Sicherheit: Cross-Site Scripting in qt3

Lesezeichen hinzufügen

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2007-30
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Original released date: 30 May 2007
Last revised: 30 May 2007

Package: qt3

Summary: Remote attackers to conduct cross-site scripting

More information:
Qt is a complete and well-designed multi-platform object-oriented
framework for developing graphical user interface (GUI) applications using
C++.

The UTF-8 decoder does not reject long UTF-8 sequences as required by the
standard, which allows remote attackers to conduct cross-site scripting
(XSS).

Impact:
These vulnerabilities may allow remote attackers to conduct cross-site
scripting.

Affected Products:
- wizpy
- Turbolinux FUJI
- Turbolinux 10 Server x64 Edition
- Turbolinux 10 Server
- Turbolinux Home
- Turbolinux 10 F...
- Turbolinux 10 Desktop
- Turbolinux Multimedia
- Turbolinux Personal

<wizpy>

Source Packages
Size: MD5

qt3-3.3.4-15.src.rpm
14666626 9063eeac05009088b88c51dd079f7111

Binary Packages
Size: MD5

qt3-3.3.4-15.i386.rpm
5484270 37bbfb37e293059476e4b0270b89f468

<Turbolinux FUJI>

Source Packages
Size: MD5

qt3-3.3.4-15.src.rpm
14666626 8cd492bc6c6ddab7b422e05505e77168

Binary Packages
Size: MD5

qt3-3.3.4-15.i686.rpm
6473161 7d3b4ccd5edd83879be14eb4da7a6d95
qt3-devel-3.3.4-15.i686.rpm
3731720 fad6658678901411d0610888929988fd
qt3-doc-3.3.4-15.i686.rpm
8073294 96bf5ad806b6f0f459144b2b9c83d119
qt3-examples-3.3.4-15.i686.rpm
4005249 87649fdc9af77b407bf9b101b587d81a
qt3-sql-MySQL-3.3.4-15.i686.rpm
32329 25343d46adae98179f66fdffeee94ea9
qt3-sql-ODBC-3.3.4-15.i686.rpm
51265 4e37a8c6dbb5db328af3a42ba35ff5c3
qt3-sql-postgresql-3.3.4-15.i686.rpm
39982 5e2fb1a9aaa160430875a561ecbf9a33
qt3-tools-3.3.4-15.i686.rpm
2120501 4e94276ccffdc69ed7a983a421d7416a

<Turbolinux 10 Server x64 Edition>

Source Packages
Size: MD5

qt3-3.2.3-16.src.rpm
14029902 7b88118a98e049863b1cad36f59f96c9

Binary Packages
Size: MD5

qt3-3.2.3-16.x86_64.rpm
5806091 9eda431f38bd31a7d76c3bd083776645
qt3-devel-3.2.3-16.x86_64.rpm
3088475 646510f33c8a30a19a34ee227eef003d
qt3-tools-3.2.3-16.x86_64.rpm
2047351 1c129b53f957777602ba04e5547fa1a4

<Turbolinux 10 Server>

Source Packages
Size: MD5

qt3-3.2.3-16.src.rpm
14029902 a10e55b47761425a609bc8fe23728dd6

Binary Packages
Size: MD5

qt3-3.2.3-16.i586.rpm
5481646 2e734f70d48deaef927485f17b8bda49
qt3-devel-3.2.3-16.i586.rpm
3021954 0a6f26c773a125dc2f65f8b7ab891acd
qt3-tools-3.2.3-16.i586.rpm
1966388 36b4d6428abb370a13b8d4c4c94d1f5f

<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux
Multimedia, Turbolinux Personal>

Source Packages
Size: MD5

qt3-3.2.3-16.src.rpm
14029902 c37790b9c4dbe9bd28830fea60455c89

Binary Packages
Size: MD5

qt3-3.2.3-16.i586.rpm
5453301 b99a5ee9f9127c059e6cd9516ef72276
qt3-devel-3.2.3-16.i586.rpm
3017176 aea7742bc5a6d9f67993e15350396a6f
qt3-tools-3.2.3-16.i586.rpm
1957569 02c2706e841ac61b82c53d3db78b123d

References:

CVE
[CVE-2007-0242]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0242

--------------------------------------------------------------------------
Revision History
30 May 2007 Initial release
--------------------------------------------------------------------------

Copyright(C) 2007 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGXP8rK0LzjOqIJMwRAuknAJ93p/nuKWIbXhPI9+Y17oGi+6qMHwCfR/S3
UjDxZ9UOngTrQDmg9PI6zfs=
=L2Qp
-----END PGP SIGNATURE-----