oval:org.mitre.oval:def:6923

Definition Id: oval:org.mitre.oval:def:6923

Oval ID:	oval:org.mitre.oval:def:6923
Title:	DSA-1988 qt4-x11 -- several vulnerabilities
Description:	Several vulnerabilities have been discovered in qt4-x11, a cross-platform C++ application framework. The Common Vulnerabilities and Exposures project identifies the following problems: Array index error in the insertItemBefore method in WebKit, as used in qt4-x11, allows remote attackers to execute arbitrary code. The JavaScript garbage collector in WebKit, as used in qt4-x11 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted HTML document that triggers write access to an "offset of a NULL pointer. Use-after-free vulnerability in WebKit, as used in qt4-x11, allows remote attackers to execute arbitrary code or cause a denial of service by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs. WebKit in qt4-x11 does not initialise a pointer during handling of a Cascading Style Sheets attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted HTML document. The XSL stylesheet implementation in WebKit, as used in qt4-x11 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD. WebKit in qt4-x11 does not properly initialise memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted HTML document. WebKit in qt4-x11 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element. The XSLT functionality in WebKit, as used in qt4-x11 does not properly implement the document function, which allows remote attackers to read arbitrary local files and files from different security zones. WebKit in qt4-x11 does not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted HTML document. qt4-x11 does not properly handle a "\0" character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. The oldstable distribution is not affected by these problems.
Family:	unix	Class:	patch
Reference(s):	DSA-1988 CVE-2009-0945 CVE-2009-1687 CVE-2009-1690 CVE-2009-1698 CVE-2009-1699 CVE-2009-1711 CVE-2009-1712 CVE-2009-1713 CVE-2009-1725 CVE-2009-2700	Version:	5
Platform(s):	Debian GNU/Linux 5.0	Product(s):	qt4-x11
Definition Synopsis:
Debian GNU/Linux 5.0 is installed Architecture section Architecture independent section Installed architecture is all AND Packages section qt4-doc is earlier than 4.4.3-1+lenny1 AND qt4-doc-html is earlier than 4.4.3-1+lenny1 OR Architecture dependent section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is powerpc AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section libqtgui4 is earlier than 4.4.3-1+lenny1 AND qt4-dev-tools is earlier than 4.4.3-1+lenny1 AND libqt4-designer is earlier than 4.4.3-1+lenny1 AND libqt4-core is earlier than 4.4.3-1+lenny1 AND libqt4-webkit is earlier than 4.4.3-1+lenny1 AND libqt4-sql-sqlite2 is earlier than 4.4.3-1+lenny1 AND libqt4-svg is earlier than 4.4.3-1+lenny1 AND libqtcore4 is earlier than 4.4.3-1+lenny1 AND qt4-designer is earlier than 4.4.3-1+lenny1 AND qt4-demos is earlier than 4.4.3-1+lenny1 AND libqt4-gui is earlier than 4.4.3-1+lenny1 AND libqt4-help is earlier than 4.4.3-1+lenny1 AND libqt4-dbus is earlier than 4.4.3-1+lenny1 AND libqt4-sql-odbc is earlier than 4.4.3-1+lenny1 AND libqt4-script is earlier than 4.4.3-1+lenny1 AND libqt4-xml is earlier than 4.4.3-1+lenny1 AND libqt4-network is earlier than 4.4.3-1+lenny1 AND libqt4-opengl is earlier than 4.4.3-1+lenny1 AND libqt4-assistant is earlier than 4.4.3-1+lenny1 AND libqt4-dev is earlier than 4.4.3-1+lenny1 AND qt4-qmake is earlier than 4.4.3-1+lenny1 AND libqt4-xmlpatterns-dbg is earlier than 4.4.3-1+lenny1 AND libqt4-qt3support is earlier than 4.4.3-1+lenny1 AND libqt4-sql-mysql is earlier than 4.4.3-1+lenny1 AND libqt4-test is earlier than 4.4.3-1+lenny1 AND libqt4-opengl-dev is earlier than 4.4.3-1+lenny1 AND libqt4-webkit-dbg is earlier than 4.4.3-1+lenny1 AND libqt4-sql-sqlite is earlier than 4.4.3-1+lenny1 AND libqt4-sql is earlier than 4.4.3-1+lenny1 AND libqt4-xmlpatterns is earlier than 4.4.3-1+lenny1 AND libqt4-dbg is earlier than 4.4.3-1+lenny1 AND qt4-qtconfig is earlier than 4.4.3-1+lenny1 AND libqt4-sql-psql is earlier than 4.4.3-1+lenny1 OR Architecture dependent section Supported architectures section Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is i386 AND Installed architecture is powerpc AND libqt4-sql-ibase is earlier than 4.4.3-1+lenny1

Definition Id: oval:org.mitre.oval:def:6513

Oval ID:	oval:org.mitre.oval:def:6513
Title:	Debian GNU/Linux 5.0 is installed
Description:	Debian GNU/Linux 5.0 (lenny) is installed
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:debian:debian_gnu/linux:5.0	Version:	7
Platform(s):	Debian GNU/Linux 5.0	Product(s):
Definition Synopsis:
Debian GNU/Linux 5.0 is installed
Referenced By:
oval:org.mitre.oval:def:6923

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.0434s

Facebook rss twitter linkedin mail