[ MDKSA-2007:074 ] - Updated qt3 packages to address utf8 decoder bug
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2007:074
http://www.mandriva.com/security/
_______________________________________________________________________
Package : qt3
Date : April 3, 2007
Affected: 2007.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
Andreas Nolden discover a bug in qt3, where the UTF8 decoder does
not reject overlong sequences, which can cause "/../" injection or
(in the case of konqueror) a "<script>" tag injection.
Updated packages have been patched to address this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0242
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
197f5fc64a636d344f85172c0f55f935
2007.0/i586/libdesignercore1-3.3.6-18.2mdv2007.0.i586.rpm
ef251e2fa4c330d3d7672504a7a17f73
2007.0/i586/libeditor1-3.3.6-18.2mdv2007.0.i586.rpm
a76b9f73e574ce0a390e1e74229df3c4
2007.0/i586/libqassistantclient1-3.3.6-18.2mdv2007.0.i586.rpm
3d5b427ad8d017d7d03a45c13646419b
2007.0/i586/libqt3-3.3.6-18.2mdv2007.0.i586.rpm
e6f75f8888be833e0697b154d1a4b918
2007.0/i586/libqt3-devel-3.3.6-18.2mdv2007.0.i586.rpm
d49d93c7d05f53e43fef24232870aec4
2007.0/i586/libqt3-mysql-3.3.6-18.2mdv2007.0.i586.rpm
639bf499612fac322289774f9373a158
2007.0/i586/libqt3-odbc-3.3.6-18.2mdv2007.0.i586.rpm
1accaf27190fd00824d53cd768f6ee8f
2007.0/i586/libqt3-psql-3.3.6-18.2mdv2007.0.i586.rpm
f425d7c6374174f986c7fb18ff01b7af
2007.0/i586/libqt3-sqlite-3.3.6-18.2mdv2007.0.i586.rpm
fba973b46021cc942323e46d4f95c281
2007.0/i586/libqt3-static-devel-3.3.6-18.2mdv2007.0.i586.rpm
7224174c9859e3b15a3e2891f0cd3694
2007.0/i586/qt3-common-3.3.6-18.2mdv2007.0.i586.rpm
916288218a8d51a3775b948d511174da
2007.0/i586/qt3-doc-3.3.6-18.2mdv2007.0.i586.rpm
c46d421babfbced8d7979c841ec91f48
2007.0/i586/qt3-example-3.3.6-18.2mdv2007.0.i586.rpm
8ccae64a59693d325afdb0a4d97f1e73
2007.0/i586/qt3-tutorial-3.3.6-18.2mdv2007.0.i586.rpm
f64eae6906110a4290ca88100ef74712 2007.0/SRPMS/qt3-3.3.6-18.2mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
eb3eacbe6d0683e4387569fa3caf1686
2007.0/x86_64/lib64designercore1-3.3.6-18.2mdv2007.0.x86_64.rpm
1b3065161e948b61456341df7915cdb3
2007.0/x86_64/lib64editor1-3.3.6-18.2mdv2007.0.x86_64.rpm
11ebc8ecca3773f81b840cd697b1b96e
2007.0/x86_64/lib64qassistantclient1-3.3.6-18.2mdv2007.0.x86_64.rpm
c96b5b0b91bf0e760ff78acb66b70d18
2007.0/x86_64/lib64qt3-3.3.6-18.2mdv2007.0.x86_64.rpm
40f000b805328cc8af50804b152cb398
2007.0/x86_64/lib64qt3-devel-3.3.6-18.2mdv2007.0.x86_64.rpm
05d21c6c5ea213bde4a7bcca2c4cd512
2007.0/x86_64/lib64qt3-mysql-3.3.6-18.2mdv2007.0.x86_64.rpm
cd3c679fae15d9a40b30f1b9ae3a1717
2007.0/x86_64/lib64qt3-odbc-3.3.6-18.2mdv2007.0.x86_64.rpm
9c6a152c53901b1a35689c3960bab2c2
2007.0/x86_64/lib64qt3-psql-3.3.6-18.2mdv2007.0.x86_64.rpm
51272e9551816e1b8073cfd373868755
2007.0/x86_64/lib64qt3-sqlite-3.3.6-18.2mdv2007.0.x86_64.rpm
36f9d43236f59e3e36751cde37f0ced4
2007.0/x86_64/lib64qt3-static-devel-3.3.6-18.2mdv2007.0.x86_64.rpm
0dfca7d8fd4e478c62151fc818192c57
2007.0/x86_64/qt3-common-3.3.6-18.2mdv2007.0.x86_64.rpm
aa01d7a29c76f6265d6eaf1e20dd49f2
2007.0/x86_64/qt3-doc-3.3.6-18.2mdv2007.0.x86_64.rpm
541f64cc803b71ee6137079d32e8fc85
2007.0/x86_64/qt3-example-3.3.6-18.2mdv2007.0.x86_64.rpm
7e9e4c0300a85792741472792ea0bc3b
2007.0/x86_64/qt3-tutorial-3.3.6-18.2mdv2007.0.x86_64.rpm
f64eae6906110a4290ca88100ef74712 2007.0/SRPMS/qt3-3.3.6-18.2mdv2007.0.src.rpm
Corporate 3.0:
385497b479874316819b7771aadfd517
corporate/3.0/i586/libqt3-3.2.3-19.9.C30mdk.i586.rpm
ec86943f952baba9a198f9d7d3a4643f
corporate/3.0/i586/libqt3-devel-3.2.3-19.9.C30mdk.i586.rpm
112f08b41f4a90ed978627f0f4ab5703
corporate/3.0/i586/libqt3-mysql-3.2.3-19.9.C30mdk.i586.rpm
891d44417f4b7c6e7f0ae45e50ba0a86
corporate/3.0/i586/libqt3-odbc-3.2.3-19.9.C30mdk.i586.rpm
c4a7ca3d64bec956b91b565c5c8ca4a2
corporate/3.0/i586/libqt3-psql-3.2.3-19.9.C30mdk.i586.rpm
8e5e52f1244e871d1bc9a03ab8147d15
corporate/3.0/i586/qt3-common-3.2.3-19.9.C30mdk.i586.rpm
0478fd2961884bb04feacdc5eafebd0c
corporate/3.0/i586/qt3-example-3.2.3-19.9.C30mdk.i586.rpm
4b2ec406b19c3262bf4c1e8db2ecc6c8
corporate/3.0/SRPMS/qt3-3.2.3-19.9.C30mdk.src.rpm
Corporate 3.0/X86_64:
5c42ee1adf475d580538756ffbfd059c
corporate/3.0/x86_64/lib64qt3-3.2.3-19.9.C30mdk.x86_64.rpm
2d5ab2a771a1e9316898727f6a5c9df1
corporate/3.0/x86_64/lib64qt3-devel-3.2.3-19.9.C30mdk.x86_64.rpm
be6e2782b584731efd4aa865fd8ad6f8
corporate/3.0/x86_64/lib64qt3-mysql-3.2.3-19.9.C30mdk.x86_64.rpm
b1bff94156c99995644e44d3960a5717
corporate/3.0/x86_64/lib64qt3-odbc-3.2.3-19.9.C30mdk.x86_64.rpm
c7da167bd487a91d044117a6ed47058d
corporate/3.0/x86_64/lib64qt3-psql-3.2.3-19.9.C30mdk.x86_64.rpm
9a291392dec84fc1c347d1bf639b5898
corporate/3.0/x86_64/qt3-common-3.2.3-19.9.C30mdk.x86_64.rpm
49c0f39ca241aef711245659a8315793
corporate/3.0/x86_64/qt3-example-3.2.3-19.9.C30mdk.x86_64.rpm
4b2ec406b19c3262bf4c1e8db2ecc6c8
corporate/3.0/SRPMS/qt3-3.2.3-19.9.C30mdk.src.rpm
Corporate 4.0:
e71b376d4cb00cee69e5e177eb8bb5f8
corporate/4.0/i586/libdesignercore1-3.3.6-1.3.20060mlcs4.i586.rpm
3906d6c14aecc1c4add098573e979209
corporate/4.0/i586/libeditor1-3.3.6-1.3.20060mlcs4.i586.rpm
171b113aa4d6cb1186e6f3ab791e4027
corporate/4.0/i586/libqassistantclient1-3.3.6-1.3.20060mlcs4.i586.rpm
73b13cf4c392d9991f4233cc804ce58e
corporate/4.0/i586/libqt3-3.3.6-1.3.20060mlcs4.i586.rpm
428fb954a60aebb7ee3d9eba0ee3ec77
