Sicherheit: Mehrere Probleme in Qt

Lesezeichen hinzufügen

--===============6513887747046562177==
Content-Type: multipart/signed; micalg="pgp-sha512";
protocol="application/pgp-signature";
boundary="=-r0x2WnZUIAN0/IJOgfXU"

--=-r0x2WnZUIAN0/IJOgfXU
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1504-1
July 11, 2012

qt4-x11 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.04
- Ubuntu 10.04 LTS

Summary:

Qt Applications could be made to crash or run programs as your login if
they opened specially crafted files.

Software Description:
- qt4-x11: transitional package for Qt 4 assistant module

Details:

It was discovered that Qt did not properly handle wildcard domain names or
IP addresses in the Common Name field of X.509 certificates. An attacker
could exploit this to perform a man in the middle attack to view sensitive
information or alter encrypted communications. This issue only affected
Ubuntu 10.04 LTS. (CVE-2010-5076)

A heap-based buffer overflow was discovered in the HarfBuzz module. If a
user were tricked into opening a crafted font file in a Qt application,
an attacker could cause a denial of service or possibly execute arbitrary
code with the privileges of the user invoking the program. (CVE-2011-3193)

It was discovered that Qt did not properly handle greyscale TIFF images.
If a Qt application could be made to process a crafted TIFF file, an
attacker could cause a denial of service. (CVE-2011-3194)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.04:
libqt4-network 4:4.7.2-0ubuntu6.4
libqtgui4 4:4.7.2-0ubuntu6.4

Ubuntu 10.04 LTS:
libqt4-network 4:4.6.2-0ubuntu5.4
libqtgui4 4:4.6.2-0ubuntu5.4

After a standard system update you need to restart your session to make all
the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1504-1
CVE-2010-5076, CVE-2011-3193, CVE-2011-3194

Package Information:
https://launchpad.net/ubuntu/+source/qt4-x11/4:4.7.2-0ubuntu6.4
https://launchpad.net/ubuntu/+source/qt4-x11/4:4.6.2-0ubuntu5.4

--Û0x2WnZUIAN0/IJOgfXU
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAABCgAGBQJP/gfsAAoJEFHb3FjMVZVzYfIQALrGDYIKupRxXKbiy0ChZbTO
Chy1nv4hlrt5ItT3cpZkqx+iu/0G8UZlLqcQyvAFP50GXa4F1o4iH3H2sD0S5xEx
BJzmy9/atazKh5l8PiY2wk+xACIMJT2FUr85CzN+VC3ThMazYqCtvdGVb2kEneSN
fd3vQGVHM315ycA4OggBUy3EzKWK9ULKd7eXoUh16JkHNhkrN4SffxkaTte6L7ZH
KnvZJj4GLqMM1PSq9ZzSQQDZMR3dT4NKbXgwYGILuZQuDsOxP54TkgajqtZGHqv2
yN4ErzUG0cTz9Zsa9w9h+oGmJDIqw3SIGB1ZmtlgEVKUPjTmvtAtg4AHP04UmCmi
kwVoM/1l2B41vxih16+K20UCceRLizbJUbraLbvga0iCOZlJFfl63Ejh6uuR7ffn
t7XbZ9FJ6EgDTE7TS5PuVIflLZbhrD5k8U0H5IIFrUzGQbygOspJWM+eOfrZQVNm
0Tg5Qi665dA70uCltsRd0dIrHKWDGOev59uva0WF9x+o9f573AbHaMYa5rK48kI3
a/hcfMVDj4W32H+K+VXtUxd8ejlpTPg0J0lXJZy5KK+u68Jm1x/ghnAlAbdxtzdu
BHaqefl0qZsIa974wMwVwT9MxZi0kS11J0TbyjKcBLqQkXl8QGHQ0bjUTb9GM99t
HwhMeAULqQMHi3gg7L4b
=6e4d
-----END PGP SIGNATURE-----

--=-r0x2WnZUIAN0/IJOgfXU--

--===============6513887747046562177==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============6513887747046562177==--