Test ID:	1.3.6.1.4.1.25623.1.0.841319
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-1723-1)
Summary:	The remote host is missing an update for the 'qt4-x11' package(s) announced via the USN-1723-1 advisory.
Description:	Summary: The remote host is missing an update for the 'qt4-x11' package(s) announced via the USN-1723-1 advisory. Vulnerability Insight: Richard J. Moore and Peter Hartmann discovered that Qt allowed redirecting requests from http to file schemes. If an attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to view sensitive information. This issue only affected Ubuntu 11.10, Ubuntu 12.04 LTS, and Ubuntu 12.10. (CVE-2012-5624) Stephen Cheng discovered that Qt may report incorrect errors when ssl certificate verification fails. (CVE-2012-6093) Tim Brown and Mark Lowe discovered that Qt incorrectly used weak permissions on shared memory segments. A local attacker could use this issue to view sensitive information, or modify program data belonging to other users. (CVE-2013-0254) Affected Software/OS: 'qt4-x11' package(s) on Ubuntu 10.04, Ubuntu 11.10, Ubuntu 12.04, Ubuntu 12.10. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-5624 https://bugzilla.redhat.com/show_bug.cgi?id=883415 http://lists.qt-project.org/pipermail/announce/2012-November/000014.html http://www.openwall.com/lists/oss-security/2012/12/04/8 http://secunia.com/advisories/52217 SuSE Security Announcement: openSUSE-SU-2013:0143 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html SuSE Security Announcement: openSUSE-SU-2013:0154 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html SuSE Security Announcement: openSUSE-SU-2013:0157 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html http://www.ubuntu.com/usn/USN-1723-1 Common Vulnerability Exposure (CVE) ID: CVE-2012-6093 52217 USN-1723-1 [Announce] 20130102 Qt Project Security Advisory: QSslSocket may report incorrect errors when certificate verification fails http://lists.qt-project.org/pipermail/announce/2013-January/000020.html [oss-security] 20130104 Re: CVE Request -- qt: QSslSocket might report inappropriate errors when certificate verification fails http://www.openwall.com/lists/oss-security/2013/01/04/6 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697582 http://qt.gitorious.org/qt/qt/commit/3b14dc93cf0ef06f1424d7d6319a1af4505faa53%20%284.7%29 http://qt.gitorious.org/qt/qt/commit/691e78e5061d4cbc0de212d23b06c5dffddf2098%20%284.8%29 https://bugzilla.redhat.com/show_bug.cgi?id=891955 https://codereview.qt-project.org/#change%2C42461 openSUSE-SU-2013:0204 http://lists.opensuse.org/opensuse-updates/2013-01/msg00086.html openSUSE-SU-2013:0211 http://lists.opensuse.org/opensuse-updates/2013-01/msg00089.html openSUSE-SU-2013:0256 http://lists.opensuse.org/opensuse-updates/2013-02/msg00014.html Common Vulnerability Exposure (CVE) ID: CVE-2013-0254 http://lists.qt-project.org/pipermail/announce/2013-February/000023.html RedHat Security Advisories: RHSA-2013:0669 http://rhn.redhat.com/errata/RHSA-2013-0669.html SuSE Security Announcement: openSUSE-SU-2013:0403 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-03/msg00014.html SuSE Security Announcement: openSUSE-SU-2013:0404 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-03/msg00015.html SuSE Security Announcement: openSUSE-SU-2013:0411 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-03/msg00019.html
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.