Skip to navigation

Security Advisory qt security update

Advisory: RHSA-2004:414-19
Type: Security Advisory
Severity: Important
Issued on: 2004-08-20
Last updated on: 2004-08-20
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2004-0691
CVE-2004-0692
CVE-2004-0693

Details

Updated qt packages that fix security issues in several of the image
decoders are now available.

Qt is a software toolkit that simplifies the task of writing and
maintaining GUI (Graphical User Interface) applications for the X Window
System.

During a security audit, Chris Evans discovered a heap overflow in the BMP
image decoder in Qt versions prior to 3.3.3. An attacker could create a
carefully crafted BMP file in such a way that it would cause an application
linked with Qt to crash or possibly execute arbitrary code when the file
was opened by a victim. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0691 to this issue.

Additionally, various flaws were discovered in the GIF, XPM, and JPEG
decoders in Qt versions prior to 3.3.3. An attacker could create carefully
crafted image files in such a way that it could cause an application linked
against Qt to crash when the file was opened by a victim. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
names CAN-2004-0692 and CAN-2004-0693 to these issues.

Users of Qt should update to these updated packages which contain
backported patches and are not vulnerable to these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
qt-3.1.2-13.4.src.rpm
File outdated by:  RHSA-2007:0883
    MD5: f798532e2259e3027eb64a86f471c989
qt-3.1.2-13.4.src.rpm
File outdated by:  RHSA-2007:0883
    MD5: f798532e2259e3027eb64a86f471c989
 
IA-32:
qt-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883
    MD5: 171e31325a6974fe6b3161b0dd935e05
qt-MySQL-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883
    MD5: 53450013bb108936c88d7a68797400b5
qt-config-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883
    MD5: c5372ac10529b611504c48fd1876d32a
qt-designer-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883
    MD5: dde05008907a4402aeec64bd1fef25d8
qt-devel-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883
    MD5: 7e9621c8793aeece8c6697a301fdaf85
 
x86_64:
qt-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883
    MD5: 171e31325a6974fe6b3161b0dd935e05
qt-3.1.2-13.4.x86_64.rpm
File outdated by:  RHSA-2007:0883
    MD5: 24fbbe3a8cc3a9636e64cbecb62c52c1
qt-MySQL-3.1.2-13.4.x86_64.rpm
File outdated by:  RHSA-2007:0883
    MD5: b4ca1ae5a331c4d30d75d2dcd1e53280
qt-config-3.1.2-13.4.x86_64.rpm
File outdated by:  RHSA-2007:0883
    MD5: a684d66936b37ed87281ce2f8a49448b
qt-designer-3.1.2-13.4.x86_64.rpm
File outdated by:  RHSA-2007:0883
    MD5: d945dc65e4120b87f0fa6c0a77c129ee
qt-devel-3.1.2-13.4.x86_64.rpm
File outdated by:  RHSA-2007:0883
    MD5: 814f662f0561c1dc07cb60a287487494
 
Red Hat Enterprise Linux AS (v. 2.1)

SRPMS:
qt-2.3.1-10.src.rpm
File outdated by:  RHSA-2007:0883
    MD5: 3b684906082e180dddd38404dca633f4
qt-2.3.1-10.src.rpm
File outdated by:  RHSA-2007:0883
    MD5: 3b684906082e180dddd38404dca633f4
 
IA-32:
qt-2.3.1-10.i386.rpm
File outdated by:  RHSA-2007:0883
    MD5: 4abae89892524349c1413e9edfe1c580
qt-Xt-2.3.1-10.i386.rpm
File outdated by:  RHSA-2007:0883
    MD5: f8a7bc552d89a93c8de95d31bbf3fb6c
qt-designer-2.3.1-10.i386.rpm
File outdated by:  RHSA-2007:0883
    MD5: ba3283b0ecab676ca709746c7b9aad17
qt-devel-2.3.1-10.i386.rpm
File outdated by:  RHSA-2007:0883
    MD5: f9542947d96f0a40694026bddc6088b3
qt-static-2.3.1-10.i386.rpm
File outdated by:  RHSA-2007:0883
    MD5: 08a3108d33c0391926515c8831e80e32
 
