:"qt-4.8.6-5.fc19")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qt"); }NASL family Fedora Local Security Checks NASL id FEDORA_2014-6003.NASL description - Update to 4.8.6 - Fix DoS vulnerability in the GIF image handler (QTBUG-38367) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-05-14 plugin id 74001 published 2014-05-14 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74001 title Fedora 20 : mingw-qt-4.8.6-1.fc20 (2014-6003) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2014-6003. # include("compat.inc"); if (description) { script_id(74001); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-0190"); script_xref(name:"FEDORA", value:"2014-6003"); script_name(english:"Fedora 20 : mingw-qt-4.8.6-1.fc20 (2014-6003)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Update to 4.8.6 - Fix DoS vulnerability in the GIF image handler (QTBUG-38367) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1092836" ); # https://lists.fedoraproject.org/pipermail/package-announce/2014-May/133278.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e3986f5f" ); script_set_attribute( attribute:"solution", value:"Update the affected mingw-qt package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mingw-qt"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20"); script_set_attribute(attribute:"patch_publication_date", value:"2014/05/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC20", reference:"mingw-qt-4.8.6-1.fc20")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mingw-qt"); }NASL family Fedora Local Security Checks NASL id FEDORA_2014-6028.NASL description - Update to 4.8.6 - Fix DoS vulnerability in the GIF image handler (QTBUG-38367) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-05-14 plugin id 74002 published 2014-05-14 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74002 title Fedora 19 : mingw-qt-4.8.6-1.fc19 (2014-6028) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2014-6028. # include("compat.inc"); if (description) { script_id(74002); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-0190"); script_xref(name:"FEDORA", value:"2014-6028"); script_name(english:"Fedora 19 : mingw-qt-4.8.6-1.fc19 (2014-6028)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Update to 4.8.6 - Fix DoS vulnerability in the GIF image handler (QTBUG-38367) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1092836" ); # https://lists.fedoraproject.org/pipermail/package-announce/2014-May/133279.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e07b6f2e" ); script_set_attribute( attribute:"solution", value:"Update the affected mingw-qt package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mingw-qt"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19"); script_set_attribute(attribute:"patch_publication_date", value:"2014/05/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^19([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC19", reference:"mingw-qt-4.8.6-1.fc19")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mingw-qt"); }NASL family Fedora Local Security Checks NASL id FEDORA_2014-6922.NASL description This update fixes a DoS in the Qt 3 GIF image handler (CVE-2014-0190, QTBUG-38367), through a patch backported from Qt 4. It also fixes the path settings in qt.sh for ppc64le, and in qt.csh for both ppc64 and ppc64le. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-06-10 plugin id 74409 published 2014-06-10 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74409 title Fedora 20 : qt3-3.3.8b-58.fc20 (2014-6922) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2014-6922. # include("compat.inc"); if (description) { script_id(74409); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-0190"); script_bugtraq_id(67087); script_xref(name:"FEDORA", value:"2014-6922"); script_name(english:"Fedora 20 : qt3-3.3.8b-58.fc20 (2014-6922)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update fixes a DoS in the Qt 3 GIF image handler (CVE-2014-0190, QTBUG-38367), through a patch backported from Qt 4. It also fixes the path settings in qt.sh for ppc64le, and in qt.csh for both ppc64 and ppc64le. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2014-June/134040.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?557c998a" ); script_set_attribute(attribute:"solution", value:"Update the affected qt3 package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:qt3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20"); script_set_attribute(attribute:"patch_publication_date", value:"2014/05/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC20", reference:"qt3-3.3.8b-58.fc20")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qt3"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-251.NASL description KDE and QT were updated to fix security issues and bugs. The following vulerabilities were fixed : - CVE-2014-0190: Malformed GIF files could have crashed QT based applications - CVE-2015-0295: Malformed BMP files could have crashed QT based applications - CVE-2014-8600: Multiple cross-site scripting (XSS) vulnerabilities in the KDE runtime could have allowed remote attackers to insert arbitrary web script or HTML via crafted URIs using one of several supported URL schemes - CVE-2014-8483: A missing size check in the Blowfish ECB could have lead to a crash of Konversation or 11 byte information leak - CVE-2014-3494: The KMail POP3 kioslave accepted invalid certifiates and allowed a man-in-the-middle (MITM) attack Additionally, Konversation was updated to 1.5.1 to fix bugs. last seen 2020-06-05 modified 2015-03-24 plugin id 82014 published 2015-03-24 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82014 title openSUSE Security Update : kdebase4-runtime / kdelibs4 / konversation / etc (openSUSE-2015-251) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2015-251. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(82014); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2014-0190", "CVE-2014-3494", "CVE-2014-8483", "CVE-2014-8600", "CVE-2015-0295"); script_name(english:"openSUSE Security Update : kdebase4-runtime / kdelibs4 / konversation / etc (openSUSE-2015-251)"); script_summary(english:"Check for the openSUSE-2015-251 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "KDE and QT were updated to fix security issues and bugs. The following vulerabilities were fixed : - CVE-2014-0190: Malformed GIF files could have crashed QT based applications - CVE-2015-0295: Malformed BMP files could have crashed QT based applications - CVE-2014-8600: Multiple cross-site scripting (XSS) vulnerabilities in the KDE runtime could have allowed remote attackers to insert arbitrary web script or HTML via crafted URIs using one of several supported URL schemes - CVE-2014-8483: A missing size check in the Blowfish ECB could have lead to a crash of Konversation or 11 byte information leak - CVE-2014-3494: The KMail POP3 kioslave accepted invalid certifiates and allowed a man-in-the-middle (MITM) attack Additionally, Konversation was updated to 1.5.1 to fix bugs." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=875470" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=883374" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=902670" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=905742" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=921999" ); script_set_attribute( attribute:"solution", value:"Update the affected kdebase4-runtime / kdelibs4 / konversation / etc packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdebase4-runtime"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdebase4-runtime-branding-upstream"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdebase4-runtime-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdebase4-runtime-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdebase4-runtime-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdelibs4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdelibs4-apidocs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdelibs4-branding-upstream"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdelibs4-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdelibs4-core-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdelibs4-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdelibs4-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kdelibs4-doc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:konversation"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:konversation-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:konversation-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:konversation-lang"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kwebkitpart"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kwebkitpart-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kwebkitpart-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kwebkitpart-lang"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libkde4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libkde4-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libkde4-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libkde4-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libkde4-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libkdecore4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libkdecore4-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libkdecore4-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libkdecore4-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libkdecore4-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libkdecore4-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libksuseinstall-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libksuseinstall1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libksuseinstall1-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libksuseinstall1-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libksuseinstall1-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-devel-doc-data"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-devel-doc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-devel-doc-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-linguist"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-linguist-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-private-headers-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-qt3support"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-qt3support-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-sql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-sql-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-sql-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-sql-mysql-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-sql-mysql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-sql-mysql-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-sql-plugins-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-sql-postgresql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-x11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-x11-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:plasma-theme-oxygen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qt4-x11-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qt4-x11-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1"); script_set_attribute(attribute:"patch_publication_date", value:"2015/03/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE13.1", reference:"kdebase4-runtime-4.11.5-482.6") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"kdebase4-runtime-branding-upstream-4.11.5-482.6") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"kdebase4-runtime-debuginfo-4.11.5-482.6") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"kdebase4-runtime-debugsource-4.11.5-482.6") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"kdebase4-runtime-devel-4.11.5-482.6") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"kdelibs4-4.11.5-488.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"kdelibs4-apidocs-4.11.5-488.3") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"kdelibs4-branding-upstream-4.11.5-488.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"kdelibs4-core-4.11.5-488.