Test ID:	1.3.6.1.4.1.25623.1.1.10.2014.0263
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2014-0263)
Summary:	The remote host is missing an update for the 'qt3' package(s) announced via the MGASA-2014-0263 advisory.
Description:	Summary: The remote host is missing an update for the 'qt3' package(s) announced via the MGASA-2014-0263 advisory. Vulnerability Insight: Updated qt3 packages fix security vulnerabilities: QXmlSimpleReader in Qt versions prior to 5.2 supports expansion of internal entities in XML documents without placing restrictions to ensure the document does not cause excessive memory usage. If an application using this API processes untrusted data then the application may use unexpected amounts of memory if a malicious document is processed (CVE-2013-4549). A NULL pointer dereference flaw was found in QGIFFormat::fillRect in QtGui. If an application using the qt-x11 libraries opened a malicious GIF file with invalid width and height values, it could cause the application to crash (CVE-2014-0190). Affected Software/OS: 'qt3' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-4549 56008 http://secunia.com/advisories/56008 56166 http://secunia.com/advisories/56166 FEDORA-2014-5695 http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html USN-2057-1 http://www.ubuntu.com/usn/USN-2057-1 [qt-announce] 20131205 [Announce] Qt Project Security Advisory: XML Entity Expansion Denial of Service http://lists.qt-project.org/pipermail/announce/2013-December/000036.html http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/ https://codereview.qt-project.org/#change%2C71010 https://codereview.qt-project.org/#change%2C71368 openSUSE-SU-2014:0067 http://lists.opensuse.org/opensuse-updates/2014-01/msg00044.html openSUSE-SU-2014:0070 http://lists.opensuse.org/opensuse-updates/2014-01/msg00047.html openSUSE-SU-2014:0125 http://lists.opensuse.org/opensuse-updates/2014-01/msg00085.html openSUSE-SU-2014:0173 http://lists.opensuse.org/opensuse-updates/2014-01/msg00104.html openSUSE-SU-2014:0176 http://lists.opensuse.org/opensuse-updates/2014-01/msg00106.html Common Vulnerability Exposure (CVE) ID: CVE-2014-0190 67087 http://www.securityfocus.com/bid/67087 FEDORA-2014-6896 http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134141.html FEDORA-2014-6922 http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134040.html USN-2626-1 http://www.ubuntu.com/usn/USN-2626-1 [Announce] 20140424 Qt Security Advisory: DoS vulnerability in the GIF image handler http://lists.qt-project.org/pipermail/announce/2014-April/000045.html https://bugs.kde.org/show_bug.cgi?id=333404 openSUSE-SU-2015:0573 http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.