Sicherheit: Pufferüberläufe in qt3

Lesezeichen hinzufügen

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2007-51
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Original released date: 15 Oct 2007
Last revised: 15 Oct 2007

Package: qt3

Summary: Multiple format string vulnerabilities

More information:
Qt is a complete and well-designed multi-platform object-oriented
framework for developing graphical user interface (GUI) applications using
C++.

Remote attackers to execute arbitrary code via format string specifiers in
text used to compose an error message.

Impact:
These vulnerabilities may allow remote attackers to execute arbitrary code
.

Affected Products:

- wizpy
- Turbolinux FUJI
- Turbolinux 10 Server x64 Edition
- Turbolinux 10 Server
- Turbolinux Home
- Turbolinux 10 F...
- Turbolinux 10 Desktop
- Turbolinux Multimedia
- Turbolinux Personal

<wizpy>

Source Packages
Size: MD5

qt3-3.3.4-17.src.rpm
14669346 ddebe970cacc32afab785d267ab2403c

Binary Packages
Size: MD5

qt3-3.3.4-17.i386.rpm
5484453 983f20fbce3b80a40cbd6340ceb62e3a

<Turbolinux FUJI>

Source Packages
Size: MD5

qt3-3.3.4-17.src.rpm
14669346 cbe5a35b4aa22b06f0b8817862443d32

Binary Packages
Size: MD5

qt3-3.3.4-17.i686.rpm
6467181 0388a33fd26cb5c85e8f54eee88bc823
qt3-devel-3.3.4-17.i686.rpm
3730896 f6e22573ce444827367564a6db04282a
qt3-doc-3.3.4-17.i686.rpm
8072628 174aca0a75390eb2747ec21a75d87b25
qt3-examples-3.3.4-17.i686.rpm
4005990 a8914d510bede1ce79dcebc8be717e94
qt3-sql-ODBC-3.3.4-17.i686.rpm
51433 7dae79ee0378df8face0f1c7c7d2f844
qt3-sql-MySQL-3.3.4-17.i686.rpm
32498 cbc85ed7df80cdb5b9b45695217251ae
qt3-sql-postgresql-3.3.4-17.i686.rpm
40144 289504f51cf7ea45e360ce078a13efa7
qt3-tools-3.3.4-17.i686.rpm
2120682 e5e93bc5689340dac806fde7eda6fed6

<Turbolinux 10 Server x64 Edition>

Source Packages
Size: MD5

qt3-3.2.3-18.src.rpm
14032474 64a63e1b52a4ed36dfed4c32db7f2384

Binary Packages
Size: MD5

qt3-3.2.3-18.x86_64.rpm
5805315 3098d0134a622d0fec0eeb002369c360
qt3-devel-3.2.3-18.x86_64.rpm
3088189 2b0424447fbde1e59eb12fb09edff3fd
qt3-tools-3.2.3-18.x86_64.rpm
2048360 93ba7098f267ece9e2a98f0448f1f20b

<Turbolinux 10 Server>

Source Packages
Size: MD5

qt3-3.2.3-18.src.rpm
14032474 7b0d0862485b38cb69059559ff3457a6

Binary Packages
Size: MD5

qt3-3.2.3-18.i586.rpm
5482313 edea39c910925faa1a64e76eaf164ea9
qt3-devel-3.2.3-18.i586.rpm
3022405 758cc01512a2b49cae16f657c0706aae
qt3-tools-3.2.3-18.i586.rpm
1966476 222e5910394e7a917d830c145a2b092b

<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux
Multimedia, Turbolinux Personal>

Source Packages
Size: MD5

qt3-3.2.3-18.src.rpm
14109409 147c53bfd0ac4087f23382c476a45c00

Binary Packages
Size: MD5

qt3-3.2.3-18.i586.rpm
5452603 b691bd185be48de26b9d2f8d52089954
qt3-devel-3.2.3-18.i586.rpm
3017666 3d48d8db8e7c3d173391ddbfcc7ed345
qt3-tools-3.2.3-18.i586.rpm
1957141 dc215210a7826b7431e4eff598a242dc

References:

CVE
[CVE-2007-3388]
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3388
[CVE-2007-4137]
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4137

--------------------------------------------------------------------------
Revision History
15 Oct 2007 Initial release
--------------------------------------------------------------------------

Copyright(C) 2007 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHE0lhK0LzjOqIJMwRAqTOAJ9N5guAF1rA5EMYVmieRoTC2iCghwCeNOV0
dkG5/nyO06TM09Z0cKJElEs=
=JfNx
-----END PGP SIGNATURE-----