[Security Announce] [ MDKSA-2007:074 ] - Updated qt3 packages to address utf8 decoder bug
Posted on: 04/04/2007 04:50 AM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:074
http://www.mandriva.com/security/
_______________________________________________________________________

Package : qt3
Date : April 3, 2007
Affected: 2007.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

Andreas Nolden discover a bug in qt3, where the UTF8 decoder does
not reject overlong sequences, which can cause "/../" injection or
(in the case of konqueror) a "lt;scriptgt;" tag injection.

Updated packages have been patched to address this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0242
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
197f5fc64a636d344f85172c0f55f935 2007.0/i586/libdesignercore1-3.3.6-18.2mdv2007.0.i586.rpm
ef251e2fa4c330d3d7672504a7a17f73 2007.0/i586/libeditor1-3.3.6-18.2mdv2007.0.i586.rpm
a76b9f73e574ce0a390e1e74229df3c4 2007.0/i586/libqassistantclient1-3.3.6-18.2mdv2007.0.i586.rpm
3d5b427ad8d017d7d03a45c13646419b 2007.0/i586/libqt3-3.3.6-18.2mdv2007.0.i586.rpm
e6f75f8888be833e0697b154d1a4b918 2007.0/i586/libqt3-devel-3.3.6-18.2mdv2007.0.i586.rpm
d49d93c7d05f53e43fef24232870aec4 2007.0/i586/libqt3-mysql-3.3.6-18.2mdv2007.0.i586.rpm
639bf499612fac322289774f9373a158 2007.0/i586/libqt3-odbc-3.3.6-18.2mdv2007.0.i586.rpm
1accaf27190fd00824d53cd768f6ee8f 2007.0/i586/libqt3-psql-3.3.6-18.2mdv2007.0.i586.rpm
f425d7c6374174f986c7fb18ff01b7af 2007.0/i586/libqt3-sqlite-3.3.6-18.2mdv2007.0.i586.rpm
fba973b46021cc942323e46d4f95c281 2007.0/i586/libqt3-static-devel-3.3.6-18.2mdv2007.0.i586.rpm
7224174c9859e3b15a3e2891f0cd3694 2007.0/i586/qt3-common-3.3.6-18.2mdv2007.0.i586.rpm
916288218a8d51a3775b948d511174da 2007.0/i586/qt3-doc-3.3.6-18.2mdv2007.0.i586.rpm
c46d421babfbced8d7979c841ec91f48 2007.0/i586/qt3-example-3.3.6-18.2mdv2007.0.i586.rpm
8ccae64a59693d325afdb0a4d97f1e73 2007.0/i586/qt3-tutorial-3.3.6-18.2mdv2007.0.i586.rpm
f64eae6906110a4290ca88100ef74712 2007.0/SRPMS/qt3-3.3.6-18.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
eb3eacbe6d0683e4387569fa3caf1686 2007.0/x86_64/lib64designercore1-3.3.6-18.2mdv2007.0.x86_64.rpm
1b3065161e948b61456341df7915cdb3 2007.0/x86_64/lib64editor1-3.3.6-18.2mdv2007.0.x86_64.rpm
11ebc8ecca3773f81b840cd697b1b96e 2007.0/x86_64/lib64qassistantclient1-3.3.6-18.2mdv2007.0.x86_64.rpm
c96b5b0b91bf0e760ff78acb66b70d18 2007.0/x86_64/lib64qt3-3.3.6-18.2mdv2007.0.x86_64.rpm
40f000b805328cc8af50804b152cb398 2007.0/x86_64/lib64qt3-devel-3.3.6-18.2mdv2007.0.x86_64.rpm
05d21c6c5ea213bde4a7bcca2c4cd512 2007.0/x86_64/lib64qt3-mysql-3.3.6-18.2mdv2007.0.x86_64.rpm
cd3c679fae15d9a40b30f1b9ae3a1717 2007.0/x86_64/lib64qt3-odbc-3.3.6-18.2mdv2007.0.x86_64.rpm
9c6a152c53901b1a35689c3960bab2c2 2007.0/x86_64/lib64qt3-psql-3.3.6-18.2mdv2007.0.x86_64.rpm
51272e9551816e1b8073cfd373868755 2007.0/x86_64/lib64qt3-sqlite-3.3.6-18.2mdv2007.0.x86_64.rpm
36f9d43236f59e3e36751cde37f0ced4 2007.0/x86_64/lib64qt3-static-devel-3.3.6-18.2mdv2007.0.x86_64.rpm
0dfca7d8fd4e478c62151fc818192c57 2007.0/x86_64/qt3-common-3.3.6-18.2mdv2007.0.x86_64.rpm
aa01d7a29c76f6265d6eaf1e20dd49f2 2007.0/x86_64/qt3-doc-3.3.6-18.2mdv2007.0.x86_64.rpm
541f64cc803b71ee6137079d32e8fc85 2007.0/x86_64/qt3-example-3.3.6-18.2mdv2007.0.x86_64.rpm
7e9e4c0300a85792741472792ea0bc3b 2007.0/x86_64/qt3-tutorial-3.3.6-18.2mdv2007.0.x86_64.rpm
f64eae6906110a4290ca88100ef74712 2007.0/SRPMS/qt3-3.3.6-18.2mdv2007.0.src.rpm

