| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 03 Apr 2007 19:34:27 -0600 From: security@...driva.com To: full-disclosure@...ts.grok.org.uk Subject: [ MDKSA-2007:074 ] - Updated qt3 packages to address utf8 decoder bug -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:074 http://www.mandriva.com/security/ _______________________________________________________________________ Package : qt3 Date : April 3, 2007 Affected: 2007.0, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: Andreas Nolden discover a bug in qt3, where the UTF8 decoder does not reject overlong sequences, which can cause "/../" injection or (in the case of konqueror) a "<script>" tag injection. Updated packages have been patched to address this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0242 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 197f5fc64a636d344f85172c0f55f935 2007.0/i586/libdesignercore1-3.3.6-18.2mdv2007.0.i586.rpm ef251e2fa4c330d3d7672504a7a17f73 2007.0/i586/libeditor1-3.3.6-18.2mdv2007.0.i586.rpm a76b9f73e574ce0a390e1e74229df3c4 2007.0/i586/libqassistantclient1-3.3.6-18.2mdv2007.0.i586.rpm 3d5b427ad8d017d7d03a45c13646419b 2007.0/i586/libqt3-3.3.6-18.2mdv2007.0.i586.rpm e6f75f8888be833e0697b154d1a4b918 2007.0/i586/libqt3-devel-3.3.6-18.2mdv2007.0.i586.rpm d49d93c7d05f53e43fef24232870aec4 2007.0/i586/libqt3-mysql-3.3.6-18.2mdv2007.0.i586.rpm 639bf499612fac322289774f9373a158 2007.0/i586/libqt3-odbc-3.3.6-18.2mdv2007.0.i586.rpm 1accaf27190fd00824d53cd768f6ee8f 2007.0/i586/libqt3-psql-3.3.6-18.2mdv2007.0.i586.rpm f425d7c6374174f986c7fb18ff01b7af 2007.0/i586/libqt3-sqlite-3.3.6-18.2mdv2007.0.i586.rpm fba973b46021cc942323e46d4f95c281 2007.0/i586/libqt3-static-devel-3.3.6-18.2mdv2007.0.i586.rpm 7224174c9859e3b15a3e2891f0cd3694 2007.0/i586/qt3-common-3.3.6-18.2mdv2007.0.i586.rpm 916288218a8d51a3775b948d511174da 2007.0/i586/qt3-doc-3.3.6-18.2mdv2007.0.i586.rpm c46d421babfbced8d7979c841ec91f48 2007.0/i586/qt3-example-3.3.6-18.2mdv2007.0.i586.rpm 8ccae64a59693d325afdb0a4d97f1e73 2007.0/i586/qt3-tutorial-3.3.6-18.2mdv2007.0.i586.rpm f64eae6906110a4290ca88100ef74712 2007.0/SRPMS/qt3-3.3.6-18.2mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: eb3eacbe6d0683e4387569fa3caf1686 2007.0/x86_64/lib64designercore1-3.3.6-18.2mdv2007.0.x86_64.rpm 1b3065161e948b61456341df7915cdb3 2007.0/x86_64/lib64editor1-3.3.6-18.2mdv2007.0.x86_64.rpm 11ebc8ecca3773f81b840cd697b1b96e 2007.0/x86_64/lib64qassistantclient1-3.3.6-18.2mdv2007.0.x86_64.rpm c96b5b0b91bf0e760ff78acb66b70d18 2007.0/x86_64/lib64qt3-3.3.6-18.2mdv2007.0.x86_64.rpm 40f000b805328cc8af50804b152cb398 2007.0/x86_64/lib64qt3-devel-3.3.6-18.2mdv2007.0.x86_64.rpm 05d21c6c5ea213bde4a7bcca2c4cd512 2007.0/x86_64/lib64qt3-mysql-3.3.6-18.2mdv2007.0.x86_64.rpm