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"kdelibs4-core-debuginfo-4.11.5-488.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"kdelibs4-debuginfo-4.11.5-488.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"kdelibs4-debugsource-4.11.5-488.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"kdelibs4-doc-debuginfo-4.11.5-488.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"konversation-1.5.1-3.4.3") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"konversation-debuginfo-1.5.1-3.4.3") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"konversation-debugsource-1.5.1-3.4.3") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"konversation-lang-1.5.1-3.4.3") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"kwebkitpart-1.3.3-2.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"kwebkitpart-debuginfo-1.3.3-2.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"kwebkitpart-debugsource-1.3.3-2.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"kwebkitpart-lang-1.3.3-2.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libkde4-4.11.5-488.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libkde4-debuginfo-4.11.5-488.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libkde4-devel-4.11.5-488.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libkdecore4-4.11.5-488.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libkdecore4-debuginfo-4.11.5-488.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libkdecore4-devel-4.11.5-488.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libkdecore4-devel-debuginfo-4.11.5-488.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libksuseinstall-devel-4.11.5-488.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libksuseinstall1-4.11.5-488.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libksuseinstall1-debuginfo-4.11.5-488.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libqt4-4.8.5-5.17.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libqt4-debuginfo-4.8.5-5.17.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libqt4-debugsource-4.8.5-5.17.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libqt4-devel-4.8.5-5.17.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libqt4-devel-debuginfo-4.8.5-5.17.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libqt4-devel-doc-data-4.8.5-5.17.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libqt4-devel-doc-debuginfo-4.8.5-5.17.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libqt4-devel-doc-debugsource-4.8.5-5.17.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libqt4-linguist-4.8.5-5.17.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libqt4-linguist-debuginfo-4.8.5-5.17.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libqt4-private-headers-devel-4.8.5-5.17.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libqt4-qt3support-4.8.5-5.17.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libqt4-qt3support-debuginfo-4.8.5-5.17.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libqt4-sql-4.8.5-5.17.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libqt4-sql-debuginfo-4.8.5-5.17.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libqt4-sql-mysql-4.8.5-5.17.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libqt4-sql-mysql-debuginfo-4.8.5-5.17.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libqt4-sql-plugins-debugsource-4.8.5-5.17.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libqt4-sql-postgresql-4.8.5-5.17.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libqt4-sql-postgresql-debuginfo-4.8.5-5.17.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libqt4-sql-sqlite-4.8.5-5.17.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libqt4-sql-sqlite-debuginfo-4.8.5-5.17.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libqt4-sql-unixODBC-4.8.5-5.17.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libqt4-sql-unixODBC-debuginfo-4.8.5-5.17.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libqt4-x11-4.8.5-5.17.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libqt4-x11-debuginfo-4.8.5-5.17.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"plasma-theme-oxygen-4.11.5-482.6") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"qt4-x11-tools-4.8.5-5.17.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"qt4-x11-tools-debuginfo-4.8.5-5.17.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libkde4-32bit-4.11.5-488.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libkde4-debuginfo-32bit-4.11.5-488.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libkdecore4-32bit-4.11.5-488.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libkdecore4-debuginfo-32bit-4.11.5-488.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libksuseinstall1-32bit-4.11.5-488.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libksuseinstall1-debuginfo-32bit-4.11.5-488.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libqt4-32bit-4.8.5-5.17.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libqt4-debuginfo-32bit-4.8.5-5.17.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libqt4-qt3support-32bit-4.8.5-5.17.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libqt4-qt3support-debuginfo-32bit-4.8.5-5.17.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libqt4-sql-32bit-4.8.5-5.17.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libqt4-sql-debuginfo-32bit-4.8.5-5.17.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libqt4-sql-mysql-32bit-4.8.5-5.17.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libqt4-sql-mysql-debuginfo-32bit-4.8.5-5.17.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libqt4-sql-postgresql-32bit-4.8.5-5.17.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libqt4-sql-postgresql-debuginfo-32bit-4.8.5-5.17.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libqt4-sql-sqlite-32bit-4.8.5-5.17.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libqt4-sql-sqlite-debuginfo-32bit-4.8.5-5.17.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libqt4-sql-unixODBC-32bit-4.8.5-5.17.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libqt4-sql-unixODBC-debuginfo-32bit-4.8.5-5.17.