Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : qt4-x11, qtbase-opensource-src vulnerabilities (USN-2626-1)

Ubuntu Security Notice (C) 2015-2016 Canonical, Inc. / NASL script (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related
patches.

Description :

Wolfgang Schenk discovered that Qt incorrectly handled certain
malformed GIF images. If a user or automated system were tricked into
opening a specially crafted GIF image, a remote attacker could use
this issue to cause Qt to crash, resulting in a denial of service.
This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
(CVE-2014-0190)

Fabian Vogt discovered that Qt incorrectly handled certain malformed
BMP images. If a user or automated system were tricked into opening a
specially crafted BMP image, a remote attacker could use this issue to
cause Qt to crash, resulting in a denial of service. (CVE-2015-0295)

Richard Moore and Fabian Vogt discovered that Qt incorrectly handled
certain malformed BMP images. If a user or automated system were
tricked into opening a specially crafted BMP image, a remote attacker
could use this issue to cause Qt to crash, resulting in a denial of
service, or possibly execute arbitrary code. (CVE-2015-1858)

Richard Moore and Fabian Vogt discovered that Qt incorrectly handled
certain malformed ICO images. If a user or automated system were
tricked into opening a specially crafted ICO image, a remote attacker
could use this issue to cause Qt to crash, resulting in a denial of
service, or possibly execute arbitrary code. (CVE-2015-1859)

Richard Moore and Fabian Vogt discovered that Qt incorrectly handled
certain malformed GIF images. If a user or automated system were
tricked into opening a specially crafted GIF image, a remote attacker
could use this issue to cause Qt to crash, resulting in a denial of
service, or possibly execute arbitrary code. (CVE-2015-1860).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected libqt5gui5 and / or libqtgui4 packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.6
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 83989 ()

Bugtraq ID: 67087
73029
74302
74307
74309
74310

CVE ID: CVE-2014-0190
CVE-2015-0295
CVE-2015-1858
CVE-2015-1859
CVE-2015-1860

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now