Corporate 3.0:
385497b479874316819b7771aadfd517 corporate/3.0/i586/libqt3-3.2.3-19.9.C30mdk.i586.rpm
ec86943f952baba9a198f9d7d3a4643f corporate/3.0/i586/libqt3-devel-3.2.3-19.9.C30mdk.i586.rpm
112f08b41f4a90ed978627f0f4ab5703 corporate/3.0/i586/libqt3-mysql-3.2.3-19.9.C30mdk.i586.rpm
891d44417f4b7c6e7f0ae45e50ba0a86 corporate/3.0/i586/libqt3-odbc-3.2.3-19.9.C30mdk.i586.rpm
c4a7ca3d64bec956b91b565c5c8ca4a2 corporate/3.0/i586/libqt3-psql-3.2.3-19.9.C30mdk.i586.rpm
8e5e52f1244e871d1bc9a03ab8147d15 corporate/3.0/i586/qt3-common-3.2.3-19.9.C30mdk.i586.rpm
0478fd2961884bb04feacdc5eafebd0c corporate/3.0/i586/qt3-example-3.2.3-19.9.C30mdk.i586.rpm
4b2ec406b19c3262bf4c1e8db2ecc6c8 corporate/3.0/SRPMS/qt3-3.2.3-19.9.C30mdk.src.rpm

Corporate 3.0/X86_64:
5c42ee1adf475d580538756ffbfd059c corporate/3.0/x86_64/lib64qt3-3.2.3-19.9.C30mdk.x86_64.rpm
2d5ab2a771a1e9316898727f6a5c9df1 corporate/3.0/x86_64/lib64qt3-devel-3.2.3-19.9.C30mdk.x86_64.rpm
be6e2782b584731efd4aa865fd8ad6f8 corporate/3.0/x86_64/lib64qt3-mysql-3.2.3-19.9.C30mdk.x86_64.rpm
b1bff94156c99995644e44d3960a5717 corporate/3.0/x86_64/lib64qt3-odbc-3.2.3-19.9.C30mdk.x86_64.rpm
c7da167bd487a91d044117a6ed47058d corporate/3.0/x86_64/lib64qt3-psql-3.2.3-19.9.C30mdk.x86_64.rpm
9a291392dec84fc1c347d1bf639b5898 corporate/3.0/x86_64/qt3-common-3.2.3-19.9.C30mdk.x86_64.rpm
49c0f39ca241aef711245659a8315793 corporate/3.0/x86_64/qt3-example-3.2.3-19.9.C30mdk.x86_64.rpm
4b2ec406b19c3262bf4c1e8db2ecc6c8 corporate/3.0/SRPMS/qt3-3.2.3-19.9.C30mdk.src.rpm

