-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:075 http://www.mandriva.com/security/ _______________________________________________________________________ Package : qt4 Date : April 3, 2007 Affected: 2007.0 _______________________________________________________________________ Problem Description: Andreas Nolden discover a bug in qt4, where the UTF8 decoder does not reject overlong sequences, which can cause "/../" injection or (in the case of konqueror) a "<script>" tag injection. Updated packages have been patched to address this issue. _______________________________________________________________________
References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0242 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: d054529b274819f32fe9326d36a578b8 2007.0/i586/libqassistant1-4.1.4-12.2mdv2007.0.i586.rpm e10a4eca27dadcce177f7680e77d8652 2007.0/i586/libqt3support4-4.1.4-12.2mdv2007.0.i586.rpm 21c777dedde542827124d95c2b01ff82 2007.0/i586/libqt4-devel-4.1.4-12.2mdv2007.0.i586.rpm 3b3dc84ac4723988371b0c8ca5c1021c 2007.0/i586/libqtcore4-4.1.4-12.2mdv2007.0.i586.rpm 452215c9b6cd44c3fe4a90ce0c9be903 2007.0/i586/libqtdesigner1-4.1.4-12.2mdv2007.0.i586.rpm f8949857c7586325df1d99448a5e64af 2007.0/i586/libqtgui4-4.1.4-12.2mdv2007.0.i586.rpm 2d7c2686d61759af02f2f61867e3b543 2007.0/i586/libqtnetwork4-4.1.4-12.2mdv2007.0.i586.rpm 2536e814b97db94bbc59e5e3d9bdf3a6 2007.0/i586/libqtopengl4-4.1.4-12.2mdv2007.0.i586.rpm 6dfbbf8ff4b10c24a59a4e6fb96dd581 2007.0/i586/libqtsql4-4.1.4-12.2mdv2007.0.i586.rpm 7d25c0af73fd8ab1db42ece2d26381a0 2007.0/i586/libqtsvg4-4.1.4-12.2mdv2007.0.i586.rpm 4e01c0ea12f75d4ac61f329af33c7d50 2007.0/i586/libqttest4-4.1.4-12.2mdv2007.0.i586.rpm 70d0108857206b2cd13d52c48c765446 2007.0/i586/libqtuitools4-4.1.4-12.2mdv2007.0.i586.rpm 82ad39ca0fa128a6a34b9705aab1cc3f 2007.0/i586/libqtxml4-4.1.4-12.2mdv2007.0.i586.rpm 775be8dafd268b4ff4b57e2fc6cdc0ad 2007.0/i586/qt4-accessibility-plugin-lib-4.1.4-12.2mdv2007.0.i586.rpm f541894c5229c2f41d0a8a3a08676c31 2007.0/i586/qt4-assistant-4.1.4-12.2mdv2007.0.i586.rpm 5a135d20afbdfaacbc0e75e3709695fc 2007.0/i586/qt4-common-4.1.4-12.2mdv2007.0.i586.rpm 11fcd8ccdccc905d462ead19a641cc68 2007.0/i586/qt4-database-plugin-mysql-lib-4.1.4-12.2mdv2007.0.i586.rpm 4a2f5b0b718dc06fe427a4a72f598dbe 2007.0/i586/qt4-database-plugin-odbc-lib-4.1.4-12.2mdv2007.0.i586.rpm 609899eab0f4bf81e81e36da6388ea3f 2007.0/i586/qt4-database-plugin-pgsql-lib-4.1.4-12.2mdv2007.0.i586.rpm 7bca2e164d9dd353e728e4f08007641f 2007.0/i586/qt4-database-plugin-sqlite-lib-4.1.4-12.2mdv2007.0.i586.rpm efe296e5b144dc2f6bb0f0a4af0ded51 2007.0/i586/qt4-designer-4.1.4-12.2mdv2007.0.i586.rpm 28e6ab0e23f15b688cdee854ddeaad07 2007.0/i586/qt4-doc-4.1.4-12.2mdv2007.0.i586.rpm 3c928ca99dc461342fb006d66980a71a 2007.0/i586/qt4-examples-4.1.4-12.2mdv2007.0.i586.rpm 2391840318fc7cfd8fff04e383e11406 