Skip to navigation

Security Advisory Moderate: qt4 security update

Advisory: RHSA-2011:1324-1
Type: Security Advisory
Severity: Moderate
Issued on: 2011-09-21
Last updated on: 2011-09-21
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2007-0242
CVE-2011-3193

Details

Updated qt4 packages that fix two security issues are now available for Red
Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Qt 4 is a software toolkit that simplifies the task of writing and
maintaining GUI (Graphical User Interface) applications for the X Window
System. HarfBuzz is an OpenType text shaping engine.

A flaw in the way Qt 4 expanded certain UTF-8 characters could be used to
prevent a Qt 4 based application from properly sanitizing user input.
Depending on the application, this could allow an attacker to perform
directory traversal, or for web applications, a cross-site scripting (XSS)
attack. (CVE-2007-0242)

A buffer overflow flaw was found in the harfbuzz module in Qt 4. If a user
loaded a specially-crafted font file with an application linked against Qt
4, it could cause the application to crash or, possibly, execute arbitrary
code with the privileges of the user running the application.
(CVE-2011-3193)

Users of Qt 4 should upgrade to these updated packages, which contain
backported patches to correct these issues. All running applications linked
against Qt 4 libraries must be restarted for this update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
qt4-4.2.1-1.el5_7.1.src.rpm     MD5: e3088758d5f767383128937b87aab8f2
SHA-256: a9d1accb772b0d982b12033670e32017007eb2bc0ea34c9332077275aa0bc245
 
IA-32:
qt4-devel-4.2.1-1.el5_7.1.i386.rpm     MD5: 008a30773beaa1ddba838605ae4c2227
SHA-256: 293cec387ccf4e3afe6d655beb8ad3d0cbadeae46a80907ac34f34abbdfb4933
 
x86_64:
qt4-devel-4.2.1-1.el5_7.1.i386.rpm     MD5: 008a30773beaa1ddba838605ae4c2227
SHA-256: 293cec387ccf4e3afe6d655beb8ad3d0cbadeae46a80907ac34f34abbdfb4933
qt4-devel-4.2.1-1.el5_7.1.x86_64.rpm     MD5: c8146546e65013f59d3fa8aed40bca98
SHA-256: 96a1fe77864f4e7b752ca7745669d3bb08f18eee92dcffb57bf65306337d5ada
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
qt4-4.2.1-1.el5_7.1.src.rpm     MD5: e3088758d5f767383128937b87aab8f2
SHA-256: a9d1accb772b0d982b12033670e32017007eb2bc0ea34c9332077275aa0bc245
 
IA-32:
qt4-4.2.1-1.el5_7.1.i386.rpm     MD5: 84174670d95b63931c75aede7b05ef9f
SHA-256: 9d9f580ff6b5cd9fd2cb1a1a234c6ee67436f93ff89b5ce7f0a32bae441d15e2
qt4-devel-4.2.1-1.el5_7.1.i386.rpm     MD5: 008a30773beaa1ddba838605ae4c2227
SHA-256: 293cec387ccf4e3afe6d655beb8ad3d0cbadeae46a80907ac34f34abbdfb4933
qt4-doc-4.2.1-1.el5_7.1.i386.rpm     MD5: 0fa23710960b7c7f99878717855a5d16
SHA-256: df26a2bc8dcb3d0bb4a0b165199433a0ba3303232725131b04cfdb8ecdcffdaf
qt4-mysql-4.2.1-1.el5_7.1.i386.rpm     MD5: 2a07cfe4e2337c64314e37824cd16892
SHA-256: 01c12f0f1fdc36d5887e6096716e06bc6c0e7f173a3e9108815bedad0eaff3c7
qt4-odbc-4.2.1-1.el5_7.1.i386.rpm     MD5: eed53158dfd74014ba993fc7209ec531
SHA-256: 69e18b14344ea640413b6eec766ffa802fe9f055ba62dc03538f13ad7d0e6e63
qt4-postgresql-4.2.1-1.el5_7.1.i386.rpm     MD5: 00cbedca3e9ef8cc69ff00ad63499f10
SHA-256: 13dd215b84ce35cad6faee9e2af25c52a197b59436742fad2abc4c8a9cabeba6
qt4-sqlite-4.2.1-1.el5_7.1.i386.rpm     MD5: 5ed8b10ed5aa864d54797f1b6cde0d56
SHA-256: 0e8448eef0fa3e93e5ead40a3f40a18070ba62b79908ef253f190438691ae0b7
 