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libqt4-x11-32bit-4.8.5-5.17.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libqt4-x11-debuginfo-32bit-4.8.5-5.17.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kdebase4-runtime / kdebase4-runtime-branding-upstream / etc"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2626-1.NASL description Wolfgang Schenk discovered that Qt incorrectly handled certain malformed GIF images. If a user or automated system were tricked into opening a specially crafted GIF image, a remote attacker could use this issue to cause Qt to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-0190) Fabian Vogt discovered that Qt incorrectly handled certain malformed BMP images. If a user or automated system were tricked into opening a specially crafted BMP image, a remote attacker could use this issue to cause Qt to crash, resulting in a denial of service. (CVE-2015-0295) Richard Moore and Fabian Vogt discovered that Qt incorrectly handled certain malformed BMP images. If a user or automated system were tricked into opening a specially crafted BMP image, a remote attacker could use this issue to cause Qt to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-1858) Richard Moore and Fabian Vogt discovered that Qt incorrectly handled certain malformed ICO images. If a user or automated system were tricked into opening a specially crafted ICO image, a remote attacker could use this issue to cause Qt to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-1859) Richard Moore and Fabian Vogt discovered that Qt incorrectly handled certain malformed GIF images. If a user or automated system were tricked into opening a specially crafted GIF image, a remote attacker could use this issue to cause Qt to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-1860). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 83989 published 2015-06-04 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83989 title Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : qt4-x11, qtbase-opensource-src vulnerabilities (USN-2626-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-2626-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(83989); script_version("2.9"); script_cvs_date("Date: 2019/09/18 12:31:44"); script_cve_id("CVE-2014-0190", "CVE-2015-0295", "CVE-2015-1858", "CVE-2015-1859", "CVE-2015-1860"); script_bugtraq_id(67087, 73029, 74302, 74307, 74309, 74310); script_xref(name:"USN", value:"2626-1"); script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : qt4-x11, qtbase-opensource-src vulnerabilities (USN-2626-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Wolfgang Schenk discovered that Qt incorrectly handled certain malformed GIF images. If a user or automated system were tricked into opening a specially crafted GIF image, a remote attacker could use this issue to cause Qt to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-0190) Fabian Vogt discovered that Qt incorrectly handled certain malformed BMP images. If a user or automated system were tricked into opening a specially crafted BMP image, a remote attacker could use this issue to cause Qt to crash, resulting in a denial of service. (CVE-2015-0295) Richard Moore and Fabian Vogt discovered that Qt incorrectly handled certain malformed BMP images. If a user or automated system were tricked into opening a specially crafted BMP image, a remote attacker could use this issue to cause Qt to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-1858) Richard Moore and Fabian Vogt discovered that Qt incorrectly handled certain malformed ICO images. If a user or automated system were tricked into opening a specially crafted ICO image, a remote attacker could use this issue to cause Qt to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-1859) Richard Moore and Fabian Vogt discovered that Qt incorrectly handled certain malformed GIF images. If a user or automated system were tricked into opening a specially crafted GIF image, a remote attacker could use this issue to cause Qt to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-1860). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/2626-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected libqt5gui5 and / or libqtgui4 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt5gui5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqtgui4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:15.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/05/08"); script_set_attribute(attribute:"patch_publication_date", value:"2015/06/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(12\.04|14\.04|14\.10|15\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 14.10 / 15.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"12.04", pkgname:"libqtgui4", pkgver:"4:4.8.1-0ubuntu4.9")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"libqt5gui5", pkgver:"5.2.1+dfsg-1ubuntu14.3")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"libqtgui4", pkgver:"4:4.8.5+git192-g085f851+dfsg-2ubuntu4.1")) flag++; if (ubuntu_check(osver:"14.10", pkgname:"libqt5gui5", pkgver:"5.3.0+dfsg-2ubuntu9.1")) flag++; if (ubuntu_check(osver:"14.10", pkgname:"libqtgui4", pkgver:"4:4.8.6+git49-gbc62005+dfsg-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"15.04", pkgname:"libqt5gui5", pkgver:"5.4.1+dfsg-2ubuntu4.1")) flag++; if (ubuntu_check(osver:"15.04", pkgname:"libqtgui4", pkgver:"4:4.8.6+git64-g5dc8b2b+dfsg-3~ubuntu6.