[ MDKSA-2007:075 ] - Updated qt4 packages to address utf8 decoder bug
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2007:075
http://www.mandriva.com/security/
_______________________________________________________________________
Package : qt4
Date : April 3, 2007
Affected: 2007.0
_______________________________________________________________________
Problem Description:
Andreas Nolden discover a bug in qt4, where the UTF8 decoder does
not reject overlong sequences, which can cause "/../" injection or
(in the case of konqueror) a "<script>" tag injection.
Updated packages have been patched to address this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0242
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
d054529b274819f32fe9326d36a578b8
2007.0/i586/libqassistant1-4.1.4-12.2mdv2007.0.i586.rpm
e10a4eca27dadcce177f7680e77d8652
2007.0/i586/libqt3support4-4.1.4-12.2mdv2007.0.i586.rpm
21c777dedde542827124d95c2b01ff82
2007.0/i586/libqt4-devel-4.1.4-12.2mdv2007.0.i586.rpm
3b3dc84ac4723988371b0c8ca5c1021c
2007.0/i586/libqtcore4-4.1.4-12.2mdv2007.0.i586.rpm
452215c9b6cd44c3fe4a90ce0c9be903
2007.0/i586/libqtdesigner1-4.1.4-12.2mdv2007.0.i586.rpm
f8949857c7586325df1d99448a5e64af
2007.0/i586/libqtgui4-4.1.4-12.2mdv2007.0.i586.rpm
2d7c2686d61759af02f2f61867e3b543
2007.0/i586/libqtnetwork4-4.1.4-12.2mdv2007.0.i586.rpm
2536e814b97db94bbc59e5e3d9bdf3a6
2007.0/i586/libqtopengl4-4.1.4-12.2mdv2007.0.i586.rpm
6dfbbf8ff4b10c24a59a4e6fb96dd581
2007.0/i586/libqtsql4-4.1.4-12.2mdv2007.0.i586.rpm
7d25c0af73fd8ab1db42ece2d26381a0
2007.0/i586/libqtsvg4-4.1.4-12.2mdv2007.0.i586.rpm
4e01c0ea12f75d4ac61f329af33c7d50
2007.0/i586/libqttest4-4.1.4-12.2mdv2007.0.i586.rpm
70d0108857206b2cd13d52c48c765446
2007.0/i586/libqtuitools4-4.1.4-12.2mdv2007.0.i586.rpm
82ad39ca0fa128a6a34b9705aab1cc3f
2007.0/i586/libqtxml4-4.1.4-12.2mdv2007.0.i586.rpm
775be8dafd268b4ff4b57e2fc6cdc0ad
2007.0/i586/qt4-accessibility-plugin-lib-4.1.4-12.2mdv2007.0.i586.rpm
f541894c5229c2f41d0a8a3a08676c31
2007.0/i586/qt4-assistant-4.1.4-12.2mdv2007.0.i586.rpm
5a135d20afbdfaacbc0e75e3709695fc
2007.0/i586/qt4-common-4.1.4-12.2mdv2007.0.i586.rpm
11fcd8ccdccc905d462ead19a641cc68
2007.0/i586/qt4-database-plugin-mysql-lib-4.1.4-12.2mdv2007.0.i586.rpm
4a2f5b0b718dc06fe427a4a72f598dbe
2007.0/i586/qt4-database-plugin-odbc-lib-4.1.4-12.2mdv2007.0.i586.rpm
609899eab0f4bf81e81e36da6388ea3f
2007.0/i586/qt4-database-plugin-pgsql-lib-4.1.4-12.2mdv2007.0.i586.rpm
7bca2e164d9dd353e728e4f08007641f
2007.0/i586/qt4-database-plugin-sqlite-lib-4.1.4-12.2mdv2007.0.i586.rpm
efe296e5b144dc2f6bb0f0a4af0ded51
2007.0/i586/qt4-designer-4.1.4-12.2mdv2007.0.i586.rpm
28e6ab0e23f15b688cdee854ddeaad07
2007.0/i586/qt4-doc-4.1.4-12.2mdv2007.0.i586.rpm
3c928ca99dc461342fb006d66980a71a
2007.0/i586/qt4-examples-4.1.4-12.2mdv2007.0.i586.rpm
2391840318fc7cfd8fff04e383e11406
