检测
分析
SUSE SLED15 / SLES15 openSUSE 15安全更新:libqt5-qtbase (SUSE-SU-2023:2982-1)
媒介Nessus插件ID 178929
语言:
剧情简介
远程SUSE主机缺失一个或多个安全更新。描述
远程SUSE Linux SLED15 / SLED_SAP15 SLES15 SLES_SAP15 /安装openSUSE 15主机包中引用由多个漏洞影响SUSE-SU-2023:2982-1咨询。- Qt通过精心6.4.3允许拒绝服务之前字符串时,SQL使用ODBC驱动程序插件和SQLTCHAR的大小是4。受影响的版本5。x 5.15.13之前,6。6.3 x 6.2.8之前,。6.4.3前x。(cve - 2023 - 24607)
——一个问题被发现在Qt 5.15.14之前,6。6.2.9前x,和6.3。通过6.5 x。6.5.1前x。Qt网络错误解析strict-transport-security (hst)头,允许未加密的连接建立,即使服务器所明确禁止的。如果这种情况用于这个头不完全匹配。(cve - 2023 - 32762)
——一个问题被发现在Qt 5.15.15之前,6。6.2.9前x,和6.3。通过6.5 x。6.5.1前x。当一个SVG文件里面有一个图像呈现,QTextLayout缓冲区溢位可以被触发。
(cve - 2023 - 32763)
- - - - - - Qt 5中发现了一个问题。x 5.15.14之前,6。6.2.9前x,和6.3。通过6.5 x。6.5.1前x。
QDnsLookup有缓冲通过精心回复从DNS服务器上了。(cve - 2023 - 33285)
——一个问题被发现在Qt 5.15.15之前,6。6.2.9前x,和6.3。通过6.5 x。6.5.2前x。
证书验证的TLS并不总是考虑的根CA证书链是一个配置。(cve - 2023 - 34410)
——一个问题被发现在Qt 5.15.15之前,6。6.2.10前x,和6.3。通过6.5 x。6.5.3前x。
有无限循环递归实体扩张。(cve - 2023 - 38197)
注意Nessus没有检测这些问题但却只依赖于应用程序的自我报告的版本号。
解决方案
更新包的影响。另请参阅
https://bugzilla.suse.com/1209616
https://bugzilla.suse.com/1211024
https://bugzilla.suse.com/1211642
https://bugzilla.suse.com/1211797
https://bugzilla.suse.com/1211798
https://bugzilla.suse.com/1211994
https://bugzilla.suse.com/1213326
http://www.nessus.org/u?efe6b543
https://www.suse.com/security/cve/cve - 2023 - 24607
https://www.suse.com/security/cve/cve - 2023 - 32762
https://www.suse.com/security/cve/cve - 2023 - 32763
https://www.suse.com/security/cve/cve - 2023 - 33285
插件的细节
严重程度:媒介
ID:178929年
文件名称:suse_su - 2023 - 2982 - 1. -极佳
版本:1.0
类型:当地的
代理:unix
家庭:SuSE当地安全检查
发表:7/27/2023
更新:7/27/2023
支持传感器:无代理的评估,无摩擦评估代理,无摩擦评估AWS,无摩擦评估Azure,Nessus代理
风险信息
冲程体积
风险因素:媒介
分数:4.4
CVSS v2
风险因素:媒介
基础分数:5
时间分数:3.7
向量:CVSS2 # AV: N /交流:L /非盟:N / C: N /我:P / N
CVSS分数来源:cve - 2023 - 34410
CVSS v3
风险因素:媒介
基础分数:5.3
时间分数:4.6
向量:CVSS: 3.0 / AV: N /交流:L /公关:UI: N / N / S: U / C: N /我:L /答:N
时间向量:CVSS: 3.0 / E: U / RL: O / RC: C
漏洞信息
CPE:p-cpe: /: novell: suse_linux: libqt5concurrent-devel,p-cpe: /: novell: suse_linux: libqt5concurrent5,p-cpe: /: novell: suse_linux: libqt5core-devel,p-cpe: /: novell: suse_linux: libqt5core-private-headers-devel,p-cpe: /: novell: suse_linux: libqt5core5,p-cpe: /: novell: suse_linux: libqt5dbus-devel,p-cpe: /: novell: suse_linux: libqt5dbus-private-headers-devel,p-cpe: /: novell: suse_linux: libqt5dbus5,p-cpe: /: novell: suse_linux: libqt5gui-devel,p-cpe: /: novell: suse_linux: libqt5gui-private-headers-devel,p-cpe: /: novell: suse_linux: libqt5gui5,p-cpe: /: novell: suse_linux: libqt5kmssupport-devel-static,p-cpe: /: novell: suse_linux: libqt5kmssupport-private-headers-devel,p-cpe: /: novell: suse_linux: libqt5network-devel,p-cpe: /: novell: suse_linux: libqt5network-private-headers-devel,p-cpe: /: novell: suse_linux: libqt5network5,p-cpe: /: novell: suse_linux: libqt5opengl-devel,p-cpe: /: novell: suse_linux: libqt5opengl-private-headers-devel,p-cpe: /: novell: suse_linux: libqt5opengl5,p-cpe: /: novell: suse_linux: libqt5openglextensions-devel-static,p-cpe: /: novell: suse_linux: libqt5platformheaders-devel,p-cpe: /: novell: suse_linux: libqt5platformsupport-devel-static,p-cpe: /: novell: suse_linux: libqt5platformsupport-private-headers-devel,p-cpe: /: novell: suse_linux: libqt5printsupport-devel,p-cpe: /: novell: suse_linux: libqt5printsupport-private-headers-devel,p-cpe: /: novell: suse_linux: libqt5printsupport5,p-cpe: /: novell: suse_linux: libqt5sql-devel,p-cpe: /: novell: suse_linux: libqt5sql-private-headers-devel,p-cpe: /: novell: suse_linux: libqt5sql5,p-cpe: /: novell: suse_linux: libqt5sql5-mysql,p-cpe: /: novell: suse_linux: libqt5sql5-postgresql,p-cpe: /: novell: suse_linux: libqt5sql5-sqlite,p-cpe: /: novell: suse_linux: libqt5sql5-unixodbc,p-cpe: /: novell: suse_linux: libqt5test-devel,p-cpe: /: novell: suse_linux: libqt5test-private-headers-devel,p-cpe: /: novell: suse_linux: libqt5test5,p-cpe: /: novell: suse_linux: libqt5widgets-devel,p-cpe: /: novell: suse_linux: libqt5widgets-private-headers-devel,p-cpe: /: novell: suse_linux: libqt5widgets5,p-cpe: /: novell: suse_linux: libqt5xml-devel,p-cpe: /: novell: suse_linux: libqt5xml5,p-cpe: /: novell: suse_linux: libqt5-qtbase-common-devel,p-cpe: /: novell: suse_linux: libqt5-qtbase-devel,p-cpe: /: novell: suse_linux: libqt5-qtbase-platformtheme-gtk3,p-cpe: /: novell: suse_linux: libqt5-qtbase-private-headers-devel,cpe / o: novell: suse_linux: 15
需要KB物品:主机/ local_checks_enabled,主机/ cpu,主机/ SuSE版本,主机/ SuSE / rpm-list
利用缓解:没有任何已知的利用是可用的
补丁发布日期:7/26/2023
脆弱性出版日期:4/15/2023
参考信息
CVE:cve - 2023 - 24607,cve - 2023 - 32762,cve - 2023 - 32763,cve - 2023 - 33285,cve - 2023 - 34410,cve - 2023 - 38197
SuSE:SUSE-SU-2023:2982-1