Jump to content

updated qt3 packages fix multiple vulnerabilities

mystified

By mystified
in Mandriva Security Advisories

 Share

Recommended Posts

mystified Platinum

mystified

Posted
Posted

Mandrakesoft Security Advisories

 

Package name qt3

Date August 18th, 2004

Advisory ID MDKSA-2004:085

Affected versions 9.2, 10.0

Synopsis Updated qt3 packages fix multiple vulnerabilities

 

 

Problem Description

 

Chris Evans discovered a heap-based overflow in the QT library when handling 8-bit RLE encoded BMP files. This vulnerability could allow for the compromise of the account used to view or browse malicious BMP files. On subsequent investigation, it was also found that the handlers for XPM, GIF, and JPEG image types were also faulty.

 

These problems affect all applications that use QT to handle image files, such as QT-based image viewers, the Konqueror web browser, and others.

 

The updated packages have been patched to correct these problems.

 

 

Updated Packages

 

 

Mandrakelinux 9.2

 

1ad7ba2889f42f3509d5f598fa3ed886 9.2/RPMS/libqt3-3.1.2-15.4.92mdk.i586.rpm

4d24014ae885c403535cbeef08ff7903 9.2/RPMS/libqt3-devel-3.1.2-15.4.92mdk.i586.rpm

d727939706c9ce02da6b6d571f8385ba 9.2/RPMS/libqt3-mysql-3.1.2-15.4.92mdk.i586.rpm

9c375f83090adb8dde8600c1a4efa78c 9.2/RPMS/libqt3-odbc-3.1.2-15.4.92mdk.i586.rpm

5d957b60606594817142e5266eacbefe 9.2/RPMS/libqt3-psql-3.1.2-15.4.92mdk.i586.rpm

62aca38f15c5fb48505ddd9090d34cf5 9.2/RPMS/qt3-common-3.1.2-15.4.92mdk.i586.rpm

13f5e3b7863e05c37cdf2a696aac870f 9.2/RPMS/qt3-example-3.1.2-15.4.92mdk.i586.rpm

94edf3bf024e2fd75009a81101ec594b 9.2/SRPMS/qt3-3.1.2-15.4.92mdk.src.rpm

 

Mandrakelinux 9.2/AMD64

 

94a17b47ecffd42bce0adac5d84e47ad amd64/9.2/RPMS/lib64qt3-3.1.2-15.4.92mdk.amd64.rpm

c16857f3695c52ddc9b8128200d459f4 amd64/9.2/RPMS/lib64qt3-devel-3.1.2-15.4.92mdk.amd64.rpm

48f7ddd93ca67c1abe158d07fb45633d amd64/9.2/RPMS/lib64qt3-mysql-3.1.2-15.4.92mdk.amd64.rpm

068ae44a1df137a5c03f34ee0a708a58 amd64/9.2/RPMS/lib64qt3-odbc-3.1.2-15.4.92mdk.amd64.rpm

028ab20a009637885e78542c9724a027 amd64/9.2/RPMS/lib64qt3-psql-3.1.2-15.4.92mdk.amd64.rpm

2827dfd029093b8c2564d23750642c1d amd64/9.2/RPMS/qt3-common-3.1.2-15.4.92mdk.amd64.rpm

9b360daab6dfc57a15d6ad0e6dff8f35 amd64/9.2/RPMS/qt3-example-3.1.2-15.4.92mdk.amd64.rpm

94edf3bf024e2fd75009a81101ec594b amd64/9.2/SRPMS/qt3-3.1.2-15.4.92mdk.src.rpm

 

Mandrakelinux 10.0

 

21a786e53866b3071faf0c8ea1c8b729 10.0/RPMS/libqt3-3.2.3-19.2.100mdk.i586.rpm

f9a5891b174fc577eb3fc54e56a682d6 10.0/RPMS/libqt3-devel-3.2.3-19.2.100mdk.i586.rpm

564544fb071708fc02e9ab11330368f8 10.0/RPMS/libqt3-mysql-3.2.3-19.2.100mdk.i586.rpm

cf5a7257a4cce067050cde773e312462 10.0/RPMS/libqt3-odbc-3.2.3-19.2.100mdk.i586.rpm

b77aeed4530fc4738c9c12b4af07b075 10.0/RPMS/libqt3-psql-3.2.3-19.2.100mdk.i586.rpm

e2f788f8122f993621593204f99d86de 10.0/RPMS/qt3-common-3.2.3-19.2.100mdk.i586.rpm

694a3cff5aa940e2d7f4dc2c5eefeb16 10.0/RPMS/qt3-example-3.2.3-19.2.100mdk.i586.rpm

9349845dc7b64c0beeed1be6b16267c6 10.0/SRPMS/qt3-3.2.3-19.2.100mdk.src.rpm

 

Mandrakelinux 10.0/AMD64

 

ee3473b5e34eb683a3643240c659ffcc amd64/10.0/RPMS/lib64qt3-3.2.3-19.2.100mdk.amd64.rpm

b15b7d5b23125b9d564b92cf93febcdc amd64/10.0/RPMS/lib64qt3-devel-3.2.3-19.2.100mdk.amd64.rpm

1b68d045c0037d08b63a795ac1e53bd7 amd64/10.0/RPMS/lib64qt3-mysql-3.2.3-19.2.100mdk.amd64.rpm

2c442445182e657e54bb74f5d9144654 amd64/10.0/RPMS/lib64qt3-odbc-3.2.3-19.2.100mdk.amd64.rpm

bbd265dad6cff808a4e9ca273ef05611 amd64/10.0/RPMS/lib64qt3-psql-3.2.3-19.2.100mdk.amd64.rpm

60563c190b4da887cd805f714769345e amd64/10.0/RPMS/qt3-common-3.2.3-19.2.100mdk.amd64.rpm

3876d1490ea3dee84ceb2bcedb46aa24 amd64/10.0/RPMS/qt3-example-3.2.3-19.2.100mdk.amd64.rpm

9349845dc7b64c0beeed1be6b16267c6 amd64/10.0/SRPMS/qt3-3.2.3-19.2.100mdk.src.rpm

 

References

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0691

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0692

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0693

 

 

Upgrade

 

 

To upgrade automatically, use MandrakeUpdate.

 

Verification

 

 

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command:

 

rpm --checksig package.rpm

 

 

You can get the GPG public key of the Mandrakelinux Security Team to verify the GPG signature of each RPM.

 

If you use MandrakeUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...