[ MDKSA-2007:074 ] - Updated qt3 packages to address utf8 decoder bug

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: [ MDKSA-2007:074 ] - Updated qt3 packages to address utf8 decoder bug
From: security@xxxxxxxxxxxx
Date: Tue, 03 Apr 2007 19:34:27 -0600
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Reply-to: <xsecurity@xxxxxxxxxxxx>
Sender: QA Team <qateam@xxxxxxxxxxxxxxxxx>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:074
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : qt3
 Date    : April 3, 2007
 Affected: 2007.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 Andreas Nolden discover a bug in qt3, where the UTF8 decoder does
 not reject overlong sequences, which can cause "/../" injection or
 (in the case of konqueror) a "<script>" tag injection.
 
 Updated packages have been patched to address this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0242
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 197f5fc64a636d344f85172c0f55f935  
2007.0/i586/libdesignercore1-3.3.6-18.2mdv2007.0.i586.rpm
 ef251e2fa4c330d3d7672504a7a17f73  
2007.0/i586/libeditor1-3.3.6-18.2mdv2007.0.i586.rpm
 a76b9f73e574ce0a390e1e74229df3c4  
2007.0/i586/libqassistantclient1-3.3.6-18.2mdv2007.0.i586.rpm
 3d5b427ad8d017d7d03a45c13646419b  
2007.0/i586/libqt3-3.3.6-18.2mdv2007.0.i586.rpm
 e6f75f8888be833e0697b154d1a4b918  
2007.0/i586/libqt3-devel-3.3.6-18.2mdv2007.0.i586.rpm
 d49d93c7d05f53e43fef24232870aec4  
2007.0/i586/libqt3-mysql-3.3.6-18.2mdv2007.0.i586.rpm
 639bf499612fac322289774f9373a158  
2007.0/i586/libqt3-odbc-3.3.6-18.2mdv2007.0.i586.rpm
 1accaf27190fd00824d53cd768f6ee8f  
2007.0/i586/libqt3-psql-3.3.6-18.2mdv2007.0.i586.rpm
 f425d7c6374174f986c7fb18ff01b7af  
2007.0/i586/libqt3-sqlite-3.3.6-18.2mdv2007.0.i586.rpm
 fba973b46021cc942323e46d4f95c281  
2007.0/i586/libqt3-static-devel-3.3.6-18.2mdv2007.0.i586.rpm
 7224174c9859e3b15a3e2891f0cd3694  
2007.0/i586/qt3-common-3.3.6-18.2mdv2007.0.i586.rpm
 916288218a8d51a3775b948d511174da  
2007.0/i586/qt3-doc-3.3.6-18.2mdv2007.0.i586.rpm
 c46d421babfbced8d7979c841ec91f48  
2007.0/i586/qt3-example-3.3.6-18.2mdv2007.0.i586.rpm
 8ccae64a59693d325afdb0a4d97f1e73  
2007.0/i586/qt3-tutorial-3.3.6-18.2mdv2007.0.i586.rpm 
 f64eae6906110a4290ca88100ef74712  2007.0/SRPMS/qt3-3.3.6-18.2mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 eb3eacbe6d0683e4387569fa3caf1686  
2007.0/x86_64/lib64designercore1-3.3.6-18.2mdv2007.0.x86_64.rpm
 1b3065161e948b61456341df7915cdb3  
2007.0/x86_64/lib64editor1-3.3.6-18.2mdv2007.0.x86_64.rpm
 11ebc8ecca3773f81b840cd697b1b96e  
2007.0/x86_64/lib64qassistantclient1-3.3.6-18.2mdv2007.0.x86_64.rpm
 c96b5b0b91bf0e760ff78acb66b70d18  
2007.0/x86_64/lib64qt3-3.3.6-18.2mdv2007.0.x86_64.rpm
 40f000b805328cc8af50804b152cb398  
2007.0/x86_64/lib64qt3-devel-3.3.6-18.2mdv2007.0.x86_64.rpm
 05d21c6c5ea213bde4a7bcca2c4cd512  
2007.0/x86_64/lib64qt3-mysql-3.3.6-18.2mdv2007.0.x86_64.rpm
 cd3c679fae15d9a40b30f1b9ae3a1717  
2007.0/x86_64/lib64qt3-odbc-3.3.6-18.2mdv2007.0.x86_64.rpm
 9c6a152c53901b1a35689c3960bab2c2  
2007.0/x86_64/lib64qt3-psql-3.3.6-18.2mdv2007.0.x86_64.rpm
 51272e9551816e1b8073cfd373868755  
2007.0/x86_64/lib64qt3-sqlite-3.3.6-18.2mdv2007.0.x86_64.rpm
 36f9d43236f59e3e36751cde37f0ced4  
2007.0/x86_64/lib64qt3-static-devel-3.3.6-18.2mdv2007.0.x86_64.rpm
 0dfca7d8fd4e478c62151fc818192c57  
2007.0/x86_64/qt3-common-3.3.6-18.2mdv2007.0.x86_64.rpm
 aa01d7a29c76f6265d6eaf1e20dd49f2  
2007.0/x86_64/qt3-doc-3.3.6-18.2mdv2007.0.x86_64.rpm
 541f64cc803b71ee6137079d32e8fc85  
2007.0/x86_64/qt3-example-3.3.6-18.2mdv2007.0.x86_64.rpm
 7e9e4c0300a85792741472792ea0bc3b  
2007.0/x86_64/qt3-tutorial-3.3.6-18.2mdv2007.0.x86_64.rpm 
 f64eae6906110a4290ca88100ef74712  2007.0/SRPMS/qt3-3.3.6-18.2mdv2007.0.src.rpm

 Corporate 3.0:
 385497b479874316819b7771aadfd517  
corporate/3.0/i586/libqt3-3.2.3-19.9.C30mdk.i586.rpm
 ec86943f952baba9a198f9d7d3a4643f  
corporate/3.0/i586/libqt3-devel-3.2.3-19.9.C30mdk.i586.rpm
 112f08b41f4a90ed978627f0f4ab5703  
corporate/3.0/i586/libqt3-mysql-3.2.3-19.9.C30mdk.i586.rpm
 891d44417f4b7c6e7f0ae45e50ba0a86  
corporate/3.0/i586/libqt3-odbc-3.2.3-19.9.C30mdk.i586.rpm
 c4a7ca3d64bec956b91b565c5c8ca4a2  
corporate/3.0/i586/libqt3-psql-3.2.3-19.9.C30mdk.i586.rpm
 8e5e52f1244e871d1bc9a03ab8147d15  
corporate/3.0/i586/qt3-common-3.2.3-19.9.C30mdk.i586.rpm
 0478fd2961884bb04feacdc5eafebd0c  
corporate/3.0/i586/qt3-example-3.2.3-19.9.C30mdk.i586.rpm 
 4b2ec406b19c3262bf4c1e8db2ecc6c8  
corporate/3.0/SRPMS/qt3-3.2.3-19.9.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 5c42ee1adf475d580538756ffbfd059c  
corporate/3.0/x86_64/lib64qt3-3.2.3-19.9.C30mdk.x86_64.rpm
 2d5ab2a771a1e9316898727f6a5c9df1  
corporate/3.0/x86_64/lib64qt3-devel-3.2.3-19.9.C30mdk.x86_64.rpm
 be6e2782b584731efd4aa865fd8ad6f8  
corporate/3.0/x86_64/lib64qt3-mysql-3.2.3-19.9.C30mdk.x86_64.rpm
 b1bff94156c99995644e44d3960a5717  
corporate/3.0/x86_64/lib64qt3-odbc-3.2.3-19.9.C30mdk.x86_64.rpm
 c7da167bd487a91d044117a6ed47058d  
corporate/3.0/x86_64/lib64qt3-psql-3.2.3-19.9.C30mdk.x86_64.rpm
 9a291392dec84fc1c347d1bf639b5898  
corporate/3.0/x86_64/qt3-common-3.2.3-19.9.C30mdk.x86_64.rpm
 49c0f39ca241aef711245659a8315793  
corporate/3.0/x86_64/qt3-example-3.2.3-19.9.C30mdk.x86_64.rpm 
 4b2ec406b19c3262bf4c1e8db2ecc6c8  
corporate/3.0/SRPMS/qt3-3.2.3-19.9.C30mdk.src.rpm