cd3c679fae15d9a40b30f1b9ae3a1717 2007.0/x86_64/lib64qt3-odbc-3.3.6-18.2mdv2007.0.x86_64.rpm 9c6a152c53901b1a35689c3960bab2c2 2007.0/x86_64/lib64qt3-psql-3.3.6-18.2mdv2007.0.x86_64.rpm 51272e9551816e1b8073cfd373868755 2007.0/x86_64/lib64qt3-sqlite-3.3.6-18.2mdv2007.0.x86_64.rpm 36f9d43236f59e3e36751cde37f0ced4 2007.0/x86_64/lib64qt3-static-devel-3.3.6-18.2mdv2007.0.x86_64.rpm 0dfca7d8fd4e478c62151fc818192c57 2007.0/x86_64/qt3-common-3.3.6-18.2mdv2007.0.x86_64.rpm aa01d7a29c76f6265d6eaf1e20dd49f2 2007.0/x86_64/qt3-doc-3.3.6-18.2mdv2007.0.x86_64.rpm 541f64cc803b71ee6137079d32e8fc85 2007.0/x86_64/qt3-example-3.3.6-18.2mdv2007.0.x86_64.rpm 7e9e4c0300a85792741472792ea0bc3b 2007.0/x86_64/qt3-tutorial-3.3.6-18.2mdv2007.0.x86_64.rpm f64eae6906110a4290ca88100ef74712 2007.0/SRPMS/qt3-3.3.6-18.2mdv2007.0.src.rpm Corporate 3.0: 385497b479874316819b7771aadfd517 corporate/3.0/i586/libqt3-3.2.3-19.9.C30mdk.i586.rpm ec86943f952baba9a198f9d7d3a4643f corporate/3.0/i586/libqt3-devel-3.2.3-19.9.C30mdk.i586.rpm 112f08b41f4a90ed978627f0f4ab5703 corporate/3.0/i586/libqt3-mysql-3.2.3-19.9.C30mdk.i586.rpm 891d44417f4b7c6e7f0ae45e50ba0a86 corporate/3.0/i586/libqt3-odbc-3.2.3-19.9.C30mdk.i586.rpm c4a7ca3d64bec956b91b565c5c8ca4a2 corporate/3.0/i586/libqt3-psql-3.2.3-19.9.C30mdk.i586.rpm 8e5e52f1244e871d1bc9a03ab8147d15 corporate/3.0/i586/qt3-common-3.2.3-19.9.C30mdk.i586.rpm 0478fd2961884bb04feacdc5eafebd0c corporate/3.0/i586/qt3-example-3.2.3-19.9.C30mdk.i586.rpm 4b2ec406b19c3262bf4c1e8db2ecc6c8 corporate/3.0/SRPMS/qt3-3.2.3-19.9.C30mdk.src.rpm Corporate 3.0/X86_64: 5c42ee1adf475d580538756ffbfd059c corporate/3.0/x86_64/lib64qt3-3.2.3-19.9.C30mdk.x86_64.rpm 2d5ab2a771a1e9316898727f6a5c9df1 corporate/3.0/x86_64/lib64qt3-devel-3.2.3-19.9.C30mdk.x86_64.rpm be6e2782b584731efd4aa865fd8ad6f8 corporate/3.0/x86_64/lib64qt3-mysql-3.2.3-19.9.C30mdk.x86_64.rpm b1bff94156c99995644e44d3960a5717 corporate/3.0/x86_64/lib64qt3-odbc-3.2.3-19.9.C30mdk.x86_64.rpm c7da167bd487a91d044117a6ed47058d corporate/3.0/x86_64/lib64qt3-psql-3.2.3-19.9.C30mdk.x86_64.rpm 9a291392dec84fc1c347d1bf639b5898 corporate/3.0/x86_64/qt3-common-3.2.3-19.9.C30mdk.x86_64.rpm 49c0f39ca241aef711245659a8315793 corporate/3.0/x86_64/qt3-example-3.2.3-19.9.C30mdk.x86_64.rpm 4b2ec406b19c3262bf4c1e8db2ecc6c8 corporate/3.0/SRPMS/qt3-3.2.3-19.9.C30mdk.src.rpm Corporate 4.0: e71b376d4cb00cee69e5e177eb8bb5f8 corporate/4.0/i586/libdesignercore1-3.3.6-1.3.20060mlcs4.i586.rpm 3906d6c14aecc1c4add098573e979209 corporate/4.0/i586/libeditor1-3.3.6-1.3.20060mlcs4.i586.rpm 171b113aa4d6cb1186e6f3ab791e4027 corporate/4.0/i586/libqassistantclient1-3.3.6-1.3.20060mlcs4.i586.rpm 73b13cf4c392d9991f4233cc804ce58e corporate/4.0/i586/libqt3-3.3.6-1.3.20060mlcs4.i586.rpm 