Security Advisory qt security update

Advisory: RHSA-2004:414-19
Type: Security Advisory
Severity: Important
Issued on: 2004-08-20
Last updated on: 2004-08-20
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
OVAL: N/A
CVEs (cve.mitre.org): CVE-2004-0691
CVE-2004-0692
CVE-2004-0693

Details

Updated qt packages that fix security issues in several of the image
decoders are now available.

Qt is a software toolkit that simplifies the task of writing and
maintaining GUI (Graphical User Interface) applications for the X Window
System.

During a security audit, Chris Evans discovered a heap overflow in the BMP
image decoder in Qt versions prior to 3.3.3. An attacker could create a
carefully crafted BMP file in such a way that it would cause an application
linked with Qt to crash or possibly execute arbitrary code when the file
was opened by a victim. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0691 to this issue.

Additionally, various flaws were discovered in the GIF, XPM, and JPEG
decoders in Qt versions prior to 3.3.3. An attacker could create carefully
crafted image files in such a way that it could cause an application linked
against Qt to crash when the file was opened by a victim. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
names CAN-2004-0692 and CAN-2004-0693 to these issues.

Users of Qt should update to these updated packages which contain
backported patches and are not vulnerable to these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 3)
SRPMS:
qt-3.1.2-13.4.src.rpm
File outdated by:  RHSA-2007:0883		     f798532e2259e3027eb64a86f471c989
 
IA-32:
qt-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883		     171e31325a6974fe6b3161b0dd935e05
qt-MySQL-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883		     53450013bb108936c88d7a68797400b5
qt-config-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883		     c5372ac10529b611504c48fd1876d32a
qt-designer-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883		     dde05008907a4402aeec64bd1fef25d8
qt-devel-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883		     7e9621c8793aeece8c6697a301fdaf85
 
x86_64:
qt-3.1.2-13.4.x86_64.rpm
File outdated by:  RHSA-2007:0883		     24fbbe3a8cc3a9636e64cbecb62c52c1
qt-MySQL-3.1.2-13.4.x86_64.rpm
File outdated by:  RHSA-2007:0883		     b4ca1ae5a331c4d30d75d2dcd1e53280
qt-config-3.1.2-13.4.x86_64.rpm
File outdated by:  RHSA-2007:0883		     a684d66936b37ed87281ce2f8a49448b
qt-designer-3.1.2-13.4.x86_64.rpm
File outdated by:  RHSA-2007:0883		     d945dc65e4120b87f0fa6c0a77c129ee
qt-devel-3.1.2-13.4.x86_64.rpm
File outdated by:  RHSA-2007:0883		     814f662f0561c1dc07cb60a287487494
 
Red Hat Enterprise Linux AS (v. 2.1)
SRPMS:
qt-2.3.1-10.src.rpm     3b684906082e180dddd38404dca633f4
 
IA-32:
qt-2.3.1-10.i386.rpm
File outdated by:  RHSA-2007:0883		     4abae89892524349c1413e9edfe1c580
qt-Xt-2.3.1-10.i386.rpm
File outdated by:  RHSA-2007:0883		     f8a7bc552d89a93c8de95d31bbf3fb6c
qt-designer-2.3.1-10.i386.rpm
File outdated by:  RHSA-2007:0883		     ba3283b0ecab676ca709746c7b9aad17
qt-devel-2.3.1-10.i386.rpm
File outdated by:  RHSA-2007:0883		     f9542947d96f0a40694026bddc6088b3
qt-static-2.3.1-10.i386.rpm
File outdated by:  RHSA-2007:0883		     08a3108d33c0391926515c8831e80e32
 
IA-64:
qt-2.3.1-10.ia64.rpm
File outdated by:  RHSA-2007:0883		     7a5212ecdd3bdfd6e7c22430cab707ca
qt-Xt-2.3.1-10.ia64.rpm
File outdated by:  RHSA-2007:0883		     163badec57860c0751ee49a74a863197
qt-designer-2.3.1-10.ia64.rpm
File outdated by:  RHSA-2007:0883		     62890a5783dea02beb1bd19e2c2b9476
qt-devel-2.3.1-10.ia64.rpm
File outdated by:  RHSA-2007:0883		     4dc9f6a9177f16561371b41701cc8ca3
qt-static-2.3.1-10.ia64.rpm
File outdated by:  RHSA-2007:0883		     f5bb921423a761d4412a45d8407960e9
 