 Corporate 4.0:
 e71b376d4cb00cee69e5e177eb8bb5f8  
corporate/4.0/i586/libdesignercore1-3.3.6-1.3.20060mlcs4.i586.rpm
 3906d6c14aecc1c4add098573e979209  
corporate/4.0/i586/libeditor1-3.3.6-1.3.20060mlcs4.i586.rpm
 171b113aa4d6cb1186e6f3ab791e4027  
corporate/4.0/i586/libqassistantclient1-3.3.6-1.3.20060mlcs4.i586.rpm
 73b13cf4c392d9991f4233cc804ce58e  
corporate/4.0/i586/libqt3-3.3.6-1.3.20060mlcs4.i586.rpm
 428fb954a60aebb7ee3d9eba0ee3ec77  
corporate/4.0/i586/libqt3-devel-3.3.6-1.3.20060mlcs4.i586.rpm
 3eaffdf80cf7bc128fdb9e72d30447ee  
corporate/4.0/i586/libqt3-mysql-3.3.6-1.3.20060mlcs4.i586.rpm
 e6af7348543bc4d84cbf6635b6dd1144  
corporate/4.0/i586/libqt3-odbc-3.3.6-1.3.20060mlcs4.i586.rpm
 88bbf9422caec8f47ab4ad9bf0dd9e87  
corporate/4.0/i586/libqt3-psql-3.3.6-1.3.20060mlcs4.i586.rpm
 61b64f8a1ae275846aa0dbfeaf44dff6  
corporate/4.0/i586/libqt3-sqlite-3.3.6-1.3.20060mlcs4.i586.rpm
 5e273f02a926b18732380833307098e7  
corporate/4.0/i586/libqt3-static-devel-3.3.6-1.3.20060mlcs4.i586.rpm
 38cce79aff5de8631506239fae00e5a9  
corporate/4.0/i586/qt3-common-3.3.6-1.3.20060mlcs4.i586.rpm
 54c2def9ac0a35a17d52f6544dcf6733  
corporate/4.0/i586/qt3-doc-3.3.6-1.3.20060mlcs4.i586.rpm
 e056ee06b4975d808a6b668c0805adc8  
corporate/4.0/i586/qt3-example-3.3.6-1.3.20060mlcs4.i586.rpm
 ba13fa84c2d06e27eca084d207288c54  
corporate/4.0/i586/qt3-tutorial-3.3.6-1.3.20060mlcs4.i586.rpm 
 05f2ce00370a020469aa9c77cc976485  
corporate/4.0/SRPMS/qt3-3.3.6-1.3.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 e66b2615eb399e5a5cd280c8c8571b5d  
corporate/4.0/x86_64/lib64designercore1-3.3.6-1.3.20060mlcs4.x86_64.rpm
 7bddeddb4e2efdc4ede067c6b00909f1  
corporate/4.0/x86_64/lib64editor1-3.3.6-1.3.20060mlcs4.x86_64.rpm
 6e2a4cfe8cd56271dc02d22c25a3e4a0  
corporate/4.0/x86_64/lib64qassistantclient1-3.3.6-1.3.20060mlcs4.x86_64.rpm
 007a7af0dc66397f2bf132483f776947  
corporate/4.0/x86_64/lib64qt3-3.3.6-1.3.20060mlcs4.x86_64.rpm
 f2db6adf0959c05a14d2fdd555c92b45  
corporate/4.0/x86_64/lib64qt3-devel-3.3.6-1.3.20060mlcs4.x86_64.rpm
 bc0bc0ffd61b4ebab95ee8a22a413b33  
corporate/4.0/x86_64/lib64qt3-mysql-3.3.6-1.3.20060mlcs4.x86_64.rpm
 763345553d8ae492e9221a1d3721baee  
corporate/4.0/x86_64/lib64qt3-odbc-3.3.6-1.3.20060mlcs4.x86_64.rpm
 be194485364299a3ed3c32d6a3ba2508  
corporate/4.0/x86_64/lib64qt3-psql-3.3.6-1.3.20060mlcs4.x86_64.rpm
 1b07f8aba0106767a6d9c3bc3221d98d  
corporate/4.0/x86_64/lib64qt3-sqlite-3.3.6-1.3.20060mlcs4.x86_64.rpm
 76ddcafb875e75fb452f063284a43ae4  
corporate/4.0/x86_64/lib64qt3-static-devel-3.3.6-1.3.20060mlcs4.x86_64.rpm
 356f14104ee86a9b210c74afe0b118b7  
corporate/4.0/x86_64/qt3-common-3.3.6-1.3.20060mlcs4.x86_64.rpm
 6354893ce7173d96d576bc0546daecca  
corporate/4.0/x86_64/qt3-doc-3.3.6-1.3.20060mlcs4.x86_64.rpm
 9b02a16dbff2b85736b7280495ac78eb  
corporate/4.0/x86_64/qt3-example-3.3.6-1.3.20060mlcs4.x86_64.rpm
 103ce9708965fdfbcddd6c33caf383df  
corporate/4.0/x86_64/qt3-tutorial-3.3.6-1.3.20060mlcs4.x86_64.rpm 
 05f2ce00370a020469aa9c77cc976485  
corporate/4.0/SRPMS/qt3-3.3.6-1.3.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGEtZhmqjQ0CJFipgRAkO7AJ4kVAUk9mSGwasGtZloaWDYd2Ge7wCgi2n7
lg3qQ1gjNo5R1ziZQNpcxW4=
=8Cuq
-----END PGP SIGNATURE-----

Prev by Date: CYBSEC Release: SAP Security - Paper & Tool release
Next by Date: [MajorSecurity Advisory #38]eXV2 CMS - Session fixation and Cross-Site-Scripting Issues
Previous by thread: CYBSEC Release: SAP Security - Paper & Tool release
Next by thread: [MajorSecurity Advisory #38]eXV2 CMS - Session fixation and Cross-Site-Scripting Issues
Index(es):
- Date
- Thread