Moderate: qt4 security update
| Advisory: | RHSA-2011:1324-1 |
|---|---|
| Type: | Security Advisory |
| Severity: | Moderate |
| Issued on: | 2011-09-21 |
| Last updated on: | 2011-09-21 |
| Affected Products: | RHEL Desktop Workstation (v. 5 client) Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux Desktop (v. 5 client) |
| CVEs (cve.mitre.org): |
CVE-2007-0242 CVE-2011-3193 |
Details
Updated qt4 packages that fix two security issues are now available for Red
Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Qt 4 is a software toolkit that simplifies the task of writing and
maintaining GUI (Graphical User Interface) applications for the X Window
System. HarfBuzz is an OpenType text shaping engine.
A flaw in the way Qt 4 expanded certain UTF-8 characters could be used to
prevent a Qt 4 based application from properly sanitizing user input.
Depending on the application, this could allow an attacker to perform
directory traversal, or for web applications, a cross-site scripting (XSS)
attack. (CVE-2007-0242)
A buffer overflow flaw was found in the harfbuzz module in Qt 4. If a user
loaded a specially-crafted font file with an application linked against Qt
4, it could cause the application to crash or, possibly, execute arbitrary
code with the privileges of the user running the application.
(CVE-2011-3193)
Users of Qt 4 should upgrade to these updated packages, which contain
backported patches to correct these issues. All running applications linked
against Qt 4 libraries must be restarted for this update to take effect.
Solution
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
Updated packages
| RHEL Desktop Workstation (v. 5 client) | |
| SRPMS: | |
| qt4-4.2.1-1.el5_7.1.src.rpm | MD5: e3088758d5f767383128937b87aab8f2 SHA-256: a9d1accb772b0d982b12033670e32017007eb2bc0ea34c9332077275aa0bc245 |
| IA-32: | |
| qt4-devel-4.2.1-1.el5_7.1.i386.rpm | MD5: 008a30773beaa1ddba838605ae4c2227 SHA-256: 293cec387ccf4e3afe6d655beb8ad3d0cbadeae46a80907ac34f34abbdfb4933 |
| x86_64: | |
| qt4-devel-4.2.1-1.el5_7.1.i386.rpm | MD5: 008a30773beaa1ddba838605ae4c2227 SHA-256: 293cec387ccf4e3afe6d655beb8ad3d0cbadeae46a80907ac34f34abbdfb4933 |
| qt4-devel-4.2.1-1.el5_7.1.x86_64.rpm | MD5: c8146546e65013f59d3fa8aed40bca98 SHA-256: 96a1fe77864f4e7b752ca7745669d3bb08f18eee92dcffb57bf65306337d5ada |
| Red Hat Enterprise Linux (v. 5 server) | |
| SRPMS: | |
| qt4-4.2.1-1.el5_7.1.src.rpm | MD5: e3088758d5f767383128937b87aab8f2 SHA-256: a9d1accb772b0d982b12033670e32017007eb2bc0ea34c9332077275aa0bc245 |
| IA-32: | |
| qt4-4.2.1-1.el5_7.1.i386.rpm | MD5: 84174670d95b63931c75aede7b05ef9f SHA-256: 9d9f580ff6b5cd9fd2cb1a1a234c6ee67436f93ff89b5ce7f0a32bae441d15e2 |
| qt4-devel-4.2.1-1.el5_7.1.i386.rpm | MD5: 008a30773beaa1ddba838605ae4c2227 SHA-256: 293cec387ccf4e3afe6d655beb8ad3d0cbadeae46a80907ac34f34abbdfb4933 |
| qt4-doc-4.2.1-1.el5_7.1.i386.rpm | MD5: 0fa23710960b7c7f99878717855a5d16 SHA-256: df26a2bc8dcb3d0bb4a0b165199433a0ba3303232725131b04cfdb8ecdcffdaf |