Red Hat Enterprise Linux AS (v. 3)
SRPMS:
qt-3.1.2-13.4.src.rpm
File outdated by:  RHSA-2007:0883		     f798532e2259e3027eb64a86f471c989
 
IA-32:
qt-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883		     171e31325a6974fe6b3161b0dd935e05
qt-MySQL-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883		     53450013bb108936c88d7a68797400b5
qt-config-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883		     c5372ac10529b611504c48fd1876d32a
qt-designer-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883		     dde05008907a4402aeec64bd1fef25d8
qt-devel-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883		     7e9621c8793aeece8c6697a301fdaf85
 
IA-64:
qt-3.1.2-13.4.ia64.rpm
File outdated by:  RHSA-2007:0883		     0162f98d41303ed47435fd634a49aa16
qt-MySQL-3.1.2-13.4.ia64.rpm
File outdated by:  RHSA-2007:0883		     83f81146ad6ff84575f221104e109a10
qt-config-3.1.2-13.4.ia64.rpm
File outdated by:  RHSA-2007:0883		     0b81a3f2c8ab00775d533c30129fe314
qt-designer-3.1.2-13.4.ia64.rpm
File outdated by:  RHSA-2007:0883		     d7ff6cb677ea02273909f44018a4de02
qt-devel-3.1.2-13.4.ia64.rpm
File outdated by:  RHSA-2007:0883		     c93acbc881f899cbd944f74c2710c1dd
 
PPC:
qt-3.1.2-13.4.ppc.rpm
File outdated by:  RHSA-2007:0883		     342ed7861c4723143f22841155837163
qt-MySQL-3.1.2-13.4.ppc.rpm
File outdated by:  RHSA-2007:0883		     f95779e3c785a8ca620b795a50c3a2b7
qt-config-3.1.2-13.4.ppc.rpm
File outdated by:  RHSA-2007:0883		     d89c0631d249d3596cb0b7f3715d8c71
qt-designer-3.1.2-13.4.ppc.rpm
File outdated by:  RHSA-2007:0883		     b5c58797337ec1c953a127d145241d70
qt-devel-3.1.2-13.4.ppc.rpm
File outdated by:  RHSA-2007:0883		     4138557b0f597ede980c64e4e74debd3
 
s390:
qt-3.1.2-13.4.s390.rpm
File outdated by:  RHSA-2007:0883		     57951d45d98f46fe6f2326b16f23ea1b
qt-MySQL-3.1.2-13.4.s390.rpm
File outdated by:  RHSA-2007:0883		     98b7677e8b7fa4d84583cfe8e92a91f4
qt-config-3.1.2-13.4.s390.rpm
File outdated by:  RHSA-2007:0883		     b9f50cd8f014e9e39249dbfbe17b1398
qt-designer-3.1.2-13.4.s390.rpm
File outdated by:  RHSA-2007:0883		     2c140a0776e2ce98c273b7e628d86d23
qt-devel-3.1.2-13.4.s390.rpm
File outdated by:  RHSA-2007:0883		     5e23428d4621c10ca60bf29d7d2a6ed7
 
s390x:
qt-3.1.2-13.4.s390x.rpm
File outdated by:  RHSA-2007:0883		     8f95df939142d43f0078f5a770850bb2
qt-MySQL-3.1.2-13.4.s390x.rpm
File outdated by:  RHSA-2007:0883		     5cc08910b564eed93b3f78c05261a176
qt-config-3.1.2-13.4.s390x.rpm
File outdated by:  RHSA-2007:0883		     73c6e602b9a45864a82d16314deba9c0
qt-designer-3.1.2-13.4.s390x.rpm
File outdated by:  RHSA-2007:0883		     eae10bfa4b34cfbfd29f09e4d7368728
qt-devel-3.1.2-13.4.s390x.rpm
File outdated by:  RHSA-2007:0883		     fff3b6f404743fa76b5ba21f3a18e20d
 