IA-64:
qt-2.3.1-10.ia64.rpm
File outdated by:  RHSA-2007:0883
    MD5: 7a5212ecdd3bdfd6e7c22430cab707ca
qt-Xt-2.3.1-10.ia64.rpm
File outdated by:  RHSA-2007:0883
    MD5: 163badec57860c0751ee49a74a863197
qt-designer-2.3.1-10.ia64.rpm
File outdated by:  RHSA-2007:0883
    MD5: 62890a5783dea02beb1bd19e2c2b9476
qt-devel-2.3.1-10.ia64.rpm
File outdated by:  RHSA-2007:0883
    MD5: 4dc9f6a9177f16561371b41701cc8ca3
qt-static-2.3.1-10.ia64.rpm
File outdated by:  RHSA-2007:0883
    MD5: f5bb921423a761d4412a45d8407960e9
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
qt-3.1.2-13.4.src.rpm
File outdated by:  RHSA-2007:0883
    MD5: f798532e2259e3027eb64a86f471c989
qt-3.1.2-13.4.src.rpm
File outdated by:  RHSA-2007:0883
    MD5: f798532e2259e3027eb64a86f471c989
 
IA-32:
qt-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883
    MD5: 171e31325a6974fe6b3161b0dd935e05
qt-MySQL-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883
    MD5: 53450013bb108936c88d7a68797400b5
qt-config-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883
    MD5: c5372ac10529b611504c48fd1876d32a
qt-designer-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883
    MD5: dde05008907a4402aeec64bd1fef25d8
qt-devel-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883
    MD5: 7e9621c8793aeece8c6697a301fdaf85
 
IA-64:
qt-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883
    MD5: 171e31325a6974fe6b3161b0dd935e05
qt-3.1.2-13.4.ia64.rpm
File outdated by:  RHSA-2007:0883
    MD5: 0162f98d41303ed47435fd634a49aa16
qt-MySQL-3.1.2-13.4.ia64.rpm
File outdated by:  RHSA-2007:0883
    MD5: 83f81146ad6ff84575f221104e109a10
qt-config-3.1.2-13.4.ia64.rpm
File outdated by:  RHSA-2007:0883
    MD5: 0b81a3f2c8ab00775d533c30129fe314
qt-designer-3.1.2-13.4.ia64.rpm
File outdated by:  RHSA-2007:0883
    MD5: d7ff6cb677ea02273909f44018a4de02
qt-devel-3.1.2-13.4.ia64.rpm
File outdated by:  RHSA-2007:0883
    MD5: c93acbc881f899cbd944f74c2710c1dd
 
PPC:
qt-3.1.2-13.4.ppc.rpm
File outdated by:  RHSA-2007:0883
    MD5: 342ed7861c4723143f22841155837163
qt-MySQL-3.1.2-13.4.ppc.rpm
File outdated by:  RHSA-2007:0883
    MD5: f95779e3c785a8ca620b795a50c3a2b7
qt-config-3.1.2-13.4.ppc.rpm
File outdated by:  RHSA-2007:0883
    MD5: d89c0631d249d3596cb0b7f3715d8c71
qt-designer-3.1.2-13.4.ppc.rpm
File outdated by:  RHSA-2007:0883
    MD5: b5c58797337ec1c953a127d145241d70
qt-devel-3.1.2-13.4.ppc.rpm
File outdated by:  RHSA-2007:0883
    MD5: 4138557b0f597ede980c64e4e74debd3
 