IA-64:
qt4-4.2.1-1.el5_7.1.ia64.rpm     MD5: cabe5a853d13ae057f5726786896470f
SHA-256: 787a18cf5db2a8d476130c74c530ca5c28c9ba54b2a360c9badfbd8218f5b38b
qt4-devel-4.2.1-1.el5_7.1.ia64.rpm     MD5: c279353bf778c2a8916765a596c4d758
SHA-256: e8d9d54999cd851b59aab9f771fbd46363f20a59c28427f00f82ab6ff38ae061
qt4-doc-4.2.1-1.el5_7.1.ia64.rpm     MD5: 81f6f46f45f02d7905b64dc39b3eba75
SHA-256: 989be555c04cc97c55628e0750efc944673739f58c132058c97f63a73747af5b
qt4-mysql-4.2.1-1.el5_7.1.ia64.rpm     MD5: c9bd1b768126a8514914fd23af3464d4
SHA-256: 4a98b55b21cc80b560bf25bd86afbd55396c533adcef43154e6d0179fa2c783e
qt4-odbc-4.2.1-1.el5_7.1.ia64.rpm     MD5: 78f8f32ca18f509ba0999404a960b092
SHA-256: a7c3b4979f9f51a3f0d90179ef49fb25625fb3b8d294c89bc230043b2cbb685a
qt4-postgresql-4.2.1-1.el5_7.1.ia64.rpm     MD5: 865b1d799d59bbebc0daced0c7ab3279
SHA-256: 0de6ca910f63c12b0116821159e5973b78de85f54745a507b3f2926b5b41f0ef
qt4-sqlite-4.2.1-1.el5_7.1.ia64.rpm     MD5: 900287afa4a48e43aa806c6be4e2ebc9
SHA-256: f811899174933c0118337f48f7763a0a1660fad741cc1169b0f9f000187e4d1d
 
PPC:
qt4-4.2.1-1.el5_7.1.ppc.rpm     MD5: 979ce4f11843bb0318ffeaf2b3ef3dca
SHA-256: 46fa8334064ae777bc88cd4ebd5059b1ad17313d5fd07a49c781c198ac96bee2
qt4-4.2.1-1.el5_7.1.ppc64.rpm     MD5: 3ffe94717de31cd02a784232704b4f9c
SHA-256: 0fb6f1ed2c9fb6af61987cafa196d8d834421a5de3281a5cf0336e9827670414
qt4-devel-4.2.1-1.el5_7.1.ppc.rpm     MD5: edc07f00689336aacb0340d6b7e48d75
SHA-256: 81de954dcf6d08d1c353c4f15ea8a6495e48220b84c051c418a399db8ba4297c
qt4-devel-4.2.1-1.el5_7.1.ppc64.rpm     MD5: d3151433b4ade5eca553c62471c97a3e
SHA-256: a4be93bc996c08a38d2a45aa03d726c20fd489333cb1a4e0ec18d9612e7d4cd5
qt4-doc-4.2.1-1.el5_7.1.ppc.rpm     MD5: c8778a2e014a0241cf4ef87231cc3403
SHA-256: 465becfc6609d3caef10edd5a4ee90d5d4c4e8db23ac9ee20d0afd8d3f01ffaa
qt4-mysql-4.2.1-1.el5_7.1.ppc.rpm     MD5: f85d9cb38e36a6b935345b577a861be5
SHA-256: e2f75f12a4efd389a94ebd6aeb4eb4237c3713b946d1618383f136a069e5df79
qt4-odbc-4.2.1-1.el5_7.1.ppc.rpm     MD5: 89c50bf5ec9cb8bd232736caca3686b1
SHA-256: 4324257fb65f17c380d60c19020c06bd939b7864380eaa64a40e7d9364ef4b3c
qt4-postgresql-4.2.1-1.el5_7.1.ppc.rpm     MD5: 3debacec90685ef1c62465b4c05e5db8
SHA-256: 9a0632191faf44039189d153f5f8b4726765af356e855fab4060c95c903d0e57
qt4-sqlite-4.2.1-1.el5_7.1.ppc.rpm     MD5: 19b185512d8a73fc31f6794d9982e833
SHA-256: 7a205c322e2ab533cca60bc551547a4218bc5a377645e0d8f3780c20899e61a4
 