x86_64:
qt-3.1.2-13.4.x86_64.rpm
File outdated by:  RHSA-2007:0883		     24fbbe3a8cc3a9636e64cbecb62c52c1
qt-MySQL-3.1.2-13.4.x86_64.rpm
File outdated by:  RHSA-2007:0883		     b4ca1ae5a331c4d30d75d2dcd1e53280
qt-config-3.1.2-13.4.x86_64.rpm
File outdated by:  RHSA-2007:0883		     a684d66936b37ed87281ce2f8a49448b
qt-designer-3.1.2-13.4.x86_64.rpm
File outdated by:  RHSA-2007:0883		     d945dc65e4120b87f0fa6c0a77c129ee
qt-devel-3.1.2-13.4.x86_64.rpm
File outdated by:  RHSA-2007:0883		     814f662f0561c1dc07cb60a287487494
 
Red Hat Enterprise Linux ES (v. 2.1)
SRPMS:
qt-2.3.1-10.src.rpm     3b684906082e180dddd38404dca633f4
 
IA-32:
qt-2.3.1-10.i386.rpm
File outdated by:  RHSA-2007:0883		     4abae89892524349c1413e9edfe1c580
qt-Xt-2.3.1-10.i386.rpm
File outdated by:  RHSA-2007:0883		     f8a7bc552d89a93c8de95d31bbf3fb6c
qt-designer-2.3.1-10.i386.rpm
File outdated by:  RHSA-2007:0883		     ba3283b0ecab676ca709746c7b9aad17
qt-devel-2.3.1-10.i386.rpm
File outdated by:  RHSA-2007:0883		     f9542947d96f0a40694026bddc6088b3
qt-static-2.3.1-10.i386.rpm
File outdated by:  RHSA-2007:0883		     08a3108d33c0391926515c8831e80e32
 
Red Hat Enterprise Linux ES (v. 3)
SRPMS:
qt-3.1.2-13.4.src.rpm
File outdated by:  RHSA-2007:0883		     f798532e2259e3027eb64a86f471c989
 
IA-32:
qt-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883		     171e31325a6974fe6b3161b0dd935e05
qt-MySQL-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883		     53450013bb108936c88d7a68797400b5
qt-config-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883		     c5372ac10529b611504c48fd1876d32a
qt-designer-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883		     dde05008907a4402aeec64bd1fef25d8
qt-devel-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883		     7e9621c8793aeece8c6697a301fdaf85
 
IA-64:
qt-3.1.2-13.4.ia64.rpm
File outdated by:  RHSA-2007:0883		     0162f98d41303ed47435fd634a49aa16
qt-MySQL-3.1.2-13.4.ia64.rpm
File outdated by:  RHSA-2007:0883		     83f81146ad6ff84575f221104e109a10
qt-config-3.1.2-13.4.ia64.rpm
File outdated by:  RHSA-2007:0883		     0b81a3f2c8ab00775d533c30129fe314
qt-designer-3.1.2-13.4.ia64.rpm
File outdated by:  RHSA-2007:0883		     d7ff6cb677ea02273909f44018a4de02
qt-devel-3.1.2-13.4.ia64.rpm
File outdated by:  RHSA-2007:0883		     c93acbc881f899cbd944f74c2710c1dd
 
x86_64:
qt-3.1.2-13.4.x86_64.rpm
File outdated by:  RHSA-2007:0883		     24fbbe3a8cc3a9636e64cbecb62c52c1
qt-MySQL-3.1.2-13.4.x86_64.rpm
File outdated by:  RHSA-2007:0883		     b4ca1ae5a331c4d30d75d2dcd1e53280
qt-config-3.1.2-13.4.x86_64.rpm
File outdated by:  RHSA-2007:0883		     a684d66936b37ed87281ce2f8a49448b
qt-designer-3.1.2-13.4.x86_64.rpm
File outdated by:  RHSA-2007:0883		     d945dc65e4120b87f0fa6c0a77c129ee
qt-devel-3.1.2-13.4.x86_64.rpm
File outdated by:  RHSA-2007:0883		     814f662f0561c1dc07cb60a287487494
 
Red Hat Enterprise Linux WS (v. 2.1)
SRPMS:
qt-2.3.1-10.src.rpm     3b684906082e180dddd38404dca633f4
 
