Updated qt packages are available for Mandrakelinux
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: qt3
Advisory ID: MDKSA-2004:085
Date: August 18th, 2004
Affected versions: 10.0, 9.2
______________________________________________________________________
Problem Description:
Chris Evans discovered a heap-based overflow in the QT library when handling 8-bit RLE encoded BMP files. This vulnerability could allow for the compromise of the account used to view or browse malicious BMP files. On subsequent investigation, it was also found that the handlers for XPM, GIF, and JPEG image types were also faulty.
These problems affect all applications that use QT to handle image files, such as QT-based image viewers, the Konqueror web browser, and others.
The updated packages have been patched to correct these problems.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0691
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0693
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
21a786e53866b3071faf0c8ea1c8b729 10.0/RPMS/libqt3-3.2.3-19.2.100mdk.i586.rpm
f9a5891b174fc577eb3fc54e56a682d6 10.0/RPMS/libqt3-devel-3.2.3-19.2.100mdk.i586.rpm
564544fb071708fc02e9ab11330368f8 10.0/RPMS/libqt3-mysql-3.2.3-19.2.100mdk.i586.rpm
cf5a7257a4cce067050cde773e312462 10.0/RPMS/libqt3-odbc-3.2.3-19.2.100mdk.i586.rpm
b77aeed4530fc4738c9c12b4af07b075 10.0/RPMS/libqt3-psql-3.2.3-19.2.100mdk.i586.rpm
e2f788f8122f993621593204f99d86de 10.0/RPMS/qt3-common-3.2.3-19.2.100mdk.i586.rpm
694a3cff5aa940e2d7f4dc2c5eefeb16 10.0/RPMS/qt3-example-3.2.3-19.2.100mdk.i586.rpm
9349845dc7b64c0beeed1be6b16267c6 10.0/SRPMS/qt3-3.2.3-19.2.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
ee3473b5e34eb683a3643240c659ffcc amd64/10.0/RPMS/lib64qt3-3.2.3-19.2.100mdk.amd64.rpm
b15b7d5b23125b9d564b92cf93febcdc amd64/10.0/RPMS/lib64qt3-devel-3.2.3-19.2.100mdk.amd64.rpm
1b68d045c0037d08b63a795ac1e53bd7 amd64/10.0/RPMS/lib64qt3-mysql-3.2.3-19.2.100mdk.amd64.rpm
2c442445182e657e54bb74f5d9144654 amd64/10.0/RPMS/lib64qt3-odbc-3.2.3-19.2.100mdk.amd64.rpm
bbd265dad6cff808a4e9ca273ef05611 amd64/10.0/RPMS/lib64qt3-psql-3.2.3-19.2.100mdk.amd64.rpm
60563c190b4da887cd805f714769345e amd64/10.0/RPMS/qt3-common-3.2.3-19.2.100mdk.amd64.rpm
3876d1490ea3dee84ceb2bcedb46aa24 amd64/10.0/RPMS/qt3-example-3.2.3-19.2.100mdk.amd64.rpm
9349845dc7b64c0beeed1be6b16267c6 amd64/10.0/SRPMS/qt3-3.2.3-19.2.100mdk.src.rpm
Mandrakelinux 9.2:
1ad7ba2889f42f3509d5f598fa3ed886 9.2/RPMS/libqt3-3.1.2-15.4.92mdk.i586.rpm
4d24014ae885c403535cbeef08ff7903 9.2/RPMS/libqt3-devel-3.1.2-15.4.92mdk.i586.rpm
d727939706c9ce02da6b6d571f8385ba 9.2/RPMS/libqt3-mysql-3.1.2-15.4.92mdk.i586.rpm
9c375f83090adb8dde8600c1a4efa78c 9.2/RPMS/libqt3-odbc-3.1.2-15.4.92mdk.i586.rpm
5d957b60606594817142e5266eacbefe 9.2/RPMS/libqt3-psql-3.1.2-15.4.92mdk.i586.rpm
62aca38f15c5fb48505ddd9090d34cf5 9.2/RPMS/qt3-common-3.1.2-15.4.92mdk.i586.rpm
13f5e3b7863e05c37cdf2a696aac870f 9.2/RPMS/qt3-example-3.1.2-15.4.92mdk.i586.rpm
94edf3bf024e2fd75009a81101ec594b 9.2/SRPMS/qt3-3.1.2-15.4.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
94a17b47ecffd42bce0adac5d84e47ad amd64/9.2/RPMS/lib64qt3-3.1.2-15.4.92mdk.amd64.rpm
c16857f3695c52ddc9b8128200d459f4 amd64/9.2/RPMS/lib64qt3-devel-3.1.2-15.4.92mdk.amd64.rpm
48f7ddd93ca67c1abe158d07fb45633d amd64/9.2/RPMS/lib64qt3-mysql-3.1.2-15.4.92mdk.amd64.rpm
068ae44a1df137a5c03f34ee0a708a58 amd64/9.2/RPMS/lib64qt3-odbc-3.1.2-15.4.92mdk.amd64.rpm
028ab20a009637885e78542c9724a027 amd64/9.2/RPMS/lib64qt3-psql-3.1.2-15.4.92mdk.amd64.rpm
2827dfd029093b8c2564d23750642c1d amd64/9.2/RPMS/qt3-common-3.1.2-15.4.92mdk.amd64.rpm
9b360daab6dfc57a15d6ad0e6dff8f35 amd64/9.2/RPMS/qt3-example-3.1.2-15.4.92mdk.amd64.rpm
94edf3bf024e2fd75009a81101ec594b amd64/9.2/SRPMS/qt3-3.1.2-15.4.92mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: qt3
Advisory ID: MDKSA-2004:085
Date: August 18th, 2004
Affected versions: 10.0, 9.2
______________________________________________________________________
Problem Description:
Chris Evans discovered a heap-based overflow in the QT library when handling 8-bit RLE encoded BMP files. This vulnerability could allow for the compromise of the account used to view or browse malicious BMP files. On subsequent investigation, it was also found that the handlers for XPM, GIF, and JPEG image types were also faulty.