| qt4-mysql-4.2.1-1.el5_7.1.i386.rpm | MD5: 2a07cfe4e2337c64314e37824cd16892 SHA-256: 01c12f0f1fdc36d5887e6096716e06bc6c0e7f173a3e9108815bedad0eaff3c7 |
| qt4-odbc-4.2.1-1.el5_7.1.i386.rpm | MD5: eed53158dfd74014ba993fc7209ec531 SHA-256: 69e18b14344ea640413b6eec766ffa802fe9f055ba62dc03538f13ad7d0e6e63 |
| qt4-postgresql-4.2.1-1.el5_7.1.i386.rpm | MD5: 00cbedca3e9ef8cc69ff00ad63499f10 SHA-256: 13dd215b84ce35cad6faee9e2af25c52a197b59436742fad2abc4c8a9cabeba6 |
| qt4-sqlite-4.2.1-1.el5_7.1.i386.rpm | MD5: 5ed8b10ed5aa864d54797f1b6cde0d56 SHA-256: 0e8448eef0fa3e93e5ead40a3f40a18070ba62b79908ef253f190438691ae0b7 |
| IA-64: | |
| qt4-4.2.1-1.el5_7.1.ia64.rpm | MD5: cabe5a853d13ae057f5726786896470f SHA-256: 787a18cf5db2a8d476130c74c530ca5c28c9ba54b2a360c9badfbd8218f5b38b |
| qt4-devel-4.2.1-1.el5_7.1.ia64.rpm | MD5: c279353bf778c2a8916765a596c4d758 SHA-256: e8d9d54999cd851b59aab9f771fbd46363f20a59c28427f00f82ab6ff38ae061 |
| qt4-doc-4.2.1-1.el5_7.1.ia64.rpm | MD5: 81f6f46f45f02d7905b64dc39b3eba75 SHA-256: 989be555c04cc97c55628e0750efc944673739f58c132058c97f63a73747af5b |
| qt4-mysql-4.2.1-1.el5_7.1.ia64.rpm | MD5: c9bd1b768126a8514914fd23af3464d4 SHA-256: 4a98b55b21cc80b560bf25bd86afbd55396c533adcef43154e6d0179fa2c783e |
| qt4-odbc-4.2.1-1.el5_7.1.ia64.rpm | MD5: 78f8f32ca18f509ba0999404a960b092 SHA-256: a7c3b4979f9f51a3f0d90179ef49fb25625fb3b8d294c89bc230043b2cbb685a |
| qt4-postgresql-4.2.1-1.el5_7.1.ia64.rpm | MD5: 865b1d799d59bbebc0daced0c7ab3279 SHA-256: 0de6ca910f63c12b0116821159e5973b78de85f54745a507b3f2926b5b41f0ef |
| qt4-sqlite-4.2.1-1.el5_7.1.ia64.rpm | MD5: 900287afa4a48e43aa806c6be4e2ebc9 SHA-256: f811899174933c0118337f48f7763a0a1660fad741cc1169b0f9f000187e4d1d |
| PPC: | |
| qt4-4.2.1-1.el5_7.1.ppc.rpm | MD5: 979ce4f11843bb0318ffeaf2b3ef3dca SHA-256: 46fa8334064ae777bc88cd4ebd5059b1ad17313d5fd07a49c781c198ac96bee2 |
| qt4-4.2.1-1.el5_7.1.ppc64.rpm | MD5: 3ffe94717de31cd02a784232704b4f9c SHA-256: 0fb6f1ed2c9fb6af61987cafa196d8d834421a5de3281a5cf0336e9827670414 |
| qt4-devel-4.2.1-1.el5_7.1.ppc.rpm | MD5: edc07f00689336aacb0340d6b7e48d75 SHA-256: 81de954dcf6d08d1c353c4f15ea8a6495e48220b84c051c418a399db8ba4297c |
| qt4-devel-4.2.1-1.el5_7.1.ppc64.rpm | MD5: d3151433b4ade5eca553c62471c97a3e SHA-256: a4be93bc996c08a38d2a45aa03d726c20fd489333cb1a4e0ec18d9612e7d4cd5 |
| qt4-doc-4.2.1-1.el5_7.1.ppc.rpm | MD5: c8778a2e014a0241cf4ef87231cc3403 SHA-256: 465becfc6609d3caef10edd5a4ee90d5d4c4e8db23ac9ee20d0afd8d3f01ffaa |
| qt4-mysql-4.2.1-1.el5_7.1.ppc.rpm | MD5: f85d9cb38e36a6b935345b577a861be5 SHA-256: e2f75f12a4efd389a94ebd6aeb4eb4237c3713b946d1618383f136a069e5df79 |
| qt4-odbc-4.2.1-1.el5_7.1.ppc.rpm | MD5: 89c50bf5ec9cb8bd232736caca3686b1 SHA-256: 4324257fb65f17c380d60c19020c06bd939b7864380eaa64a40e7d9364ef4b3c |
| qt4-postgresql-4.2.1-1.el5_7.1.ppc.rpm | MD5: 3debacec90685ef1c62465b4c05e5db8 SHA-256: 9a0632191faf44039189d153f5f8b4726765af356e855fab4060c95c903d0e57 |
