Advisories | Mandriva

Package name	qt4
Date	April 3rd, 2007
Advisory ID	MDKSA-2007:075
Affected versions	2007.0

Problem Description

Andreas Nolden discover a bug in qt4, where the UTF8 decoder does
not reject overlong sequences, which can cause '/../' injection or
(in the case of konqueror) a '<script>' tag injection.

Updated packages have been patched to address this issue.

Updated Packages

Mandriva Linux 2007

 d054529b274819f32fe9326d36a578b8  2007.0/i586/libqassistant1-4.1.4-12.2mdv2007.0.i586.rpm
 e10a4eca27dadcce177f7680e77d8652  2007.0/i586/libqt3support4-4.1.4-12.2mdv2007.0.i586.rpm
 21c777dedde542827124d95c2b01ff82  2007.0/i586/libqt4-devel-4.1.4-12.2mdv2007.0.i586.rpm
 3b3dc84ac4723988371b0c8ca5c1021c  2007.0/i586/libqtcore4-4.1.4-12.2mdv2007.0.i586.rpm
 452215c9b6cd44c3fe4a90ce0c9be903  2007.0/i586/libqtdesigner1-4.1.4-12.2mdv2007.0.i586.rpm
 f8949857c7586325df1d99448a5e64af  2007.0/i586/libqtgui4-4.1.4-12.2mdv2007.0.i586.rpm
 2d7c2686d61759af02f2f61867e3b543  2007.0/i586/libqtnetwork4-4.1.4-12.2mdv2007.0.i586.rpm
 2536e814b97db94bbc59e5e3d9bdf3a6  2007.0/i586/libqtopengl4-4.1.4-12.2mdv2007.0.i586.rpm
 6dfbbf8ff4b10c24a59a4e6fb96dd581  2007.0/i586/libqtsql4-4.1.4-12.2mdv2007.0.i586.rpm
 7d25c0af73fd8ab1db42ece2d26381a0  2007.0/i586/libqtsvg4-4.1.4-12.2mdv2007.0.i586.rpm
 4e01c0ea12f75d4ac61f329af33c7d50  2007.0/i586/libqttest4-4.1.4-12.2mdv2007.0.i586.rpm
 70d0108857206b2cd13d52c48c765446  2007.0/i586/libqtuitools4-4.1.4-12.2mdv2007.0.i586.rpm
 82ad39ca0fa128a6a34b9705aab1cc3f  2007.0/i586/libqtxml4-4.1.4-12.2mdv2007.0.i586.rpm
 775be8dafd268b4ff4b57e2fc6cdc0ad  2007.0/i586/qt4-accessibility-plugin-lib-4.1.4-12.2mdv2007.0.i586.rpm
 f541894c5229c2f41d0a8a3a08676c31  2007.0/i586/qt4-assistant-4.1.4-12.2mdv2007.0.i586.rpm
 5a135d20afbdfaacbc0e75e3709695fc  2007.0/i586/qt4-common-4.1.4-12.2mdv2007.0.i586.rpm
 11fcd8ccdccc905d462ead19a641cc68  2007.0/i586/qt4-database-plugin-mysql-lib-4.1.4-12.2mdv2007.0.i586.rpm
 4a2f5b0b718dc06fe427a4a72f598dbe  2007.0/i586/qt4-database-plugin-odbc-lib-4.1.4-12.2mdv2007.0.i586.rpm
 609899eab0f4bf81e81e36da6388ea3f  2007.0/i586/qt4-database-plugin-pgsql-lib-4.1.4-12.2mdv2007.0.i586.rpm
 7bca2e164d9dd353e728e4f08007641f  2007.0/i586/qt4-database-plugin-sqlite-lib-4.1.4-12.2mdv2007.0.i586.rpm
 efe296e5b144dc2f6bb0f0a4af0ded51  2007.0/i586/qt4-designer-4.1.4-12.2mdv2007.0.i586.rpm
 28e6ab0e23f15b688cdee854ddeaad07  2007.0/i586/qt4-doc-4.1.4-12.2mdv2007.0.i586.rpm
 3c928ca99dc461342fb006d66980a71a  2007.0/i586/qt4-examples-4.1.4-12.2mdv2007.0.i586.rpm
 2391840318fc7cfd8fff04e383e11406  2007.0/i586/qt4-linguist-4.1.4-12.2mdv2007.0.i586.rpm
 625803653ad2a340c2835bebbed02543  2007.0/i586/qt4-tutorial-4.1.4-12.2mdv2007.0.i586.rpm 
 6ee0a42b2108f0a8ad736b267a7affea  2007.0/SRPMS/qt4-4.1.4-12.2mdv2007.0.src.rpm