Corporate 4.0:
e71b376d4cb00cee69e5e177eb8bb5f8 corporate/4.0/i586/libdesignercore1-3.3.6-1.3.20060mlcs4.i586.rpm
3906d6c14aecc1c4add098573e979209 corporate/4.0/i586/libeditor1-3.3.6-1.3.20060mlcs4.i586.rpm
171b113aa4d6cb1186e6f3ab791e4027 corporate/4.0/i586/libqassistantclient1-3.3.6-1.3.20060mlcs4.i586.rpm
73b13cf4c392d9991f4233cc804ce58e corporate/4.0/i586/libqt3-3.3.6-1.3.20060mlcs4.i586.rpm
428fb954a60aebb7ee3d9eba0ee3ec77 corporate/4.0/i586/libqt3-devel-3.3.6-1.3.20060mlcs4.i586.rpm
3eaffdf80cf7bc128fdb9e72d30447ee corporate/4.0/i586/libqt3-mysql-3.3.6-1.3.20060mlcs4.i586.rpm
e6af7348543bc4d84cbf6635b6dd1144 corporate/4.0/i586/libqt3-odbc-3.3.6-1.3.20060mlcs4.i586.rpm
88bbf9422caec8f47ab4ad9bf0dd9e87 corporate/4.0/i586/libqt3-psql-3.3.6-1.3.20060mlcs4.i586.rpm
61b64f8a1ae275846aa0dbfeaf44dff6 corporate/4.0/i586/libqt3-sqlite-3.3.6-1.3.20060mlcs4.i586.rpm
5e273f02a926b18732380833307098e7 corporate/4.0/i586/libqt3-static-devel-3.3.6-1.3.20060mlcs4.i586.rpm
38cce79aff5de8631506239fae00e5a9 corporate/4.0/i586/qt3-common-3.3.6-1.3.20060mlcs4.i586.rpm
54c2def9ac0a35a17d52f6544dcf6733 corporate/4.0/i586/qt3-doc-3.3.6-1.3.20060mlcs4.i586.rpm
e056ee06b4975d808a6b668c0805adc8 corporate/4.0/i586/qt3-example-3.3.6-1.3.20060mlcs4.i586.rpm
ba13fa84c2d06e27eca084d207288c54 corporate/4.0/i586/qt3-tutorial-3.3.6-1.3.20060mlcs4.i586.rpm
05f2ce00370a020469aa9c77cc976485 corporate/4.0/SRPMS/qt3-3.3.6-1.3.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
e66b2615eb399e5a5cd280c8c8571b5d corporate/4.0/x86_64/lib64designercore1-3.3.6-1.3.20060mlcs4.x86_64.rpm
7bddeddb4e2efdc4ede067c6b00909f1 corporate/4.0/x86_64/lib64editor1-3.3.6-1.3.20060mlcs4.x86_64.rpm
6e2a4cfe8cd56271dc02d22c25a3e4a0 corporate/4.0/x86_64/lib64qassistantclient1-3.3.6-1.3.20060mlcs4.x86_64.rpm
007a7af0dc66397f2bf132483f776947 corporate/4.0/x86_64/lib64qt3-3.3.6-1.3.20060mlcs4.x86_64.rpm
f2db6adf0959c05a14d2fdd555c92b45 corporate/4.0/x86_64/lib64qt3-devel-3.3.6-1.3.20060mlcs4.x86_64.rpm
bc0bc0ffd61b4ebab95ee8a22a413b33 corporate/4.0/x86_64/lib64qt3-mysql-3.3.6-1.3.20060mlcs4.x86_64.rpm
763345553d8ae492e9221a1d3721baee corporate/4.0/x86_64/lib64qt3-odbc-3.3.6-1.3.20060mlcs4.x86_64.rpm
be194485364299a3ed3c32d6a3ba2508 corporate/4.0/x86_64/lib64qt3-psql-3.3.6-1.3.20060mlcs4.x86_64.rpm
1b07f8aba0106767a6d9c3bc3221d98d corporate/4.0/x86_64/lib64qt3-sqlite-3.3.6-1.3.20060mlcs4.x86_64.rpm
76ddcafb875e75fb452f063284a43ae4 corporate/4.0/x86_64/lib64qt3-static-devel-3.3.6-1.3.20060mlcs4.x86_64.rpm
356f14104ee86a9b210c74afe0b118b7 corporate/4.0/x86_64/qt3-common-3.3.6-1.3.20060mlcs4.x86_64.rpm
6354893ce7173d96d576bc0546daecca corporate/4.0/x86_64/qt3-doc-3.3.6-1.3.20060mlcs4.x86_64.rpm
9b02a16dbff2b85736b7280495ac78eb corporate/4.0/x86_64/qt3-example-3.3.6-1.3.20060mlcs4.x86_64.rpm
103ce9708965fdfbcddd6c33caf383df corporate/4.0/x86_64/qt3-tutorial-3.3.6-1.3.20060mlcs4.x86_64.rpm
05f2ce00370a020469aa9c77cc976485 corporate/4.0/SRPMS/qt3-3.3.6-1.3.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGEtZhmqjQ0CJFipgRAkO7AJ4kVAUk9mSGwasGtZloaWDYd2Ge7wCgi2n7
lg3qQ1gjNo5R1ziZQNpcxW4=
Œuq
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2007074__updated_qt3_packages_to_address_utf8_decoder_bug.html)