| qt4-sqlite-4.2.1-1.el5_7.1.ppc.rpm | MD5: 19b185512d8a73fc31f6794d9982e833 SHA-256: 7a205c322e2ab533cca60bc551547a4218bc5a377645e0d8f3780c20899e61a4 |
| s390x: | |
| qt4-4.2.1-1.el5_7.1.s390.rpm | MD5: 73b623e0a2ff5dc9d8fea610f213af20 SHA-256: fbacdb4f2d174bc8d75b3f331a90db1a4f828e7120cabf2a018bdf7bef6d3242 |
| qt4-4.2.1-1.el5_7.1.s390x.rpm | MD5: 69d89f942aee56e7a694d0579b2b86b5 SHA-256: 4b5f59539923a35f84a2b850e6997b1315061d2d129bdac09e550fa685ce7e38 |
| qt4-devel-4.2.1-1.el5_7.1.s390.rpm | MD5: 277c92e980594c8239bec8118bcaa754 SHA-256: 60f7b86c571544d3f146152ab4142df95837f85eefc0b8e2cd5b9bc8b3d27f0e |
| qt4-devel-4.2.1-1.el5_7.1.s390x.rpm | MD5: b78a18760ed8e918fd4cf44ae73d5206 SHA-256: bfa36e03c135e6f75ab79fabfba2bd6c3c2eb496b40da5410b275d179b95cd57 |
| qt4-doc-4.2.1-1.el5_7.1.s390x.rpm | MD5: f39f61f40b80e102b4aeb59816ce98bc SHA-256: 9c10b010f393c094aaf28ed4ce62d1c83a3a685a87e88a45e9cd19ced471f576 |
| qt4-mysql-4.2.1-1.el5_7.1.s390x.rpm | MD5: 31a5b3b51e45993ff000c8c4feec9480 SHA-256: 165b755439e2e7fe55ac0351b3076938db622673cbf7d53696411ea9d5362e4e |
| qt4-odbc-4.2.1-1.el5_7.1.s390x.rpm | MD5: e4e97d40cdd38a9458d1bfaa7e27ad83 SHA-256: e25975375bb19db6949bab85b94bbd1ddb37e271a84f8509f671f2bef43e4fce |
| qt4-postgresql-4.2.1-1.el5_7.1.s390x.rpm | MD5: 9d1e715dd67a81984a7adcafbc8c2cc0 SHA-256: 44c4a0dec1a5e897c5357a71a421bb3142f3298ebf868be9fbb7cfda6f3df90a |
| qt4-sqlite-4.2.1-1.el5_7.1.s390x.rpm | MD5: fe85a9b64fac7285979d647e9b7f594b SHA-256: eb45f63122041493df9af5d20e12784deaeb4223b3e8fa1fee9ba242e5605e82 |
| x86_64: | |
| qt4-4.2.1-1.el5_7.1.i386.rpm | MD5: 84174670d95b63931c75aede7b05ef9f SHA-256: 9d9f580ff6b5cd9fd2cb1a1a234c6ee67436f93ff89b5ce7f0a32bae441d15e2 |
| qt4-4.2.1-1.el5_7.1.x86_64.rpm | MD5: 245065a4deded9dc5341c0369b79ff90 SHA-256: 032e15409fe9df0da40ba8434fec561063c23e20322bb9211300e0630592db6d |
| qt4-devel-4.2.1-1.el5_7.1.i386.rpm | MD5: 008a30773beaa1ddba838605ae4c2227 SHA-256: 293cec387ccf4e3afe6d655beb8ad3d0cbadeae46a80907ac34f34abbdfb4933 |
| qt4-devel-4.2.1-1.el5_7.1.x86_64.rpm | MD5: c8146546e65013f59d3fa8aed40bca98 SHA-256: 96a1fe77864f4e7b752ca7745669d3bb08f18eee92dcffb57bf65306337d5ada |
| qt4-doc-4.2.1-1.el5_7.1.x86_64.rpm | MD5: 066d878e2acfd8d15a40901cf3257072 SHA-256: 95c69a4f7e30a12a503da6db40a4df049af0210226c6d8b209088149250a8d88 |
| qt4-mysql-4.2.1-1.el5_7.1.x86_64.rpm | MD5: ec38360855259ad7605ed123b0efb592 SHA-256: 7e0509b583ba94e2c8423ae1a163259bfef92f594f447b4c18a49e8bd692dd81 |
| qt4-odbc-4.2.1-1.el5_7.1.x86_64.rpm | MD5: 8f89c534dd9a822fe7902a7475b15eca SHA-256: 82200be35fa6046a2ec46076f9fae3548c2cb442165ba563e582648cb2bbcbeb |
| qt4-postgresql-4.2.1-1.el5_7.1.x86_64.rpm | MD5: 81c2469ee1aae0945feae027fa7571d4 SHA-256: 989689963a98802ab856e29018a11e47cf2434220f7a8ed862de89c54b367d93 |
| qt4-sqlite-4.2.1-1.el5_7.1.x86_64.rpm | MD5: 2b529dc296013ff9ae7de8e98d95bbc4 SHA-256: afdef5d8c23bcbb634549cc01eea568811ab6a9104c2e5c67405abe0e501c669 |