Mandriva Linux 2007/X86_64

 55dff7e7ccc806011957eb46e5666932  2007.0/x86_64/lib64qassistant1-4.1.4-12.2mdv2007.0.x86_64.rpm
 8c1bfc2389e3014a5c5c4a37dfd8b788  2007.0/x86_64/lib64qt3support4-4.1.4-12.2mdv2007.0.x86_64.rpm
 94545bcbd4484ccfc55aa9293df3cf55  2007.0/x86_64/lib64qt4-devel-4.1.4-12.2mdv2007.0.x86_64.rpm
 7994880bd5ee8b31a9c586669e77d156  2007.0/x86_64/lib64qtcore4-4.1.4-12.2mdv2007.0.x86_64.rpm
 40593e39f4550446e49893bc8c6f498e  2007.0/x86_64/lib64qtdesigner1-4.1.4-12.2mdv2007.0.x86_64.rpm
 f4fcbfae9c0f24bfb0621025dd0b09f6  2007.0/x86_64/lib64qtgui4-4.1.4-12.2mdv2007.0.x86_64.rpm
 1f52ada8165f7bb457fe74b6c35e7630  2007.0/x86_64/lib64qtnetwork4-4.1.4-12.2mdv2007.0.x86_64.rpm
 31dbb4d98ea1d4a985ed73e6c7b12c92  2007.0/x86_64/lib64qtopengl4-4.1.4-12.2mdv2007.0.x86_64.rpm
 156a8ae2d401b0cddf12fdffc38f5dc5  2007.0/x86_64/lib64qtsql4-4.1.4-12.2mdv2007.0.x86_64.rpm
 895ad7e290d98efbd8e83cc1b660b115  2007.0/x86_64/lib64qtsvg4-4.1.4-12.2mdv2007.0.x86_64.rpm
 ba5e3c4480b44ef1b5af2cf0240c2b01  2007.0/x86_64/lib64qttest4-4.1.4-12.2mdv2007.0.x86_64.rpm
 d6daaabf97959d85a94890ffc2cbb633  2007.0/x86_64/lib64qtuitools4-4.1.4-12.2mdv2007.0.x86_64.rpm
 b9102cfeb67eb8033e9006b17e8c7774  2007.0/x86_64/lib64qtxml4-4.1.4-12.2mdv2007.0.x86_64.rpm
 f1821ce484b6d4eae4f58b501a36ebf6  2007.0/x86_64/qt4-accessibility-plugin-lib64-4.1.4-12.2mdv2007.0.x86_64.rpm
 ac219d13d2dea0ba591769379f22250d  2007.0/x86_64/qt4-assistant-4.1.4-12.2mdv2007.0.x86_64.rpm
 35ab73423a4cc16d062e895666464bcc  2007.0/x86_64/qt4-common-4.1.4-12.2mdv2007.0.x86_64.rpm
 c26ab910886d41510638e2e609c2fccb  2007.0/x86_64/qt4-database-plugin-mysql-lib64-4.1.4-12.2mdv2007.0.x86_64.rpm
 ffb64edfdd80070661ce99a293eda5be  2007.0/x86_64/qt4-database-plugin-odbc-lib64-4.1.4-12.2mdv2007.0.x86_64.rpm
 5da413e0ffa00b38b6347325ee3bfb9a  2007.0/x86_64/qt4-database-plugin-pgsql-lib64-4.1.4-12.2mdv2007.0.x86_64.rpm
 b682ff6f82675464144692d4e6f04ff3  2007.0/x86_64/qt4-database-plugin-sqlite-lib64-4.1.4-12.2mdv2007.0.x86_64.rpm
 5bec9e7eba4a1ac3621603d6d59304bc  2007.0/x86_64/qt4-designer-4.1.4-12.2mdv2007.0.x86_64.rpm
 aa12bf92b19fa8f4cb97c9b54bd8237a  2007.0/x86_64/qt4-doc-4.1.4-12.2mdv2007.0.x86_64.rpm
 41483d26fc809ca92051d3c1bed14721  2007.0/x86_64/qt4-examples-4.1.4-12.2mdv2007.0.x86_64.rpm
 1cfb20cc55756ffc03502b9a60403617  2007.0/x86_64/qt4-linguist-4.1.4-12.2mdv2007.0.x86_64.rpm
 7df68fbcccd37f4d8f7a177977bbeea0  2007.0/x86_64/qt4-tutorial-4.1.4-12.2mdv2007.0.x86_64.rpm 
 6ee0a42b2108f0a8ad736b267a7affea  2007.0/SRPMS/qt4-4.1.4-12.2mdv2007.0.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0242

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

		rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.