428fb954a60aebb7ee3d9eba0ee3ec77 corporate/4.0/i586/libqt3-devel-3.3.6-1.3.20060mlcs4.i586.rpm 3eaffdf80cf7bc128fdb9e72d30447ee corporate/4.0/i586/libqt3-mysql-3.3.6-1.3.20060mlcs4.i586.rpm e6af7348543bc4d84cbf6635b6dd1144 corporate/4.0/i586/libqt3-odbc-3.3.6-1.3.20060mlcs4.i586.rpm 88bbf9422caec8f47ab4ad9bf0dd9e87 corporate/4.0/i586/libqt3-psql-3.3.6-1.3.20060mlcs4.i586.rpm 61b64f8a1ae275846aa0dbfeaf44dff6 corporate/4.0/i586/libqt3-sqlite-3.3.6-1.3.20060mlcs4.i586.rpm 5e273f02a926b18732380833307098e7 corporate/4.0/i586/libqt3-static-devel-3.3.6-1.3.20060mlcs4.i586.rpm 38cce79aff5de8631506239fae00e5a9 corporate/4.0/i586/qt3-common-3.3.6-1.3.20060mlcs4.i586.rpm 54c2def9ac0a35a17d52f6544dcf6733 corporate/4.0/i586/qt3-doc-3.3.6-1.3.20060mlcs4.i586.rpm e056ee06b4975d808a6b668c0805adc8 corporate/4.0/i586/qt3-example-3.3.6-1.3.20060mlcs4.i586.rpm ba13fa84c2d06e27eca084d207288c54 corporate/4.0/i586/qt3-tutorial-3.3.6-1.3.20060mlcs4.i586.rpm 05f2ce00370a020469aa9c77cc976485 corporate/4.0/SRPMS/qt3-3.3.6-1.3.20060mlcs4.src.rpm Corporate 4.0/X86_64: e66b2615eb399e5a5cd280c8c8571b5d corporate/4.0/x86_64/lib64designercore1-3.3.6-1.3.20060mlcs4.x86_64.rpm 7bddeddb4e2efdc4ede067c6b00909f1 corporate/4.0/x86_64/lib64editor1-3.3.6-1.3.20060mlcs4.x86_64.rpm 6e2a4cfe8cd56271dc02d22c25a3e4a0 corporate/4.0/x86_64/lib64qassistantclient1-3.3.6-1.3.20060mlcs4.x86_64.rpm 007a7af0dc66397f2bf132483f776947 corporate/4.0/x86_64/lib64qt3-3.3.6-1.3.20060mlcs4.x86_64.rpm f2db6adf0959c05a14d2fdd555c92b45 corporate/4.0/x86_64/lib64qt3-devel-3.3.6-1.3.20060mlcs4.x86_64.rpm bc0bc0ffd61b4ebab95ee8a22a413b33 corporate/4.0/x86_64/lib64qt3-mysql-3.3.6-1.3.20060mlcs4.x86_64.rpm 763345553d8ae492e9221a1d3721baee corporate/4.0/x86_64/lib64qt3-odbc-3.3.6-1.3.20060mlcs4.x86_64.rpm be194485364299a3ed3c32d6a3ba2508 corporate/4.0/x86_64/lib64qt3-psql-3.3.6-1.3.20060mlcs4.x86_64.rpm 1b07f8aba0106767a6d9c3bc3221d98d corporate/4.0/x86_64/lib64qt3-sqlite-3.3.6-1.3.20060mlcs4.x86_64.rpm 76ddcafb875e75fb452f063284a43ae4 corporate/4.0/x86_64/lib64qt3-static-devel-3.3.6-1.3.20060mlcs4.x86_64.rpm 356f14104ee86a9b210c74afe0b118b7 corporate/4.0/x86_64/qt3-common-3.3.6-1.3.20060mlcs4.x86_64.rpm 6354893ce7173d96d576bc0546daecca corporate/4.0/x86_64/qt3-doc-3.3.6-1.3.20060mlcs4.x86_64.rpm 9b02a16dbff2b85736b7280495ac78eb corporate/4.0/x86_64/qt3-example-3.3.6-1.3.20060mlcs4.x86_64.rpm 103ce9708965fdfbcddd6c33caf383df corporate/4.0/x86_64/qt3-tutorial-3.3.6-1.3.20060mlcs4.x86_64.rpm 05f2ce00370a020469aa9c77cc976485 corporate/4.0/SRPMS/qt3-3.3.6-1.3.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGEtZhmqjQ0CJFipgRAkO7AJ4kVAUk9mSGwasGtZloaWDYd2Ge7wCgi2n7 lg3qQ1gjNo5R1ziZQNpcxW4= =8Cuq -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists