Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Mehrere Probleme in Qt
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Qt
ID: FEDORA-2015-6573
Distribution: Fedora
Plattformen: Fedora 20
Datum: Sa, 2. Mai 2015, 10:46
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1858
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1859
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1860

Originalnachricht

Name        : qt3
Product : Fedora 20
Version : 3.3.8b
Release : 63.fc20
URL : http://www.troll.no
Summary : The shared library for the Qt 3 GUI toolkit
Description :
Qt is a GUI software toolkit which simplifies the task of writing and
maintaining GUI (Graphical User Interface) applications
for the X Window System.

Qt is written in C++ and is fully object-oriented.

This package contains the shared library needed to run Qt 3
applications, as well as the README files for Qt 3.

-------------------------------------------------------------------------------
-
Update Information:

This update fixes CVE-2015-1860, a buffer overflow when loading some specific
invalid GIF image files, which could be exploited for denial of service (application crash) and possibly even arbitrary code execution attacks. The security patch is backported from Qt 4.

(Please note that Qt 3 is NOT vulnerable to the simultaneously published issues
CVE-2015-1858 and CVE-2015-1859.)
-------------------------------------------------------------------------------
-
ChangeLog:

* Tue Apr 21 2015 Kevin Kofler <Kevin@tigcc.ticalc.org> - 3.3.8b-63
- backport CVE-2015-1860 (GIF handler buffer overflow, #1210675) fix from Qt 4
* Sat Feb 28 2015 Kevin Kofler <Kevin@tigcc.ticalc.org> - 3.3.8b-62
- backport CVE-2015-0295 (BMP image handler DoS, #1197275) fix from Qt 4
* Fri Feb 27 2015 Rex Dieter <rdieter@fedoraproject.org> 3.3.8b-61
- rebuild (gcc5)
* Sun Aug 17 2014 Fedora Release Engineering
<rel-eng@lists.fedoraproject.org> - 3.3.8b-60
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sun Jun 8 2014 Fedora Release Engineering
<rel-eng@lists.fedoraproject.org> - 3.3.8b-59
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Thu May 29 2014 Kevin Kofler <Kevin@tigcc.ticalc.org> - 3.3.8b-58
- backport CVE-2014-0190 (GIF image handler DoS, QTBUG-38367) fix from Qt 4
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1210675 - CVE-2015-1860 qt: segmentation fault in qgifhandler.cpp
https://bugzilla.redhat.com/show_bug.cgi?id=1210675
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update qt3' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung