GLSA-201603-10 : QtGui: Multiple vulnerabilities

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-201603-10
(QtGui: Multiple vulnerabilities)

Multiple buffer overflow vulnerabilities have been discovered in QtGui.
It is possible for remote attackers to construct specially crafted BMP,
ICO, or GIF images that lead to buffer overflows. After successfully
overflowing the buffer the remote attacker can then cause a Denial of
Service or execute arbitrary code.

Impact :

A remote attacker could possibly execute arbitrary code or cause Denial
of Service.

Workaround :

There is no known work around at this time.

See also :

https://security.gentoo.org/glsa/201603-10

Solution :

All QtGui 4.8 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-qt/qtgui-4.8.6-r4'
All QtGui 5.4 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-qt/qtgui-5.4.1-r1'

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Family: Gentoo Local Security Checks

Nessus Plugin ID: 89903 ()

Bugtraq ID:

CVE ID: CVE-2015-1858
CVE-2015-1859
CVE-2015-1860

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now