s390:
qt-3.1.2-13.4.s390.rpm
File outdated by:  RHSA-2007:0883
    MD5: 57951d45d98f46fe6f2326b16f23ea1b
qt-MySQL-3.1.2-13.4.s390.rpm
File outdated by:  RHSA-2007:0883
    MD5: 98b7677e8b7fa4d84583cfe8e92a91f4
qt-config-3.1.2-13.4.s390.rpm
File outdated by:  RHSA-2007:0883
    MD5: b9f50cd8f014e9e39249dbfbe17b1398
qt-designer-3.1.2-13.4.s390.rpm
File outdated by:  RHSA-2007:0883
    MD5: 2c140a0776e2ce98c273b7e628d86d23
qt-devel-3.1.2-13.4.s390.rpm
File outdated by:  RHSA-2007:0883
    MD5: 5e23428d4621c10ca60bf29d7d2a6ed7
 
s390x:
qt-3.1.2-13.4.s390.rpm
File outdated by:  RHSA-2007:0883
    MD5: 57951d45d98f46fe6f2326b16f23ea1b
qt-3.1.2-13.4.s390x.rpm
File outdated by:  RHSA-2007:0883
    MD5: 8f95df939142d43f0078f5a770850bb2
qt-MySQL-3.1.2-13.4.s390x.rpm
File outdated by:  RHSA-2007:0883
    MD5: 5cc08910b564eed93b3f78c05261a176
qt-config-3.1.2-13.4.s390x.rpm
File outdated by:  RHSA-2007:0883
    MD5: 73c6e602b9a45864a82d16314deba9c0
qt-designer-3.1.2-13.4.s390x.rpm
File outdated by:  RHSA-2007:0883
    MD5: eae10bfa4b34cfbfd29f09e4d7368728
qt-devel-3.1.2-13.4.s390x.rpm
File outdated by:  RHSA-2007:0883
    MD5: fff3b6f404743fa76b5ba21f3a18e20d
 
x86_64:
qt-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883
    MD5: 171e31325a6974fe6b3161b0dd935e05
qt-3.1.2-13.4.x86_64.rpm
File outdated by:  RHSA-2007:0883
    MD5: 24fbbe3a8cc3a9636e64cbecb62c52c1
qt-MySQL-3.1.2-13.4.x86_64.rpm
File outdated by:  RHSA-2007:0883
    MD5: b4ca1ae5a331c4d30d75d2dcd1e53280
qt-config-3.1.2-13.4.x86_64.rpm
File outdated by:  RHSA-2007:0883
    MD5: a684d66936b37ed87281ce2f8a49448b
qt-designer-3.1.2-13.4.x86_64.rpm
File outdated by:  RHSA-2007:0883
    MD5: d945dc65e4120b87f0fa6c0a77c129ee
qt-devel-3.1.2-13.4.x86_64.rpm
File outdated by:  RHSA-2007:0883
    MD5: 814f662f0561c1dc07cb60a287487494
 
Red Hat Enterprise Linux ES (v. 2.1)

SRPMS:
qt-2.3.1-10.src.rpm
File outdated by:  RHSA-2007:0883
    MD5: 3b684906082e180dddd38404dca633f4
qt-2.3.1-10.src.rpm
File outdated by:  RHSA-2007:0883
    MD5: 3b684906082e180dddd38404dca633f4
 
IA-32:
qt-2.3.1-10.i386.rpm
File outdated by:  RHSA-2007:0883
    MD5: 4abae89892524349c1413e9edfe1c580
qt-Xt-2.3.1-10.i386.rpm
File outdated by:  RHSA-2007:0883
    MD5: f8a7bc552d89a93c8de95d31bbf3fb6c
qt-designer-2.3.1-10.i386.rpm
File outdated by:  RHSA-2007:0883
    MD5: ba3283b0ecab676ca709746c7b9aad17
qt-devel-2.3.1-10.i386.rpm
File outdated by:  RHSA-2007:0883
    MD5: f9542947d96f0a40694026bddc6088b3
qt-static-2.3.1-10.i386.rpm
File outdated by:  RHSA-2007:0883
    MD5: 08a3108d33c0391926515c8831e80e32
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
qt-3.1.2-13.4.src.rpm
File outdated by:  RHSA-2007:0883
    MD5: f798532e2259e3027eb64a86f471c989
qt-3.1.2-13.4.src.rpm
File outdated by:  RHSA-2007:0883
    MD5: f798532e2259e3027eb64a86f471c989
 
