-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:075
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : qt4
 Date    : April 3, 2007
 Affected: 2007.0
 _______________________________________________________________________
 
 Problem Description:
 
 Andreas Nolden discover a bug in qt4, where the UTF8 decoder does
 not reject overlong sequences, which can cause "/../" injection or
 (in the case of konqueror) a "<script>" tag injection.
 
 Updated packages have been patched to address this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0242
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 d054529b274819f32fe9326d36a578b8  
2007.0/i586/libqassistant1-4.1.4-12.2mdv2007.0.i586.rpm
 e10a4eca27dadcce177f7680e77d8652  
2007.0/i586/libqt3support4-4.1.4-12.2mdv2007.0.i586.rpm
 21c777dedde542827124d95c2b01ff82  
2007.0/i586/libqt4-devel-4.1.4-12.2mdv2007.0.i586.rpm
 3b3dc84ac4723988371b0c8ca5c1021c  
2007.0/i586/libqtcore4-4.1.4-12.2mdv2007.0.i586.rpm
 452215c9b6cd44c3fe4a90ce0c9be903  
2007.0/i586/libqtdesigner1-4.1.4-12.2mdv2007.0.i586.rpm
 f8949857c7586325df1d99448a5e64af  
2007.0/i586/libqtgui4-4.1.4-12.2mdv2007.0.i586.rpm
 2d7c2686d61759af02f2f61867e3b543  
2007.0/i586/libqtnetwork4-4.1.4-12.2mdv2007.0.i586.rpm
 2536e814b97db94bbc59e5e3d9bdf3a6  
2007.0/i586/libqtopengl4-4.1.4-12.2mdv2007.0.i586.rpm
 6dfbbf8ff4b10c24a59a4e6fb96dd581  
2007.0/i586/libqtsql4-4.1.4-12.2mdv2007.0.i586.rpm
 7d25c0af73fd8ab1db42ece2d26381a0  
2007.0/i586/libqtsvg4-4.1.4-12.2mdv2007.0.i586.rpm
 4e01c0ea12f75d4ac61f329af33c7d50  
2007.0/i586/libqttest4-4.1.4-12.2mdv2007.0.i586.rpm
 70d0108857206b2cd13d52c48c765446  
2007.0/i586/libqtuitools4-4.1.4-12.2mdv2007.0.i586.rpm
 82ad39ca0fa128a6a34b9705aab1cc3f  
2007.0/i586/libqtxml4-4.1.4-12.2mdv2007.0.i586.rpm
 775be8dafd268b4ff4b57e2fc6cdc0ad  
2007.0/i586/qt4-accessibility-plugin-lib-4.1.4-12.2mdv2007.0.i586.rpm
 f541894c5229c2f41d0a8a3a08676c31  
2007.0/i586/qt4-assistant-4.1.4-12.2mdv2007.0.i586.rpm
 5a135d20afbdfaacbc0e75e3709695fc  
2007.0/i586/qt4-common-4.1.4-12.2mdv2007.0.i586.rpm
 11fcd8ccdccc905d462ead19a641cc68  
2007.0/i586/qt4-database-plugin-mysql-lib-4.1.4-12.2mdv2007.0.i586.rpm
 4a2f5b0b718dc06fe427a4a72f598dbe  
2007.0/i586/qt4-database-plugin-odbc-lib-4.1.4-12.2mdv2007.0.i586.rpm
 609899eab0f4bf81e81e36da6388ea3f  
2007.0/i586/qt4-database-plugin-pgsql-lib-4.1.4-12.2mdv2007.0.i586.rpm
 7bca2e164d9dd353e728e4f08007641f  
2007.0/i586/qt4-database-plugin-sqlite-lib-4.1.4-12.2mdv2007.0.i586.rpm
 efe296e5b144dc2f6bb0f0a4af0ded51  
2007.0/i586/qt4-designer-4.1.4-12.2mdv2007.0.i586.rpm
 28e6ab0e23f15b688cdee854ddeaad07  
2007.0/i586/qt4-doc-4.1.4-12.2mdv2007.0.i586.rpm
 3c928ca99dc461342fb006d66980a71a  
2007.0/i586/qt4-examples-4.1.4-12.2mdv2007.0.i586.rpm
 2391840318fc7cfd8fff04e383e11406  
2007.0/i586/qt4-linguist-4.1.4-12.2mdv2007.0.i586.rpm
 625803653ad2a340c2835bebbed02543  
2007.0/i586/qt4-tutorial-4.1.4-12.2mdv2007.0.i586.rpm 
 6ee0a42b2108f0a8ad736b267a7affea  2007.0/SRPMS/qt4-4.1.4-12.2mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 55dff7e7ccc806011957eb46e5666932  
2007.0/x86_64/lib64qassistant1-4.1.4-12.2mdv2007.0.x86_64.rpm
 8c1bfc2389e3014a5c5c4a37dfd8b788  
2007.0/x86_64/lib64qt3support4-4.1.4-12.2mdv2007.0.x86_64.rpm
 94545bcbd4484ccfc55aa9293df3cf55  
2007.0/x86_64/lib64qt4-devel-4.1.4-12.2mdv2007.0.x86_64.rpm
 7994880bd5ee8b31a9c586669e77d156  
2007.0/x86_64/lib64qtcore4-4.1.4-12.2mdv2007.0.x86_64.rpm
 40593e39f4550446e49893bc8c6f498e  
2007.0/x86_64/lib64qtdesigner1-4.1.4-12.2mdv2007.0.x86_64.rpm
 f4fcbfae9c0f24bfb0621025dd0b09f6  
2007.0/x86_64/lib64qtgui4-4.1.4-12.2mdv2007.0.x86_64.rpm
 1f52ada8165f7bb457fe74b6c35e7630  
2007.0/x86_64/lib64qtnetwork4-4.1.4-12.2mdv2007.0.x86_64.rpm
 31dbb4d98ea1d4a985ed73e6c7b12c92  
2007.0/x86_64/lib64qtopengl4-4.1.4-12.2mdv2007.0.x86_64.rpm
 156a8ae2d401b0cddf12fdffc38f5dc5  
2007.0/x86_64/lib64qtsql4-4.1.4-12.2mdv2007.0.x86_64.rpm
 895ad7e290d98efbd8e83cc1b660b115  
2007.0/x86_64/lib64qtsvg4-4.1.4-12.2mdv2007.0.x86_64.rpm
 ba5e3c4480b44ef1b5af2cf0240c2b01  
2007.0/x86_64/lib64qttest4-4.1.4-12.2mdv2007.0.x86_64.rpm
 d6daaabf97959d85a94890ffc2cbb633  
2007.0/x86_64/lib64qtuitools4-4.1.4-12.2mdv2007.0.x86_64.rpm
 b9102cfeb67eb8033e9006b17e8c7774  
2007.0/x86_64/lib64qtxml4-4.1.4-12.2mdv2007.0.x86_64.rpm
 f1821ce484b6d4eae4f58b501a36ebf6  
2007.0/x86_64/qt4-accessibility-plugin-lib64-4.1.4-12.2mdv2007.0.x86_64.rpm
 ac219d13d2dea0ba591769379f22250d  
2007.0/x86_64/qt4-assistant-4.1.4-12.2mdv2007.0.x86_64.rpm
 35ab73423a4cc16d062e895666464bcc  
2007.0/x86_64/qt4-common-4.1.4-12.2mdv2007.0.x86_64.rpm
 c26ab910886d41510638e2e609c2fccb  
2007.0/x86_64/qt4-database-plugin-mysql-lib64-4.1.4-12.2mdv2007.0.x86_64.rpm
 ffb64edfdd80070661ce99a293eda5be  
2007.0/x86_64/qt4-database-plugin-odbc-lib64-4.1.4-12.2mdv2007.0.x86_64.rpm
 5da413e0ffa00b38b6347325ee3bfb9a  
2007.0/x86_64/qt4-database-plugin-pgsql-lib64-4.1.4-12.2mdv2007.0.x86_64.rpm
 b682ff6f82675464144692d4e6f04ff3  
2007.0/x86_64/qt4-database-plugin-sqlite-lib64-4.1.4-12.2mdv2007.0.x86_64.rpm
 5bec9e7eba4a1ac3621603d6d59304bc  
2007.0/x86_64/qt4-designer-4.1.4-12.2mdv2007.0.x86_64.rpm
 aa12bf92b19fa8f4cb97c9b54bd8237a  
2007.0/x86_64/qt4-doc-4.1.4-12.2mdv2007.0.x86_64.rpm
 41483d26fc809ca92051d3c1bed14721  
2007.0/x86_64/qt4-examples-4.1.4-12.2mdv2007.0.x86_64.rpm
 1cfb20cc55756ffc03502b9a60403617  
2007.0/x86_64/qt4-linguist-4.1.4-12.2mdv2007.0.x86_64.rpm
 7df68fbcccd37f4d8f7a177977bbeea0  
2007.0/x86_64/qt4-tutorial-4.1.4-12.2mdv2007.0.x86_64.rpm 
 6ee0a42b2108f0a8ad736b267a7affea  2007.0/SRPMS/qt4-4.1.4-12.2mdv2007.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGEtatmqjQ0CJFipgRAqW9AKCBKFAYoUVw9qc19+PtDsdfEX2lzwCg9pVI
R+GiNSUm6V0jv58PhAboQfo=
=BcET
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Reply via email to