To: [email protected]Subject: [ MDKSA-2007:075 ] - Updated qt4 packages to address utf8 decoder bug
Date: Tue, 03 Apr 2007 19:35:34 -0600
From: [email protected]
Reply-To: <xsecurity@mandriva.com.>
Message-Id: <E1HYuPO-0002qf-4I@artemis.annvix.ca.>
Sender: QA Team <qateam@artemis.annvix.ca.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2007:075
http://www.mandriva.com/security/
_______________________________________________________________________
Package : qt4
Date : April 3, 2007
Affected: 2007.0
_______________________________________________________________________
Problem Description:
Andreas Nolden discover a bug in qt4, where the UTF8 decoder does
not reject overlong sequences, which can cause "/../" injection or
(in the case of konqueror) a "<script>" tag injection.
Updated packages have been patched to address this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0242
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
d054529b274819f32fe9326d36a578b8 2007.0/i586/libqassistant1-4.1.4-12.2mdv2007.0.i586.rpm
e10a4eca27dadcce177f7680e77d8652 2007.0/i586/libqt3support4-4.1.4-12.2mdv2007.0.i586.rpm
21c777dedde542827124d95c2b01ff82 2007.0/i586/libqt4-devel-4.1.4-12.2mdv2007.0.i586.rpm
3b3dc84ac4723988371b0c8ca5c1021c 2007.0/i586/libqtcore4-4.1.4-12.2mdv2007.0.i586.rpm
452215c9b6cd44c3fe4a90ce0c9be903 2007.0/i586/libqtdesigner1-4.1.4-12.2mdv2007.0.i586.rpm
f8949857c7586325df1d99448a5e64af 2007.0/i586/libqtgui4-4.1.4-12.2mdv2007.0.i586.rpm
2d7c2686d61759af02f2f61867e3b543 2007.0/i586/libqtnetwork4-4.1.4-12.2mdv2007.0.i586.rpm
2536e814b97db94bbc59e5e3d9bdf3a6 2007.0/i586/libqtopengl4-4.1.4-12.2mdv2007.0.i586.rpm
6dfbbf8ff4b10c24a59a4e6fb96dd581 2007.0/i586/libqtsql4-4.1.4-12.2mdv2007.0.i586.rpm
7d25c0af73fd8ab1db42ece2d26381a0 2007.0/i586/libqtsvg4-4.1.4-12.2mdv2007.0.i586.rpm
4e01c0ea12f75d4ac61f329af33c7d50 2007.0/i586/libqttest4-4.1.4-12.2mdv2007.0.i586.rpm
70d0108857206b2cd13d52c48c765446 2007.0/i586/libqtuitools4-4.1.4-12.2mdv2007.0.i586.rpm
82ad39ca0fa128a6a34b9705aab1cc3f 2007.0/i586/libqtxml4-4.1.4-12.2mdv2007.0.i586.rpm
775be8dafd268b4ff4b57e2fc6cdc0ad 2007.0/i586/qt4-accessibility-plugin-lib-4.1.4-12.2mdv2007.0.i586.rpm
f541894c5229c2f41d0a8a3a08676c31 2007.0/i586/qt4-assistant-4.1.4-12.2mdv2007.0.i586.rpm
5a135d20afbdfaacbc0e75e3709695fc 2007.0/i586/qt4-common-4.1.4-12.2mdv2007.0.i586.rpm
11fcd8ccdccc905d462ead19a641cc68 2007.0/i586/qt4-database-plugin-mysql-lib-4.1.4-12.2mdv2007.0.i586.rpm
4a2f5b0b718dc06fe427a4a72f598dbe 2007.0/i586/qt4-database-plugin-odbc-lib-4.1.4-12.2mdv2007.0.i586.rpm
609899eab0f4bf81e81e36da6388ea3f 2007.0/i586/qt4-database-plugin-pgsql-lib-4.1.4-12.2mdv2007.0.i586.rpm
7bca2e164d9dd353e728e4f08007641f 2007.0/i586/qt4-database-plugin-sqlite-lib-4.1.4-12.2mdv2007.0.i586.rpm
efe296e5b144dc2f6bb0f0a4af0ded51 2007.0/i586/qt4-designer-4.1.4-12.2mdv2007.0.i586.rpm
28e6ab0e23f15b688cdee854ddeaad07 2007.0/i586/qt4-doc-4.1.4-12.2mdv2007.0.i586.rpm