IA-32:
qt-2.3.1-10.i386.rpm
File outdated by:  RHSA-2007:0883		     4abae89892524349c1413e9edfe1c580
qt-Xt-2.3.1-10.i386.rpm
File outdated by:  RHSA-2007:0883		     f8a7bc552d89a93c8de95d31bbf3fb6c
qt-designer-2.3.1-10.i386.rpm
File outdated by:  RHSA-2007:0883		     ba3283b0ecab676ca709746c7b9aad17
qt-devel-2.3.1-10.i386.rpm
File outdated by:  RHSA-2007:0883		     f9542947d96f0a40694026bddc6088b3
qt-static-2.3.1-10.i386.rpm
File outdated by:  RHSA-2007:0883		     08a3108d33c0391926515c8831e80e32
 
Red Hat Enterprise Linux WS (v. 3)
SRPMS:
qt-3.1.2-13.4.src.rpm
File outdated by:  RHSA-2007:0883		     f798532e2259e3027eb64a86f471c989
 
IA-32:
qt-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883		     171e31325a6974fe6b3161b0dd935e05
qt-MySQL-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883		     53450013bb108936c88d7a68797400b5
qt-config-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883		     c5372ac10529b611504c48fd1876d32a
qt-designer-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883		     dde05008907a4402aeec64bd1fef25d8
qt-devel-3.1.2-13.4.i386.rpm
File outdated by:  RHSA-2007:0883		     7e9621c8793aeece8c6697a301fdaf85
 
IA-64:
qt-3.1.2-13.4.ia64.rpm
File outdated by:  RHSA-2007:0883		     0162f98d41303ed47435fd634a49aa16
qt-MySQL-3.1.2-13.4.ia64.rpm
File outdated by:  RHSA-2007:0883		     83f81146ad6ff84575f221104e109a10
qt-config-3.1.2-13.4.ia64.rpm
File outdated by:  RHSA-2007:0883		     0b81a3f2c8ab00775d533c30129fe314
qt-designer-3.1.2-13.4.ia64.rpm
File outdated by:  RHSA-2007:0883		     d7ff6cb677ea02273909f44018a4de02
qt-devel-3.1.2-13.4.ia64.rpm
File outdated by:  RHSA-2007:0883		     c93acbc881f899cbd944f74c2710c1dd
 
x86_64:
qt-3.1.2-13.4.x86_64.rpm
File outdated by:  RHSA-2007:0883		     24fbbe3a8cc3a9636e64cbecb62c52c1
qt-MySQL-3.1.2-13.4.x86_64.rpm
File outdated by:  RHSA-2007:0883		     b4ca1ae5a331c4d30d75d2dcd1e53280
qt-config-3.1.2-13.4.x86_64.rpm
File outdated by:  RHSA-2007:0883		     a684d66936b37ed87281ce2f8a49448b
qt-designer-3.1.2-13.4.x86_64.rpm
File outdated by:  RHSA-2007:0883		     d945dc65e4120b87f0fa6c0a77c129ee
qt-devel-3.1.2-13.4.x86_64.rpm
File outdated by:  RHSA-2007:0883		     814f662f0561c1dc07cb60a287487494
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
SRPMS:
qt-2.3.1-10.src.rpm     3b684906082e180dddd38404dca633f4
 
IA-64:
qt-2.3.1-10.ia64.rpm
File outdated by:  RHSA-2007:0883		     7a5212ecdd3bdfd6e7c22430cab707ca
qt-Xt-2.3.1-10.ia64.rpm
File outdated by:  RHSA-2007:0883		     163badec57860c0751ee49a74a863197
qt-designer-2.3.1-10.ia64.rpm
File outdated by:  RHSA-2007:0883		     62890a5783dea02beb1bd19e2c2b9476
qt-devel-2.3.1-10.ia64.rpm
File outdated by:  RHSA-2007:0883		     4dc9f6a9177f16561371b41701cc8ca3
qt-static-2.3.1-10.ia64.rpm
File outdated by:  RHSA-2007:0883		     f5bb921423a761d4412a45d8407960e9
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

128720 - CAN-2004-0691 BMP decoder heap overflow


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0691
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0693
http://www.trolltech.com/developer/changes/changes-3.3.3.html

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/