| Red Hat Enterprise Linux Desktop (v. 5 client) | |
| SRPMS: | |
| qt4-4.2.1-1.el5_7.1.src.rpm | MD5: e3088758d5f767383128937b87aab8f2 SHA-256: a9d1accb772b0d982b12033670e32017007eb2bc0ea34c9332077275aa0bc245 |
| IA-32: | |
| qt4-4.2.1-1.el5_7.1.i386.rpm | MD5: 84174670d95b63931c75aede7b05ef9f SHA-256: 9d9f580ff6b5cd9fd2cb1a1a234c6ee67436f93ff89b5ce7f0a32bae441d15e2 |
| qt4-doc-4.2.1-1.el5_7.1.i386.rpm | MD5: 0fa23710960b7c7f99878717855a5d16 SHA-256: df26a2bc8dcb3d0bb4a0b165199433a0ba3303232725131b04cfdb8ecdcffdaf |
| qt4-mysql-4.2.1-1.el5_7.1.i386.rpm | MD5: 2a07cfe4e2337c64314e37824cd16892 SHA-256: 01c12f0f1fdc36d5887e6096716e06bc6c0e7f173a3e9108815bedad0eaff3c7 |
| qt4-odbc-4.2.1-1.el5_7.1.i386.rpm | MD5: eed53158dfd74014ba993fc7209ec531 SHA-256: 69e18b14344ea640413b6eec766ffa802fe9f055ba62dc03538f13ad7d0e6e63 |
| qt4-postgresql-4.2.1-1.el5_7.1.i386.rpm | MD5: 00cbedca3e9ef8cc69ff00ad63499f10 SHA-256: 13dd215b84ce35cad6faee9e2af25c52a197b59436742fad2abc4c8a9cabeba6 |
| qt4-sqlite-4.2.1-1.el5_7.1.i386.rpm | MD5: 5ed8b10ed5aa864d54797f1b6cde0d56 SHA-256: 0e8448eef0fa3e93e5ead40a3f40a18070ba62b79908ef253f190438691ae0b7 |
| x86_64: | |
| qt4-4.2.1-1.el5_7.1.i386.rpm | MD5: 84174670d95b63931c75aede7b05ef9f SHA-256: 9d9f580ff6b5cd9fd2cb1a1a234c6ee67436f93ff89b5ce7f0a32bae441d15e2 |
| qt4-4.2.1-1.el5_7.1.x86_64.rpm | MD5: 245065a4deded9dc5341c0369b79ff90 SHA-256: 032e15409fe9df0da40ba8434fec561063c23e20322bb9211300e0630592db6d |
| qt4-doc-4.2.1-1.el5_7.1.x86_64.rpm | MD5: 066d878e2acfd8d15a40901cf3257072 SHA-256: 95c69a4f7e30a12a503da6db40a4df049af0210226c6d8b209088149250a8d88 |
| qt4-mysql-4.2.1-1.el5_7.1.x86_64.rpm | MD5: ec38360855259ad7605ed123b0efb592 SHA-256: 7e0509b583ba94e2c8423ae1a163259bfef92f594f447b4c18a49e8bd692dd81 |
| qt4-odbc-4.2.1-1.el5_7.1.x86_64.rpm | MD5: 8f89c534dd9a822fe7902a7475b15eca SHA-256: 82200be35fa6046a2ec46076f9fae3548c2cb442165ba563e582648cb2bbcbeb |
| qt4-postgresql-4.2.1-1.el5_7.1.x86_64.rpm | MD5: 81c2469ee1aae0945feae027fa7571d4 SHA-256: 989689963a98802ab856e29018a11e47cf2434220f7a8ed862de89c54b367d93 |
| qt4-sqlite-4.2.1-1.el5_7.1.x86_64.rpm | MD5: 2b529dc296013ff9ae7de8e98d95bbc4 SHA-256: afdef5d8c23bcbb634549cc01eea568811ab6a9104c2e5c67405abe0e501c669 |
| (The unlinked packages above are only available from the Red Hat Network) | |
Bugs fixed (see bugzilla for more information)
234633 - CVE-2007-0242 QT UTF8 improper character expansion
733118 - CVE-2011-3193 qt/harfbuzz buffer overflow
References
https://www.redhat.com/security/data/cve/CVE-2007-0242.html
https://www.redhat.com/security/data/cve/CVE-2011-3193.html
https://access.redhat.com/security/updates/classification/#moderate
https://www.redhat.com/security/data/cve/CVE-2011-3193.html
https://access.redhat.com/security/updates/classification/#moderate
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package
The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/
