Oracle Linux 8 : qt5 (ELSA-2020-1665)

medium Nessus Plugin ID 180963

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1665 advisory.

python-qt5 [5.13.1-1]
- 5.13.1 Resolves: bz#1775603

qgnomeplatform [0.4-3]
- Rebuild (qt5) Resolves: bz#1774418

qt5 [5.12.5-3]
- Re-add srpm macros, just leave them empty Resolves: bz#1733133

[5.12.5-2]
- Drop srpm macros as we dont ship qtwebengine Resolves: bz#1733133

[5.12.5-1]
- 5.12.5 + sync with Fedora Resolves: bz#1733133

qt5-qt3d [5.12.5-2]
- Fix multilib issue Resolves: bz#1765637

[5.12.5-1]
- 5.12.5 Resolves: bz#1733159

qt5-qtbase [5.12-5-4]
- Fix build on RHEL 7 kernel Resolves: bz#1733135

[5.12-5-2]
- Remove Android specific test to avoid unnecessary dependencies Resolves: bz#1733135

[5.12-5-1]
- 5.12.5 + sync with Fedora Resolves: bz#1733135

qt5-qtcanvas3d [5.12.5-1]
- 5.12.5 Resolves: bz#1733136

qt5-qtconnectivity [5.12.5-1]
- 5.12.5 Resolves: bz#1733137

qt5-qtdeclarative [5.12-5-1]
- 5.12.5 Resolves: bz#1733139

qt5-qtdoc [5.12.5-1]
- 5.12.5 Resolves: bz#1733140

qt5-qtgraphicaleffects [5.12.5-1]
- 5.12.5 Resolves: bz#1733141

qt5-qtimageformats [5.12.5-1]
- 5.12.5 Resolves: bz#1733142

qt5-qtlocation [5.12.5-1]
- 5.12.5 Resolves: bz#1733143

qt5-qtmultimedia [5.12.5-1]
- 5.12.5 Resolves: bz#1733144

qt5-qtquickcontrols2 [5.12.5-1]
- 5.12.5 Resolves: bz#1733146

qt5-qtquickcontrols [5.12.5-1]
- 5.12.5 Resolves: bz#1733145

qt5-qtscript [5.12.5-1]
- 5.12.5 Resolves: bz#1733147

qt5-qtsensors [5.12.5-1]
- 5.12.5 Resolves: bz#1733148

qt5-qtserialbus [5.12.5-1]
- 5.12.5 Resolves: bz#1733149

qt5-qtserialport [5.12.5-1]
- 5.12.5 Resolves: bz#1733150

qt5-qtsvg [5.12.5-1]
- 5.12.5 Resolves: bz#1733151

qt5-qttools [5.12.5-1]
- 5.12.5 Resolves: bz#1733152

qt5-qttranslations [5.12.5-1]
- 5.12.5 Resolves: bz#1733153

qt5-qtwayland [5.12.5-1]
- 5.12.5 Resolves: bz#1733154

qt5-qtwebchannel [5.12.5-1]
- 5.12.5 Resolves: bz#1733155

qt5-qtwebsockets [5.12.5-1]
- 5.12.5 Resolves: bz#1733156

qt5-qtx11extras [5.12.5-1]
- 5.12.5 Resolves: bz#1733158

qt5-qtxmlpatterns [5.12.5-1]
- 5.12.5 Resolves: bz#1733157

sip [4.19.19-1]
- 4.19.19 Resolves: bz#1775604

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2020-1665.html

Plugin Details

Severity: Medium

ID: 180963

File Name: oraclelinux_ELSA-2020-1665.nasl

Version: 1.2

Type: local

Agent: unix

Published: 9/7/2023

Updated: 11/1/2024

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.4

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2018-19872

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2018-19871

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:qt5-qtmultimedia-devel, p-cpe:/a:oracle:linux:qt5-qttranslations, p-cpe:/a:oracle:linux:qt5-qtwebchannel-devel, p-cpe:/a:oracle:linux:qt5-qtlocation-examples, p-cpe:/a:oracle:linux:qt5-qtserialport, p-cpe:/a:oracle:linux:qt5-qtbase-private-devel, p-cpe:/a:oracle:linux:qt5-qtsvg, p-cpe:/a:oracle:linux:qt5-assistant, p-cpe:/a:oracle:linux:qt5-qtsensors, p-cpe:/a:oracle:linux:sip, p-cpe:/a:oracle:linux:qt5-qtserialport-examples, p-cpe:/a:oracle:linux:qt5-qtscript-devel, p-cpe:/a:oracle:linux:qgnomeplatform, p-cpe:/a:oracle:linux:qt5-qtdoc, p-cpe:/a:oracle:linux:qt5-qt3d-examples, p-cpe:/a:oracle:linux:qt5-qtbase-gui, p-cpe:/a:oracle:linux:qt5-qtscript-examples, p-cpe:/a:oracle:linux:qt5-doctools, p-cpe:/a:oracle:linux:qt5-qttools-libs-help, p-cpe:/a:oracle:linux:qt5-qtwebchannel, p-cpe:/a:oracle:linux:qt5-qtbase-examples, p-cpe:/a:oracle:linux:qt5-designer, p-cpe:/a:oracle:linux:qt5-qtwebsockets-devel, p-cpe:/a:oracle:linux:qt5-qtserialbus-examples, p-cpe:/a:oracle:linux:qt5-qtcanvas3d-examples, p-cpe:/a:oracle:linux:qt5-qtmultimedia, p-cpe:/a:oracle:linux:qt5-qtbase-odbc, p-cpe:/a:oracle:linux:qt5-qdbusviewer, p-cpe:/a:oracle:linux:qt5-qtserialbus, p-cpe:/a:oracle:linux:qt5-qtquickcontrols2, p-cpe:/a:oracle:linux:qt5-qtx11extras, p-cpe:/a:oracle:linux:qt5-qtserialport-devel, p-cpe:/a:oracle:linux:qt5-qtdeclarative-examples, p-cpe:/a:oracle:linux:qt5-qtwebsockets, p-cpe:/a:oracle:linux:qt5-linguist, p-cpe:/a:oracle:linux:qt5-qtsensors-examples, p-cpe:/a:oracle:linux:qt5-srpm-macros, p-cpe:/a:oracle:linux:qt5-qtscript, p-cpe:/a:oracle:linux:qt5-qtwayland-examples, p-cpe:/a:oracle:linux:qt5-qttools-libs-designer, p-cpe:/a:oracle:linux:qt5-qt3d, cpe:/o:oracle:linux:8, p-cpe:/a:oracle:linux:qt5-qtlocation-devel, p-cpe:/a:oracle:linux:qt5-qtsensors-devel, p-cpe:/a:oracle:linux:python3-pyqt5-sip, p-cpe:/a:oracle:linux:qt5-qtsvg-examples, p-cpe:/a:oracle:linux:qt5-qtxmlpatterns-examples, p-cpe:/a:oracle:linux:qt5-qtxmlpatterns-devel, p-cpe:/a:oracle:linux:qt5-qtx11extras-devel, p-cpe:/a:oracle:linux:qt5-qtconnectivity, p-cpe:/a:oracle:linux:qt5-qtbase, p-cpe:/a:oracle:linux:qt5-qt3d-devel, p-cpe:/a:oracle:linux:python3-qt5, p-cpe:/a:oracle:linux:qt5-qtbase-devel, p-cpe:/a:oracle:linux:qt5-qtquickcontrols, p-cpe:/a:oracle:linux:python3-qt5-base, p-cpe:/a:oracle:linux:qt5-qttools-devel, p-cpe:/a:oracle:linux:qt5-qtwayland, p-cpe:/a:oracle:linux:qt5-qtxmlpatterns, p-cpe:/a:oracle:linux:qt5-qtbase-common, p-cpe:/a:oracle:linux:qt5-qttools-common, p-cpe:/a:oracle:linux:qt5-qttools, p-cpe:/a:oracle:linux:qt5-qtsvg-devel, p-cpe:/a:oracle:linux:qt5-qtcanvas3d, p-cpe:/a:oracle:linux:qt5-qtmultimedia-examples, p-cpe:/a:oracle:linux:qt5-qtdeclarative-devel, p-cpe:/a:oracle:linux:qt5-qtquickcontrols-examples, p-cpe:/a:oracle:linux:qt5-qtbase-postgresql, p-cpe:/a:oracle:linux:qt5-qtquickcontrols2-examples, p-cpe:/a:oracle:linux:qt5-qtwebsockets-examples, p-cpe:/a:oracle:linux:qt5-qttools-examples, p-cpe:/a:oracle:linux:qt5-qtwebchannel-examples, p-cpe:/a:oracle:linux:qt5-qtimageformats, p-cpe:/a:oracle:linux:qt5-qtconnectivity-devel, p-cpe:/a:oracle:linux:qt5-qtgraphicaleffects, p-cpe:/a:oracle:linux:qt5-rpm-macros, p-cpe:/a:oracle:linux:qt5-qtdeclarative, p-cpe:/a:oracle:linux:qt5-qtbase-mysql, p-cpe:/a:oracle:linux:qt5-qtlocation, p-cpe:/a:oracle:linux:qt5-qtconnectivity-examples, p-cpe:/a:oracle:linux:qt5-qttools-libs-designercomponents, p-cpe:/a:oracle:linux:python-qt5-rpm-macros

Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/5/2020

Vulnerability Publication Date: 12/4/2018

Reference Information

CVE: CVE-2018-19869, CVE-2018-19871, CVE-2018-19872