s390x:
qt4-4.2.1-1.el5_7.1.s390.rpm     MD5: 73b623e0a2ff5dc9d8fea610f213af20
SHA-256: fbacdb4f2d174bc8d75b3f331a90db1a4f828e7120cabf2a018bdf7bef6d3242
qt4-4.2.1-1.el5_7.1.s390x.rpm     MD5: 69d89f942aee56e7a694d0579b2b86b5
SHA-256: 4b5f59539923a35f84a2b850e6997b1315061d2d129bdac09e550fa685ce7e38
qt4-devel-4.2.1-1.el5_7.1.s390.rpm     MD5: 277c92e980594c8239bec8118bcaa754
SHA-256: 60f7b86c571544d3f146152ab4142df95837f85eefc0b8e2cd5b9bc8b3d27f0e
qt4-devel-4.2.1-1.el5_7.1.s390x.rpm     MD5: b78a18760ed8e918fd4cf44ae73d5206
SHA-256: bfa36e03c135e6f75ab79fabfba2bd6c3c2eb496b40da5410b275d179b95cd57
qt4-doc-4.2.1-1.el5_7.1.s390x.rpm     MD5: f39f61f40b80e102b4aeb59816ce98bc
SHA-256: 9c10b010f393c094aaf28ed4ce62d1c83a3a685a87e88a45e9cd19ced471f576
qt4-mysql-4.2.1-1.el5_7.1.s390x.rpm     MD5: 31a5b3b51e45993ff000c8c4feec9480
SHA-256: 165b755439e2e7fe55ac0351b3076938db622673cbf7d53696411ea9d5362e4e
qt4-odbc-4.2.1-1.el5_7.1.s390x.rpm     MD5: e4e97d40cdd38a9458d1bfaa7e27ad83
SHA-256: e25975375bb19db6949bab85b94bbd1ddb37e271a84f8509f671f2bef43e4fce
qt4-postgresql-4.2.1-1.el5_7.1.s390x.rpm     MD5: 9d1e715dd67a81984a7adcafbc8c2cc0
SHA-256: 44c4a0dec1a5e897c5357a71a421bb3142f3298ebf868be9fbb7cfda6f3df90a
qt4-sqlite-4.2.1-1.el5_7.1.s390x.rpm     MD5: fe85a9b64fac7285979d647e9b7f594b
SHA-256: eb45f63122041493df9af5d20e12784deaeb4223b3e8fa1fee9ba242e5605e82
 
x86_64:
qt4-4.2.1-1.el5_7.1.i386.rpm     MD5: 84174670d95b63931c75aede7b05ef9f
SHA-256: 9d9f580ff6b5cd9fd2cb1a1a234c6ee67436f93ff89b5ce7f0a32bae441d15e2
qt4-4.2.1-1.el5_7.1.x86_64.rpm     MD5: 245065a4deded9dc5341c0369b79ff90
SHA-256: 032e15409fe9df0da40ba8434fec561063c23e20322bb9211300e0630592db6d
qt4-devel-4.2.1-1.el5_7.1.i386.rpm     MD5: 008a30773beaa1ddba838605ae4c2227
SHA-256: 293cec387ccf4e3afe6d655beb8ad3d0cbadeae46a80907ac34f34abbdfb4933
qt4-devel-4.2.1-1.el5_7.1.x86_64.rpm     MD5: c8146546e65013f59d3fa8aed40bca98
SHA-256: 96a1fe77864f4e7b752ca7745669d3bb08f18eee92dcffb57bf65306337d5ada
qt4-doc-4.2.1-1.el5_7.1.x86_64.rpm     MD5: 066d878e2acfd8d15a40901cf3257072
SHA-256: 95c69a4f7e30a12a503da6db40a4df049af0210226c6d8b209088149250a8d88
qt4-mysql-4.2.1-1.el5_7.1.x86_64.rpm     MD5: ec38360855259ad7605ed123b0efb592
SHA-256: 7e0509b583ba94e2c8423ae1a163259bfef92f594f447b4c18a49e8bd692dd81
qt4-odbc-4.2.1-1.el5_7.1.x86_64.rpm     MD5: 8f89c534dd9a822fe7902a7475b15eca
SHA-256: 82200be35fa6046a2ec46076f9fae3548c2cb442165ba563e582648cb2bbcbeb
qt4-postgresql-4.2.1-1.el5_7.1.x86_64.rpm     MD5: 81c2469ee1aae0945feae027fa7571d4
SHA-256: 989689963a98802ab856e29018a11e47cf2434220f7a8ed862de89c54b367d93
qt4-sqlite-4.2.1-1.el5_7.1.x86_64.rpm     MD5: 2b529dc296013ff9ae7de8e98d95bbc4
SHA-256: afdef5d8c23bcbb634549cc01eea568811ab6a9104c2e5c67405abe0e501c669
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
qt4-4.2.1-1.el5_7.1.src.rpm     MD5: e3088758d5f767383128937b87aab8f2
SHA-256: a9d1accb772b0d982b12033670e32017007eb2bc0ea34c9332077275aa0bc245
 
IA-32:
qt4-4.2.1-1.el5_7.1.i386.rpm     MD5: 84174670d95b63931c75aede7b05ef9f
SHA-256: 9d9f580ff6b5cd9fd2cb1a1a234c6ee67436f93ff89b5ce7f0a32bae441d15e2
qt4-doc-4.2.1-1.el5_7.1.i386.rpm     MD5: 0fa23710960b7c7f99878717855a5d16
SHA-256: df26a2bc8dcb3d0bb4a0b165199433a0ba3303232725131b04cfdb8ecdcffdaf
qt4-mysql-4.2.1-1.el5_7.1.i386.rpm     MD5: 2a07cfe4e2337c64314e37824cd16892
SHA-256: 01c12f0f1fdc36d5887e6096716e06bc6c0e7f173a3e9108815bedad0eaff3c7
qt4-odbc-4.2.1-1.el5_7.1.i386.rpm     MD5: eed53158dfd74014ba993fc7209ec531
SHA-256: 69e18b14344ea640413b6eec766ffa802fe9f055ba62dc03538f13ad7d0e6e63
qt4-postgresql-4.2.1-1.el5_7.1.i386.rpm     MD5: 00cbedca3e9ef8cc69ff00ad63499f10
SHA-256: 13dd215b84ce35cad6faee9e2af25c52a197b59436742fad2abc4c8a9cabeba6
qt4-sqlite-4.2.1-1.el5_7.1.i386.rpm     MD5: 5ed8b10ed5aa864d54797f1b6cde0d56
SHA-256: 0e8448eef0fa3e93e5ead40a3f40a18070ba62b79908ef253f190438691ae0b7
 
x86_64:
qt4-4.2.1-1.el5_7.1.i386.rpm     MD5: 84174670d95b63931c75aede7b05ef9f
SHA-256: 9d9f580ff6b5cd9fd2cb1a1a234c6ee67436f93ff89b5ce7f0a32bae441d15e2
qt4-4.2.1-1.el5_7.1.x86_64.rpm     MD5: 245065a4deded9dc5341c0369b79ff90
SHA-256: 032e15409fe9df0da40ba8434fec561063c23e20322bb9211300e0630592db6d
qt4-doc-4.2.1-1.el5_7.1.x86_64.rpm     MD5: 066d878e2acfd8d15a40901cf3257072
SHA-256: 95c69a4f7e30a12a503da6db40a4df049af0210226c6d8b209088149250a8d88
qt4-mysql-4.2.1-1.el5_7.1.x86_64.rpm     MD5: ec38360855259ad7605ed123b0efb592
SHA-256: 7e0509b583ba94e2c8423ae1a163259bfef92f594f447b4c18a49e8bd692dd81
qt4-odbc-4.2.1-1.el5_7.1.x86_64.rpm     MD5: 8f89c534dd9a822fe7902a7475b15eca
SHA-256: 82200be35fa6046a2ec46076f9fae3548c2cb442165ba563e582648cb2bbcbeb
qt4-postgresql-4.2.1-1.el5_7.1.x86_64.rpm     MD5: 81c2469ee1aae0945feae027fa7571d4
SHA-256: 989689963a98802ab856e29018a11e47cf2434220f7a8ed862de89c54b367d93
qt4-sqlite-4.2.1-1.el5_7.1.x86_64.rpm     MD5: 2b529dc296013ff9ae7de8e98d95bbc4
SHA-256: afdef5d8c23bcbb634549cc01eea568811ab6a9104c2e5c67405abe0e501c669
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

234633 - CVE-2007-0242 QT UTF8 improper character expansion
733118 - CVE-2011-3193 qt/harfbuzz buffer overflow


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/