Fedora 13 : qt-4.6.2-8.fc13 (2010-4521)

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

This update fixes several WebKit security issues: * CVE-2010-0046: CSS
format() argument memory corruption * CVE-2010-0049: Use of free()d
line boxes in mixed LTR/RTL text * CVE-2010-0050: Crash at HTMLParser
after handling misnested style tags * CVE-2010-0051 (CVE-2010-0651):
Remote information disclosure * CVE-2010-0052: Cached page can result
in accessing a destroyed HTMLInputElement

- CVE-2010-0054: Use of stale HTMLImageElement pointer
This update includes bugfixes: * fixes the build on
SPARC64 and possibly some other non-x86 64-bit
platforms, * makes tablet detection work with the new
wacom drivers, * makes the QtMultimedia low-level sound
API work (by enabling the ALSA backend), and new
features: * adds Provides for qt-assistant-adp and
qt-assistant-adp-devel in preparation for an upcoming
package split.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=570349
http://www.nessus.org/u?90baa22e

Solution :

Update the affected qt package.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Fedora Local Security Checks

Nessus Plugin ID: 47364 (fedora_2010-4521.nasl)

Bugtraq ID: 38684
38685
38686
38689
38691
38692

CVE ID: CVE-2010-0046
CVE-2010-0047
CVE-2010-0048
CVE-2010-0049
CVE-2010-0050
CVE-2010-0052
CVE-2010-0053
CVE-2010-0054

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now