Test ID:	1.3.6.1.4.1.25623.1.1.4.2013.0457.1
Category:	SuSE Local Security Checks
Title:	SUSE: Security Advisory (SUSE-SU-2013:0457-1)
Summary:	The remote host is missing an update for the 'libqt4' package(s) announced via the SUSE-SU-2013:0457-1 advisory.
Description:	Summary: The remote host is missing an update for the 'libqt4' package(s) announced via the SUSE-SU-2013:0457-1 advisory. Vulnerability Insight: libqt4 has been updated to fix several security issues. * An information disclosure via QSharedMemory was fixed which allowed local attackers to read information (e.g. bitmap content) from the attacked user (CVE-2013-0254). * openssl-incompatibility-fix.diff: Fix wrong error reporting when using a binary incompatible version of openSSL (bnc#797006, CVE-2012-6093) * Various compromised SSL root certificates were blacklisted. Also a non-security bugfix has been applied: * Add fix for qdbusviewer not matching args (bnc#784197) Security Issue reference: * CVE-2013-0254 > Affected Software/OS: 'libqt4' package(s) on SUSE Linux Enterprise Desktop 11-SP2, SUSE Linux Enterprise Server 11-SP2, SUSE Linux Enterprise Software Development Kit 11-SP2. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-6093 52217 http://secunia.com/advisories/52217 USN-1723-1 http://www.ubuntu.com/usn/USN-1723-1 [Announce] 20130102 Qt Project Security Advisory: QSslSocket may report incorrect errors when certificate verification fails http://lists.qt-project.org/pipermail/announce/2013-January/000020.html [oss-security] 20130104 Re: CVE Request -- qt: QSslSocket might report inappropriate errors when certificate verification fails http://www.openwall.com/lists/oss-security/2013/01/04/6 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697582 http://qt.gitorious.org/qt/qt/commit/3b14dc93cf0ef06f1424d7d6319a1af4505faa53%20%284.7%29 http://qt.gitorious.org/qt/qt/commit/691e78e5061d4cbc0de212d23b06c5dffddf2098%20%284.8%29 https://bugzilla.redhat.com/show_bug.cgi?id=891955 https://codereview.qt-project.org/#change%2C42461 openSUSE-SU-2013:0204 http://lists.opensuse.org/opensuse-updates/2013-01/msg00086.html openSUSE-SU-2013:0211 http://lists.opensuse.org/opensuse-updates/2013-01/msg00089.html openSUSE-SU-2013:0256 http://lists.opensuse.org/opensuse-updates/2013-02/msg00014.html Common Vulnerability Exposure (CVE) ID: CVE-2013-0254 http://lists.qt-project.org/pipermail/announce/2013-February/000023.html RedHat Security Advisories: RHSA-2013:0669 http://rhn.redhat.com/errata/RHSA-2013-0669.html SuSE Security Announcement: openSUSE-SU-2013:0403 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-03/msg00014.html SuSE Security Announcement: openSUSE-SU-2013:0404 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-03/msg00015.html SuSE Security Announcement: openSUSE-SU-2013:0411 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-03/msg00019.html
Copyright	Copyright (C) 2021 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.