These problems affect all applications that use QT to handle image files, such as QT-based image viewers, the Konqueror web browser, and others.
The updated packages have been patched to correct these problems.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0691
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0693
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
21a786e53866b3071faf0c8ea1c8b729 10.0/RPMS/libqt3-3.2.3-19.2.100mdk.i586.rpm
f9a5891b174fc577eb3fc54e56a682d6 10.0/RPMS/libqt3-devel-3.2.3-19.2.100mdk.i586.rpm
564544fb071708fc02e9ab11330368f8 10.0/RPMS/libqt3-mysql-3.2.3-19.2.100mdk.i586.rpm
cf5a7257a4cce067050cde773e312462 10.0/RPMS/libqt3-odbc-3.2.3-19.2.100mdk.i586.rpm
b77aeed4530fc4738c9c12b4af07b075 10.0/RPMS/libqt3-psql-3.2.3-19.2.100mdk.i586.rpm
e2f788f8122f993621593204f99d86de 10.0/RPMS/qt3-common-3.2.3-19.2.100mdk.i586.rpm
694a3cff5aa940e2d7f4dc2c5eefeb16 10.0/RPMS/qt3-example-3.2.3-19.2.100mdk.i586.rpm
9349845dc7b64c0beeed1be6b16267c6 10.0/SRPMS/qt3-3.2.3-19.2.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
ee3473b5e34eb683a3643240c659ffcc amd64/10.0/RPMS/lib64qt3-3.2.3-19.2.100mdk.amd64.rpm
b15b7d5b23125b9d564b92cf93febcdc amd64/10.0/RPMS/lib64qt3-devel-3.2.3-19.2.100mdk.amd64.rpm
1b68d045c0037d08b63a795ac1e53bd7 amd64/10.0/RPMS/lib64qt3-mysql-3.2.3-19.2.100mdk.amd64.rpm
2c442445182e657e54bb74f5d9144654 amd64/10.0/RPMS/lib64qt3-odbc-3.2.3-19.2.100mdk.amd64.rpm
bbd265dad6cff808a4e9ca273ef05611 amd64/10.0/RPMS/lib64qt3-psql-3.2.3-19.2.100mdk.amd64.rpm
60563c190b4da887cd805f714769345e amd64/10.0/RPMS/qt3-common-3.2.3-19.2.100mdk.amd64.rpm
3876d1490ea3dee84ceb2bcedb46aa24 amd64/10.0/RPMS/qt3-example-3.2.3-19.2.100mdk.amd64.rpm
9349845dc7b64c0beeed1be6b16267c6 amd64/10.0/SRPMS/qt3-3.2.3-19.2.100mdk.src.rpm
Mandrakelinux 9.2:
1ad7ba2889f42f3509d5f598fa3ed886 9.2/RPMS/libqt3-3.1.2-15.4.92mdk.i586.rpm
4d24014ae885c403535cbeef08ff7903 9.2/RPMS/libqt3-devel-3.1.2-15.4.92mdk.i586.rpm
d727939706c9ce02da6b6d571f8385ba 9.2/RPMS/libqt3-mysql-3.1.2-15.4.92mdk.i586.rpm
9c375f83090adb8dde8600c1a4efa78c 9.2/RPMS/libqt3-odbc-3.1.2-15.4.92mdk.i586.rpm
5d957b60606594817142e5266eacbefe 9.2/RPMS/libqt3-psql-3.1.2-15.4.92mdk.i586.rpm
62aca38f15c5fb48505ddd9090d34cf5 9.2/RPMS/qt3-common-3.1.2-15.4.92mdk.i586.rpm
13f5e3b7863e05c37cdf2a696aac870f 9.2/RPMS/qt3-example-3.1.2-15.4.92mdk.i586.rpm
94edf3bf024e2fd75009a81101ec594b 9.2/SRPMS/qt3-3.1.2-15.4.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
94a17b47ecffd42bce0adac5d84e47ad amd64/9.2/RPMS/lib64qt3-3.1.2-15.4.92mdk.amd64.rpm
c16857f3695c52ddc9b8128200d459f4 amd64/9.2/RPMS/lib64qt3-devel-3.1.2-15.4.92mdk.amd64.rpm
48f7ddd93ca67c1abe158d07fb45633d amd64/9.2/RPMS/lib64qt3-mysql-3.1.2-15.4.92mdk.amd64.rpm
068ae44a1df137a5c03f34ee0a708a58 amd64/9.2/RPMS/lib64qt3-odbc-3.1.2-15.4.92mdk.amd64.rpm
028ab20a009637885e78542c9724a027 amd64/9.2/RPMS/lib64qt3-psql-3.1.2-15.4.92mdk.amd64.rpm
2827dfd029093b8c2564d23750642c1d amd64/9.2/RPMS/qt3-common-3.1.2-15.4.92mdk.amd64.rpm
9b360daab6dfc57a15d6ad0e6dff8f35 amd64/9.2/RPMS/qt3-example-3.1.2-15.4.92mdk.amd64.rpm
94edf3bf024e2fd75009a81101ec594b amd64/9.2/SRPMS/qt3-3.1.2-15.4.92mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