3c928ca99dc461342fb006d66980a71a 2007.0/i586/qt4-examples-4.1.4-12.2mdv2007.0.i586.rpm
2391840318fc7cfd8fff04e383e11406 2007.0/i586/qt4-linguist-4.1.4-12.2mdv2007.0.i586.rpm
625803653ad2a340c2835bebbed02543 2007.0/i586/qt4-tutorial-4.1.4-12.2mdv2007.0.i586.rpm
6ee0a42b2108f0a8ad736b267a7affea 2007.0/SRPMS/qt4-4.1.4-12.2mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
55dff7e7ccc806011957eb46e5666932 2007.0/x86_64/lib64qassistant1-4.1.4-12.2mdv2007.0.x86_64.rpm
8c1bfc2389e3014a5c5c4a37dfd8b788 2007.0/x86_64/lib64qt3support4-4.1.4-12.2mdv2007.0.x86_64.rpm
94545bcbd4484ccfc55aa9293df3cf55 2007.0/x86_64/lib64qt4-devel-4.1.4-12.2mdv2007.0.x86_64.rpm
7994880bd5ee8b31a9c586669e77d156 2007.0/x86_64/lib64qtcore4-4.1.4-12.2mdv2007.0.x86_64.rpm
40593e39f4550446e49893bc8c6f498e 2007.0/x86_64/lib64qtdesigner1-4.1.4-12.2mdv2007.0.x86_64.rpm
f4fcbfae9c0f24bfb0621025dd0b09f6 2007.0/x86_64/lib64qtgui4-4.1.4-12.2mdv2007.0.x86_64.rpm
1f52ada8165f7bb457fe74b6c35e7630 2007.0/x86_64/lib64qtnetwork4-4.1.4-12.2mdv2007.0.x86_64.rpm
31dbb4d98ea1d4a985ed73e6c7b12c92 2007.0/x86_64/lib64qtopengl4-4.1.4-12.2mdv2007.0.x86_64.rpm
156a8ae2d401b0cddf12fdffc38f5dc5 2007.0/x86_64/lib64qtsql4-4.1.4-12.2mdv2007.0.x86_64.rpm
895ad7e290d98efbd8e83cc1b660b115 2007.0/x86_64/lib64qtsvg4-4.1.4-12.2mdv2007.0.x86_64.rpm
ba5e3c4480b44ef1b5af2cf0240c2b01 2007.0/x86_64/lib64qttest4-4.1.4-12.2mdv2007.0.x86_64.rpm
d6daaabf97959d85a94890ffc2cbb633 2007.0/x86_64/lib64qtuitools4-4.1.4-12.2mdv2007.0.x86_64.rpm
b9102cfeb67eb8033e9006b17e8c7774 2007.0/x86_64/lib64qtxml4-4.1.4-12.2mdv2007.0.x86_64.rpm
f1821ce484b6d4eae4f58b501a36ebf6 2007.0/x86_64/qt4-accessibility-plugin-lib64-4.1.4-12.2mdv2007.0.x86_64.rpm
ac219d13d2dea0ba591769379f22250d 2007.0/x86_64/qt4-assistant-4.1.4-12.2mdv2007.0.x86_64.rpm
35ab73423a4cc16d062e895666464bcc 2007.0/x86_64/qt4-common-4.1.4-12.2mdv2007.0.x86_64.rpm
c26ab910886d41510638e2e609c2fccb 2007.0/x86_64/qt4-database-plugin-mysql-lib64-4.1.4-12.2mdv2007.0.x86_64.rpm
ffb64edfdd80070661ce99a293eda5be 2007.0/x86_64/qt4-database-plugin-odbc-lib64-4.1.4-12.2mdv2007.0.x86_64.rpm
5da413e0ffa00b38b6347325ee3bfb9a 2007.0/x86_64/qt4-database-plugin-pgsql-lib64-4.1.4-12.2mdv2007.0.x86_64.rpm
b682ff6f82675464144692d4e6f04ff3 2007.0/x86_64/qt4-database-plugin-sqlite-lib64-4.1.4-12.2mdv2007.0.x86_64.rpm
5bec9e7eba4a1ac3621603d6d59304bc 2007.0/x86_64/qt4-designer-4.1.4-12.2mdv2007.0.x86_64.rpm
aa12bf92b19fa8f4cb97c9b54bd8237a 2007.0/x86_64/qt4-doc-4.1.4-12.2mdv2007.0.x86_64.rpm
41483d26fc809ca92051d3c1bed14721 2007.0/x86_64/qt4-examples-4.1.4-12.2mdv2007.0.x86_64.rpm
1cfb20cc55756ffc03502b9a60403617 2007.0/x86_64/qt4-linguist-4.1.4-12.2mdv2007.0.x86_64.rpm
7df68fbcccd37f4d8f7a177977bbeea0 2007.0/x86_64/qt4-tutorial-4.1.4-12.2mdv2007.0.x86_64.rpm
6ee0a42b2108f0a8ad736b267a7affea 2007.0/SRPMS/qt4-4.1.4-12.2mdv2007.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGEtatmqjQ0CJFipgRAqW9AKCBKFAYoUVw9qc19+PtDsdfEX2lzwCg9pVI
R+GiNSUm6V0jv58PhAboQfo=
=BcET
-----END PGP SIGNATURE-----