IA-32:
qt-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883
    MD5: 171e31325a6974fe6b3161b0dd935e05
qt-MySQL-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883
    MD5: 53450013bb108936c88d7a68797400b5
qt-config-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883
    MD5: c5372ac10529b611504c48fd1876d32a
qt-designer-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883
    MD5: dde05008907a4402aeec64bd1fef25d8
qt-devel-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883
    MD5: 7e9621c8793aeece8c6697a301fdaf85
 
IA-64:
qt-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883
    MD5: 171e31325a6974fe6b3161b0dd935e05
qt-3.1.2-13.4.ia64.rpm
File outdated by:  RHSA-2007:0883
    MD5: 0162f98d41303ed47435fd634a49aa16
qt-MySQL-3.1.2-13.4.ia64.rpm
File outdated by:  RHSA-2007:0883
    MD5: 83f81146ad6ff84575f221104e109a10
qt-config-3.1.2-13.4.ia64.rpm
File outdated by:  RHSA-2007:0883
    MD5: 0b81a3f2c8ab00775d533c30129fe314
qt-designer-3.1.2-13.4.ia64.rpm
File outdated by:  RHSA-2007:0883
    MD5: d7ff6cb677ea02273909f44018a4de02
qt-devel-3.1.2-13.4.ia64.rpm
File outdated by:  RHSA-2007:0883
    MD5: c93acbc881f899cbd944f74c2710c1dd
 
x86_64:
qt-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883
    MD5: 171e31325a6974fe6b3161b0dd935e05
qt-3.1.2-13.4.x86_64.rpm
File outdated by:  RHSA-2007:0883
    MD5: 24fbbe3a8cc3a9636e64cbecb62c52c1
qt-MySQL-3.1.2-13.4.x86_64.rpm
File outdated by:  RHSA-2007:0883
    MD5: b4ca1ae5a331c4d30d75d2dcd1e53280
qt-config-3.1.2-13.4.x86_64.rpm
File outdated by:  RHSA-2007:0883
    MD5: a684d66936b37ed87281ce2f8a49448b
qt-designer-3.1.2-13.4.x86_64.rpm
File outdated by:  RHSA-2007:0883
    MD5: d945dc65e4120b87f0fa6c0a77c129ee
qt-devel-3.1.2-13.4.x86_64.rpm
File outdated by:  RHSA-2007:0883
    MD5: 814f662f0561c1dc07cb60a287487494
 
Red Hat Enterprise Linux WS (v. 2.1)

SRPMS:
qt-2.3.1-10.src.rpm
File outdated by:  RHSA-2007:0883
    MD5: 3b684906082e180dddd38404dca633f4
qt-2.3.1-10.src.rpm
File outdated by:  RHSA-2007:0883
    MD5: 3b684906082e180dddd38404dca633f4
 
IA-32:
qt-2.3.1-10.i386.rpm
File outdated by:  RHSA-2007:0883
    MD5: 4abae89892524349c1413e9edfe1c580
qt-Xt-2.3.1-10.i386.rpm
File outdated by:  RHSA-2007:0883
    MD5: f8a7bc552d89a93c8de95d31bbf3fb6c
qt-designer-2.3.1-10.i386.rpm
File outdated by:  RHSA-2007:0883
    MD5: ba3283b0ecab676ca709746c7b9aad17
qt-devel-2.3.1-10.i386.rpm
File outdated by:  RHSA-2007:0883
    MD5: f9542947d96f0a40694026bddc6088b3
qt-static-2.3.1-10.i386.rpm
File outdated by:  RHSA-2007:0883
    MD5: 08a3108d33c0391926515c8831e80e32
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
qt-3.1.2-13.4.src.rpm
File outdated by:  RHSA-2007:0883
    MD5: f798532e2259e3027eb64a86f471c989
qt-3.1.2-13.4.src.rpm
File outdated by:  RHSA-2007:0883
    MD5: f798532e2259e3027eb64a86f471c989
 