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libqt5gui5 / libqtgui4"); }NASL family Fedora Local Security Checks NASL id FEDORA_2014-5695.NASL description New upstream stable bugfix release, as well as a fix for : - DoS vulnerability in the GIF image handler (QTBUG-38367) See also http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-releas ed/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-05-02 plugin id 73817 published 2014-05-02 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73817 title Fedora 20 : qt-4.8.6-2.fc20 (2014-5695) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2014-5695. # include("compat.inc"); if (description) { script_id(73817); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-4549", "CVE-2014-0190"); script_bugtraq_id(67087); script_xref(name:"FEDORA", value:"2014-5695"); script_name(english:"Fedora 20 : qt-4.8.6-2.fc20 (2014-5695)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "New upstream stable bugfix release, as well as a fix for : - DoS vulnerability in the GIF image handler (QTBUG-38367) See also http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-releas ed/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?932c61c6" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1088142" ); # https://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7d2a9302" ); script_set_attribute(attribute:"solution", value:"Update the affected qt package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:qt"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20"); script_set_attribute(attribute:"patch_publication_date", value:"2014/04/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC20", reference:"qt-4.8.6-2.fc20")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qt"); }NASL family Fedora Local Security Checks NASL id FEDORA_2014-5988.NASL description Fix invalid reference to qtmain when using CMake (RHBZ #1092465) Fix DoS vulnerability in the GIF image handler (QTBUG-38367, RHBZ #1092837) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-05-14 plugin id 73999 published 2014-05-14 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73999 title Fedora 20 : mingw-qt5-qtbase-5.2.1-3.fc20 (2014-5988) NASL family Fedora Local Security Checks NASL id FEDORA_2014-5999.NASL description - Fix invalid reference to qtmain when using CMake (RHBZ #1092465) - Fix DoS vulnerability in the GIF image handler (QTBUG-38367, RHBZ #1092837) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-05-14 plugin id 74000 published 2014-05-14 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74000 title Fedora 19 : mingw-qt5-qtbase-5.2.1-3.fc19 (2014-5999) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2381.NASL description According to the versions of the qt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.(CVE-2013-4549) - An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.(CVE-2018-19871) - QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.(CVE-2018-15518) - An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.(CVE-2018-19872) - Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image.(CVE-2015-1858) - Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image.(CVE-2015-1859) - Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.(CVE-2015-1860) - The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file.(CVE-2015-0295) - The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image.(CVE-2014-0190) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-12-10 plugin id 131873 published 2019-12-10 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131873 title EulerOS 2.0 SP2 : qt (EulerOS-SA-2019-2381) NASL family Fedora Local Security Checks NASL id FEDORA_2014-6896.NASL description This update fixes a DoS in the Qt 3 GIF image handler (CVE-2014-0190, QTBUG-38367), through a patch backported from Qt 4. It also fixes the path settings in qt.sh for ppc64le, and in qt.csh for both ppc64 and ppc64le. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-06-10 plugin id 74405 published 2014-06-10 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74405 title Fedora 19 : qt3-3.3.8b-58.fc19 (2014-6896) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201412-25.NASL description The remote host is affected by the vulnerability described in GLSA-201412-25 (QtGui: Denial of Service) A NULL pointer dereference has been found in QtGui. Impact : A remote attacker could send a specially crafted GIF image, possibly resulting in a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 79978 published 2014-12-15 reporter This script is Copyright (C) 2014-2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79978 title GLSA-201412-25 : QtGui: Denial of Service NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_904D78B80F7E11E48B715453ED2E2B49.NASL description Richard J. Moore reports : The builtin GIF decoder in QtGui prior to Qt 5.3 contained a bug that would lead to a NULL pointer dereference when loading certain hand crafted corrupt GIF files. This in turn would cause the application loading these hand crafted GIFs to crash. last seen 2020-06-01 modified 2020-06-02 plugin id 76615 published 2014-07-21 reporter This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76615 title FreeBSD : qt4-imageformats, qt5-gui -- DoS vulnerability in the GIF image handler (904d78b8-0f7e-11e4-8b71-5453ed2e2b49) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2656.NASL description According to the versions of the qt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.(CVE-2018-19872) - An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.(CVE-2018-19871) - Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image.(CVE-2015-1858) - Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.(CVE-2015-1860) - Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image.(CVE-2015-1859) - QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.(CVE-2013-4549) - QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.(CVE-2018-15518) - The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file.(CVE-2015-0295) - The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image.(CVE-2014-0190) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-12-18 plugin id 132191 published 2019-12-18 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132191 title EulerOS 2.0 SP3 : qt (EulerOS-SA-2019-2656)
References
- https://bugs.kde.org/show_bug.cgi?id=333404
- http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html
- http://lists.qt-project.org/pipermail/announce/2014-April/000045.html
- http://www.securityfocus.com/bid/67087
- http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134040.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134141.html
- http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html
- http://www.ubuntu.com/usn/USN-2626-1