corporate/4.0/i586/libqt3-devel-3.3.6-1.3.20060mlcs4.i586.rpm
3eaffdf80cf7bc128fdb9e72d30447ee
corporate/4.0/i586/libqt3-mysql-3.3.6-1.3.20060mlcs4.i586.rpm
e6af7348543bc4d84cbf6635b6dd1144
corporate/4.0/i586/libqt3-odbc-3.3.6-1.3.20060mlcs4.i586.rpm
88bbf9422caec8f47ab4ad9bf0dd9e87
corporate/4.0/i586/libqt3-psql-3.3.6-1.3.20060mlcs4.i586.rpm
61b64f8a1ae275846aa0dbfeaf44dff6
corporate/4.0/i586/libqt3-sqlite-3.3.6-1.3.20060mlcs4.i586.rpm
5e273f02a926b18732380833307098e7
corporate/4.0/i586/libqt3-static-devel-3.3.6-1.3.20060mlcs4.i586.rpm
38cce79aff5de8631506239fae00e5a9
corporate/4.0/i586/qt3-common-3.3.6-1.3.20060mlcs4.i586.rpm
54c2def9ac0a35a17d52f6544dcf6733
corporate/4.0/i586/qt3-doc-3.3.6-1.3.20060mlcs4.i586.rpm
e056ee06b4975d808a6b668c0805adc8
corporate/4.0/i586/qt3-example-3.3.6-1.3.20060mlcs4.i586.rpm
ba13fa84c2d06e27eca084d207288c54
corporate/4.0/i586/qt3-tutorial-3.3.6-1.3.20060mlcs4.i586.rpm
05f2ce00370a020469aa9c77cc976485
corporate/4.0/SRPMS/qt3-3.3.6-1.3.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
e66b2615eb399e5a5cd280c8c8571b5d
corporate/4.0/x86_64/lib64designercore1-3.3.6-1.3.20060mlcs4.x86_64.rpm
7bddeddb4e2efdc4ede067c6b00909f1
corporate/4.0/x86_64/lib64editor1-3.3.6-1.3.20060mlcs4.x86_64.rpm
6e2a4cfe8cd56271dc02d22c25a3e4a0
corporate/4.0/x86_64/lib64qassistantclient1-3.3.6-1.3.20060mlcs4.x86_64.rpm
007a7af0dc66397f2bf132483f776947
corporate/4.0/x86_64/lib64qt3-3.3.6-1.3.20060mlcs4.x86_64.rpm
f2db6adf0959c05a14d2fdd555c92b45
corporate/4.0/x86_64/lib64qt3-devel-3.3.6-1.3.20060mlcs4.x86_64.rpm
bc0bc0ffd61b4ebab95ee8a22a413b33
corporate/4.0/x86_64/lib64qt3-mysql-3.3.6-1.3.20060mlcs4.x86_64.rpm
763345553d8ae492e9221a1d3721baee
corporate/4.0/x86_64/lib64qt3-odbc-3.3.6-1.3.20060mlcs4.x86_64.rpm
be194485364299a3ed3c32d6a3ba2508
corporate/4.0/x86_64/lib64qt3-psql-3.3.6-1.3.20060mlcs4.x86_64.rpm
1b07f8aba0106767a6d9c3bc3221d98d
corporate/4.0/x86_64/lib64qt3-sqlite-3.3.6-1.3.20060mlcs4.x86_64.rpm
76ddcafb875e75fb452f063284a43ae4
corporate/4.0/x86_64/lib64qt3-static-devel-3.3.6-1.3.20060mlcs4.x86_64.rpm
356f14104ee86a9b210c74afe0b118b7
corporate/4.0/x86_64/qt3-common-3.3.6-1.3.20060mlcs4.x86_64.rpm
6354893ce7173d96d576bc0546daecca
corporate/4.0/x86_64/qt3-doc-3.3.6-1.3.20060mlcs4.x86_64.rpm
9b02a16dbff2b85736b7280495ac78eb
corporate/4.0/x86_64/qt3-example-3.3.6-1.3.20060mlcs4.x86_64.rpm
103ce9708965fdfbcddd6c33caf383df
corporate/4.0/x86_64/qt3-tutorial-3.3.6-1.3.20060mlcs4.x86_64.rpm
05f2ce00370a020469aa9c77cc976485
corporate/4.0/SRPMS/qt3-3.3.6-1.3.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGEtZhmqjQ0CJFipgRAkO7AJ4kVAUk9mSGwasGtZloaWDYd2Ge7wCgi2n7
lg3qQ1gjNo5R1ziZQNpcxW4=
=8Cuq
-----END PGP SIGNATURE-----