2007.0/i586/qt4-linguist-4.1.4-12.2mdv2007.0.i586.rpm
625803653ad2a340c2835bebbed02543
2007.0/i586/qt4-tutorial-4.1.4-12.2mdv2007.0.i586.rpm
6ee0a42b2108f0a8ad736b267a7affea 2007.0/SRPMS/qt4-4.1.4-12.2mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
55dff7e7ccc806011957eb46e5666932
2007.0/x86_64/lib64qassistant1-4.1.4-12.2mdv2007.0.x86_64.rpm
8c1bfc2389e3014a5c5c4a37dfd8b788
2007.0/x86_64/lib64qt3support4-4.1.4-12.2mdv2007.0.x86_64.rpm
94545bcbd4484ccfc55aa9293df3cf55
2007.0/x86_64/lib64qt4-devel-4.1.4-12.2mdv2007.0.x86_64.rpm
7994880bd5ee8b31a9c586669e77d156
2007.0/x86_64/lib64qtcore4-4.1.4-12.2mdv2007.0.x86_64.rpm
40593e39f4550446e49893bc8c6f498e
2007.0/x86_64/lib64qtdesigner1-4.1.4-12.2mdv2007.0.x86_64.rpm
f4fcbfae9c0f24bfb0621025dd0b09f6
2007.0/x86_64/lib64qtgui4-4.1.4-12.2mdv2007.0.x86_64.rpm
1f52ada8165f7bb457fe74b6c35e7630
2007.0/x86_64/lib64qtnetwork4-4.1.4-12.2mdv2007.0.x86_64.rpm
31dbb4d98ea1d4a985ed73e6c7b12c92
2007.0/x86_64/lib64qtopengl4-4.1.4-12.2mdv2007.0.x86_64.rpm
156a8ae2d401b0cddf12fdffc38f5dc5
2007.0/x86_64/lib64qtsql4-4.1.4-12.2mdv2007.0.x86_64.rpm
895ad7e290d98efbd8e83cc1b660b115
2007.0/x86_64/lib64qtsvg4-4.1.4-12.2mdv2007.0.x86_64.rpm
ba5e3c4480b44ef1b5af2cf0240c2b01
2007.0/x86_64/lib64qttest4-4.1.4-12.2mdv2007.0.x86_64.rpm
d6daaabf97959d85a94890ffc2cbb633
2007.0/x86_64/lib64qtuitools4-4.1.4-12.2mdv2007.0.x86_64.rpm
b9102cfeb67eb8033e9006b17e8c7774
2007.0/x86_64/lib64qtxml4-4.1.4-12.2mdv2007.0.x86_64.rpm
f1821ce484b6d4eae4f58b501a36ebf6
2007.0/x86_64/qt4-accessibility-plugin-lib64-4.1.4-12.2mdv2007.0.x86_64.rpm
ac219d13d2dea0ba591769379f22250d
2007.0/x86_64/qt4-assistant-4.1.4-12.2mdv2007.0.x86_64.rpm
35ab73423a4cc16d062e895666464bcc
2007.0/x86_64/qt4-common-4.1.4-12.2mdv2007.0.x86_64.rpm
c26ab910886d41510638e2e609c2fccb
2007.0/x86_64/qt4-database-plugin-mysql-lib64-4.1.4-12.2mdv2007.0.x86_64.rpm
ffb64edfdd80070661ce99a293eda5be
2007.0/x86_64/qt4-database-plugin-odbc-lib64-4.1.4-12.2mdv2007.0.x86_64.rpm
5da413e0ffa00b38b6347325ee3bfb9a
2007.0/x86_64/qt4-database-plugin-pgsql-lib64-4.1.4-12.2mdv2007.0.x86_64.rpm
b682ff6f82675464144692d4e6f04ff3
2007.0/x86_64/qt4-database-plugin-sqlite-lib64-4.1.4-12.2mdv2007.0.x86_64.rpm
5bec9e7eba4a1ac3621603d6d59304bc
2007.0/x86_64/qt4-designer-4.1.4-12.2mdv2007.0.x86_64.rpm
aa12bf92b19fa8f4cb97c9b54bd8237a
2007.0/x86_64/qt4-doc-4.1.4-12.2mdv2007.0.x86_64.rpm
41483d26fc809ca92051d3c1bed14721
2007.0/x86_64/qt4-examples-4.1.4-12.2mdv2007.0.x86_64.rpm
1cfb20cc55756ffc03502b9a60403617
2007.0/x86_64/qt4-linguist-4.1.4-12.2mdv2007.0.x86_64.rpm
7df68fbcccd37f4d8f7a177977bbeea0
2007.0/x86_64/qt4-tutorial-4.1.4-12.2mdv2007.0.x86_64.rpm
6ee0a42b2108f0a8ad736b267a7affea 2007.0/SRPMS/qt4-4.1.4-12.2mdv2007.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGEtatmqjQ0CJFipgRAqW9AKCBKFAYoUVw9qc19+PtDsdfEX2lzwCg9pVI
R+GiNSUm6V0jv58PhAboQfo=
=BcET
-----END PGP SIGNATURE-----