IA-32:
qt-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883
    MD5: 171e31325a6974fe6b3161b0dd935e05
qt-MySQL-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883
    MD5: 53450013bb108936c88d7a68797400b5
qt-config-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883
    MD5: c5372ac10529b611504c48fd1876d32a
qt-designer-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883
    MD5: dde05008907a4402aeec64bd1fef25d8
qt-devel-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883
    MD5: 7e9621c8793aeece8c6697a301fdaf85
 
IA-64:
qt-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883
    MD5: 171e31325a6974fe6b3161b0dd935e05
qt-3.1.2-13.4.ia64.rpm
File outdated by:  RHSA-2007:0883
    MD5: 0162f98d41303ed47435fd634a49aa16
qt-MySQL-3.1.2-13.4.ia64.rpm
File outdated by:  RHSA-2007:0883
    MD5: 83f81146ad6ff84575f221104e109a10
qt-config-3.1.2-13.4.ia64.rpm
File outdated by:  RHSA-2007:0883
    MD5: 0b81a3f2c8ab00775d533c30129fe314
qt-designer-3.1.2-13.4.ia64.rpm
File outdated by:  RHSA-2007:0883
    MD5: d7ff6cb677ea02273909f44018a4de02
qt-devel-3.1.2-13.4.ia64.rpm
File outdated by:  RHSA-2007:0883
    MD5: c93acbc881f899cbd944f74c2710c1dd
 
x86_64:
qt-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883
    MD5: 171e31325a6974fe6b3161b0dd935e05
qt-3.1.2-13.4.x86_64.rpm
File outdated by:  RHSA-2007:0883
    MD5: 24fbbe3a8cc3a9636e64cbecb62c52c1
qt-MySQL-3.1.2-13.4.x86_64.rpm
File outdated by:  RHSA-2007:0883
    MD5: b4ca1ae5a331c4d30d75d2dcd1e53280
qt-config-3.1.2-13.4.x86_64.rpm
File outdated by:  RHSA-2007:0883
    MD5: a684d66936b37ed87281ce2f8a49448b
qt-designer-3.1.2-13.4.x86_64.rpm
File outdated by:  RHSA-2007:0883
    MD5: d945dc65e4120b87f0fa6c0a77c129ee
qt-devel-3.1.2-13.4.x86_64.rpm
File outdated by:  RHSA-2007:0883
    MD5: 814f662f0561c1dc07cb60a287487494
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

SRPMS:
qt-2.3.1-10.src.rpm
File outdated by:  RHSA-2007:0883
    MD5: 3b684906082e180dddd38404dca633f4
qt-2.3.1-10.src.rpm
File outdated by:  RHSA-2007:0883
    MD5: 3b684906082e180dddd38404dca633f4
 
IA-64:
qt-2.3.1-10.ia64.rpm
File outdated by:  RHSA-2007:0883
    MD5: 7a5212ecdd3bdfd6e7c22430cab707ca
qt-Xt-2.3.1-10.ia64.rpm
File outdated by:  RHSA-2007:0883
    MD5: 163badec57860c0751ee49a74a863197
qt-designer-2.3.1-10.ia64.rpm
File outdated by:  RHSA-2007:0883
    MD5: 62890a5783dea02beb1bd19e2c2b9476
qt-devel-2.3.1-10.ia64.rpm
File outdated by:  RHSA-2007:0883
    MD5: 4dc9f6a9177f16561371b41701cc8ca3
qt-static-2.3.1-10.ia64.rpm
File outdated by:  RHSA-2007:0883
    MD5: f5bb921423a761d4412a45d8407960e9
 

Bugs fixed (see bugzilla for more information)

128720 - CAN-2004-0691 BMP decoder heap overflow


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/