Ubuntu Local Security Checks : Ubuntu: Security Advisory (USN-857-1)

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.66216
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-857-1)
Summary:	The remote host is missing an update for the 'qt4-x11' package(s) announced via the USN-857-1 advisory.
Description:	Summary: The remote host is missing an update for the 'qt4-x11' package(s) announced via the USN-857-1 advisory. Vulnerability Insight: It was discovered that QtWebKit did not properly handle certain SVGPathList data structures. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0945) Several flaws were discovered in the QtWebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1687, CVE-2009-1690, CVE-2009-1698, CVE-2009-1711, CVE-2009-1725) It was discovered that QtWebKit did not properly handle certain XSL stylesheets. If a user were tricked into viewing a malicious website, an attacker could exploit this to read arbitrary local files, and possibly files from different security zones. (CVE-2009-1699, CVE-2009-1713) It was discovered that QtWebKit did not prevent the loading of local Java applets. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1712) Affected Software/OS: 'qt4-x11' package(s) on Ubuntu 8.10, Ubuntu 9.04. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0945 http://lists.apple.com/archives/security-announce/2009/May/msg00000.html http://lists.apple.com/archives/security-announce/2009/May/msg00001.html http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html BugTraq ID: 34924 http://www.securityfocus.com/bid/34924 Bugtraq: 20090519 ZDI-09-022: Apple Safari Malformed SVGList Parsing Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/503594/100/0/threaded Cert/CC Advisory: TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html Debian Security Information: DSA-1950 (Google Search) http://www.debian.org/security/2009/dsa-1950 https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00303.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html http://www.zerodayinitiative.com/advisories/ZDI-09-022 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11584 http://www.redhat.com/support/errata/RHSA-2009-1130.html http://www.securitytracker.com/id?1022207 http://secunia.com/advisories/35056 http://secunia.com/advisories/35074 http://secunia.com/advisories/35095 http://secunia.com/advisories/35576 http://secunia.com/advisories/35805 http://secunia.com/advisories/36062 http://secunia.com/advisories/36461 http://secunia.com/advisories/36790 http://secunia.com/advisories/37746 http://secunia.com/advisories/43068 SuSE Security Announcement: SUSE-SR:2011:002 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://www.ubuntu.com/usn/USN-822-1 https://usn.ubuntu.com/823-1/ http://www.ubuntu.com/usn/USN-836-1 http://www.ubuntu.com/usn/USN-857-1 http://www.vupen.com/english/advisories/2009/1297 http://www.vupen.com/english/advisories/2009/1298 http://www.vupen.com/english/advisories/2009/1321 http://www.vupen.com/english/advisories/2009/1621 http://www.vupen.com/english/advisories/2011/0212 XForce ISS Database: safari-webkit-svglist-bo(50477) https://exchange.xforce.ibmcloud.com/vulnerabilities/50477 Common Vulnerability Exposure (CVE) ID: CVE-2009-1687 http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html BugTraq ID: 35260 http://www.securityfocus.com/bid/35260 BugTraq ID: 35309 http://www.securityfocus.com/bid/35309 https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:330 http://osvdb.org/54985 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10260 http://securitytracker.com/id?1022345 http://secunia.com/advisories/35379 http://secunia.com/advisories/36057 http://www.vupen.com/english/advisories/2009/1522 Common Vulnerability Exposure (CVE) ID: CVE-2009-1690 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=803 http://osvdb.org/54990 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11009 Common Vulnerability Exposure (CVE) ID: CVE-2009-1698 BugTraq ID: 35318 http://www.securityfocus.com/bid/35318 Bugtraq: 20090608 ZDI-09-032: Apple WebKit attr() Invalid Attribute Memory Corruption Vulnerability (Google Search) http://www.securityfocus.com/archive/1/504173/100/0/threaded Bugtraq: 20090614 [TZO-37-2009] Apple Safari <v4 Remote code execution (Google Search) http://www.securityfocus.com/archive/1/504295/100/0/threaded http://blog.zoller.lu/2009/05/advisory-apple-safari-remote-code.html http://www.zerodayinitiative.com/advisories/ZDI-09-032/ http://osvdb.org/55006 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9484 http://www.redhat.com/support/errata/RHSA-2009-1128.html http://secunia.com/advisories/35588 Common Vulnerability Exposure (CVE) ID: CVE-2009-1699 BugTraq ID: 35321 http://www.securityfocus.com/bid/35321 https://www.exploit-db.com/exploits/8907 http://scary.beasts.org/security/CESA-2009-006.html http://scarybeastsecurity.blogspot.com/2009/06/apples-safari-4-fixes-local-file-theft.html http://osvdb.org/54972 Common Vulnerability Exposure (CVE) ID: CVE-2009-1711 BugTraq ID: 35310 http://www.securityfocus.com/bid/35310 http://osvdb.org/55015 XForce ISS Database: safari-attrdom-code-execution(51265) https://exchange.xforce.ibmcloud.com/vulnerabilities/51265 Common Vulnerability Exposure (CVE) ID: CVE-2009-1712 BugTraq ID: 35350 http://www.securityfocus.com/bid/35350 http://osvdb.org/55022 XForce ISS Database: safari-applets-code-execution(51266) https://exchange.xforce.ibmcloud.com/vulnerabilities/51266 Common Vulnerability Exposure (CVE) ID: CVE-2009-1713 http://osvdb.org/54975 XForce ISS Database: safari-document-information-disclosure(51267) https://exchange.xforce.ibmcloud.com/vulnerabilities/51267 Common Vulnerability Exposure (CVE) ID: CVE-2009-1725 http://lists.apple.com/archives/security-announce/2009/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html BugTraq ID: 35607 http://www.securityfocus.com/bid/35607 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00931.html https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00933.html http://osvdb.org/55739 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5777 http://www.securitytracker.com/id?1022526 http://secunia.com/advisories/35758 http://secunia.com/advisories/36347 http://secunia.com/advisories/36677 http://www.vupen.com/english/advisories/2009/1827
Copyright	Copyright (C) 2009 Greenbone AG