drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Qt
Name: |
Mehrere Probleme in Qt |
|
ID: |
USN-1504-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 11.04 |
|
Datum: |
Do, 12. Juli 2012, 07:38 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3194 |
|
Applikationen: |
Qt |
|
Originalnachricht |
--===============6513887747046562177== Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-r0x2WnZUIAN0/IJOgfXU"
--=-r0x2WnZUIAN0/IJOgfXU Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1504-1 July 11, 2012
qt4-x11 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04 - Ubuntu 10.04 LTS
Summary:
Qt Applications could be made to crash or run programs as your login if they opened specially crafted files.
Software Description: - qt4-x11: transitional package for Qt 4 assistant module
Details:
It was discovered that Qt did not properly handle wildcard domain names or IP addresses in the Common Name field of X.509 certificates. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-5076)
A heap-based buffer overflow was discovered in the HarfBuzz module. If a user were tricked into opening a crafted font file in a Qt application, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-3193)
It was discovered that Qt did not properly handle greyscale TIFF images. If a Qt application could be made to process a crafted TIFF file, an attacker could cause a denial of service. (CVE-2011-3194)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.04: libqt4-network 4:4.7.2-0ubuntu6.4 libqtgui4 4:4.7.2-0ubuntu6.4
Ubuntu 10.04 LTS: libqt4-network 4:4.6.2-0ubuntu5.4 libqtgui4 4:4.6.2-0ubuntu5.4
After a standard system update you need to restart your session to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1504-1 CVE-2010-5076, CVE-2011-3193, CVE-2011-3194
Package Information: https://launchpad.net/ubuntu/+source/qt4-x11/4:4.7.2-0ubuntu6.4 https://launchpad.net/ubuntu/+source/qt4-x11/4:4.6.2-0ubuntu5.4
--Û0x2WnZUIAN0/IJOgfXU Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJP/gfsAAoJEFHb3FjMVZVzYfIQALrGDYIKupRxXKbiy0ChZbTO Chy1nv4hlrt5ItT3cpZkqx+iu/0G8UZlLqcQyvAFP50GXa4F1o4iH3H2sD0S5xEx BJzmy9/atazKh5l8PiY2wk+xACIMJT2FUr85CzN+VC3ThMazYqCtvdGVb2kEneSN fd3vQGVHM315ycA4OggBUy3EzKWK9ULKd7eXoUh16JkHNhkrN4SffxkaTte6L7ZH KnvZJj4GLqMM1PSq9ZzSQQDZMR3dT4NKbXgwYGILuZQuDsOxP54TkgajqtZGHqv2 yN4ErzUG0cTz9Zsa9w9h+oGmJDIqw3SIGB1ZmtlgEVKUPjTmvtAtg4AHP04UmCmi kwVoM/1l2B41vxih16+K20UCceRLizbJUbraLbvga0iCOZlJFfl63Ejh6uuR7ffn t7XbZ9FJ6EgDTE7TS5PuVIflLZbhrD5k8U0H5IIFrUzGQbygOspJWM+eOfrZQVNm 0Tg5Qi665dA70uCltsRd0dIrHKWDGOev59uva0WF9x+o9f573AbHaMYa5rK48kI3 a/hcfMVDj4W32H+K+VXtUxd8ejlpTPg0J0lXJZy5KK+u68Jm1x/ghnAlAbdxtzdu BHaqefl0qZsIa974wMwVwT9MxZi0kS11J0TbyjKcBLqQkXl8QGHQ0bjUTb9GM99t HwhMeAULqQMHi3gg7L4b =6e4d -----END PGP SIGNATURE-----
--=-r0x2WnZUIAN0/IJOgfXU--
--===============6513887747046562177== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============6513887747046562177==--
|
|
|
|