2007.0/i586/qt4-linguist-4.1.4-12.2mdv2007.0.i586.rpm 625803653ad2a340c2835bebbed02543 2007.0/i586/qt4-tutorial-4.1.4-12.2mdv2007.0.i586.rpm 6ee0a42b2108f0a8ad736b267a7affea 2007.0/SRPMS/qt4-4.1.4-12.2mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 55dff7e7ccc806011957eb46e5666932 2007.0/x86_64/lib64qassistant1-4.1.4-12.2mdv2007.0.x86_64.rpm 8c1bfc2389e3014a5c5c4a37dfd8b788 2007.0/x86_64/lib64qt3support4-4.1.4-12.2mdv2007.0.x86_64.rpm 94545bcbd4484ccfc55aa9293df3cf55 2007.0/x86_64/lib64qt4-devel-4.1.4-12.2mdv2007.0.x86_64.rpm 7994880bd5ee8b31a9c586669e77d156 2007.0/x86_64/lib64qtcore4-4.1.4-12.2mdv2007.0.x86_64.rpm 40593e39f4550446e49893bc8c6f498e 2007.0/x86_64/lib64qtdesigner1-4.1.4-12.2mdv2007.0.x86_64.rpm f4fcbfae9c0f24bfb0621025dd0b09f6 2007.0/x86_64/lib64qtgui4-4.1.4-12.2mdv2007.0.x86_64.rpm 1f52ada8165f7bb457fe74b6c35e7630 2007.0/x86_64/lib64qtnetwork4-4.1.4-12.2mdv2007.0.x86_64.rpm 31dbb4d98ea1d4a985ed73e6c7b12c92 2007.0/x86_64/lib64qtopengl4-4.1.4-12.2mdv2007.0.x86_64.rpm 156a8ae2d401b0cddf12fdffc38f5dc5 2007.0/x86_64/lib64qtsql4-4.1.4-12.2mdv2007.0.x86_64.rpm 895ad7e290d98efbd8e83cc1b660b115 2007.0/x86_64/lib64qtsvg4-4.1.4-12.2mdv2007.0.x86_64.rpm ba5e3c4480b44ef1b5af2cf0240c2b01 2007.0/x86_64/lib64qttest4-4.1.4-12.2mdv2007.0.x86_64.rpm d6daaabf97959d85a94890ffc2cbb633 2007.0/x86_64/lib64qtuitools4-4.1.4-12.2mdv2007.0.x86_64.rpm b9102cfeb67eb8033e9006b17e8c7774 2007.0/x86_64/lib64qtxml4-4.1.4-12.2mdv2007.0.x86_64.rpm f1821ce484b6d4eae4f58b501a36ebf6 2007.0/x86_64/qt4-accessibility-plugin-lib64-4.1.4-12.2mdv2007.0.x86_64.rpm ac219d13d2dea0ba591769379f22250d 2007.0/x86_64/qt4-assistant-4.1.4-12.2mdv2007.0.x86_64.rpm 35ab73423a4cc16d062e895666464bcc 2007.0/x86_64/qt4-common-4.1.4-12.2mdv2007.0.x86_64.rpm c26ab910886d41510638e2e609c2fccb 2007.0/x86_64/qt4-database-plugin-mysql-lib64-4.1.4-12.2mdv2007.0.x86_64.rpm ffb64edfdd80070661ce99a293eda5be 2007.0/x86_64/qt4-database-plugin-odbc-lib64-4.1.4-12.2mdv2007.0.x86_64.rpm 5da413e0ffa00b38b6347325ee3bfb9a 2007.0/x86_64/qt4-database-plugin-pgsql-lib64-4.1.4-12.2mdv2007.0.x86_64.rpm b682ff6f82675464144692d4e6f04ff3 2007.0/x86_64/qt4-database-plugin-sqlite-lib64-4.1.4-12.2mdv2007.0.x86_64.rpm 5bec9e7eba4a1ac3621603d6d59304bc 2007.0/x86_64/qt4-designer-4.1.4-12.2mdv2007.0.x86_64.rpm aa12bf92b19fa8f4cb97c9b54bd8237a 2007.0/x86_64/qt4-doc-4.1.4-12.2mdv2007.0.x86_64.rpm 41483d26fc809ca92051d3c1bed14721 2007.0/x86_64/qt4-examples-4.1.4-12.2mdv2007.0.x86_64.rpm 1cfb20cc55756ffc03502b9a60403617 2007.0/x86_64/qt4-linguist-4.1.4-12.2mdv2007.0.x86_64.rpm 7df68fbcccd37f4d8f7a177977bbeea0 2007.0/x86_64/qt4-tutorial-4.1.4-12.2mdv2007.0.x86_64.rpm 6ee0a42b2108f0a8ad736b267a7affea 2007.0/SRPMS/qt4-4.1.4-12.2mdv2007.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGEtatmqjQ0CJFipgRAqW9AKCBKFAYoUVw9qc19+PtDsdfEX2lzwCg9pVI R+GiNSUm6V0jv58PhAboQfo= =BcET -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
