Mandriva Linux Security Advisory - A number of format string flaws have been discovered in how Qt handled error messages by Dirk Mueller and Tracey Parry of Portcullis Computer Security. If an application linked against Qt created an error message from user-supplied data in a certain way, it could possibly lead to the execution of arbitrary code or a denial of service.
85b644841b5c6e804f9410d7ae0928ba5edd7a6d6ea5c121b9cee9ee70a9285c
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2007:151
https://www.mandriva.com/security/
_______________________________________________________________________
Package : qt3
Date : August 1, 2007
Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
A number of format string flaws have been discovered in how Qt handled
error messages by Dirk Mueller and Tracey Parry of Portcullis Computer
Security. If an application linked against Qt created an error
message from user-supplied data in a certain way, it could possibly
lead to the execution of arbitrary code or a denial of service.
This update provides packages which are patched to prevent these
issues.
_______________________________________________________________________
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3388
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
ce0be0c7f6a6e866476fbfd2e21ae98c 2007.0/i586/libdesignercore1-3.3.6-18.3mdv2007.0.i586.rpm
d1a44381c8f93f1b7c339f6984f7e89f 2007.0/i586/libeditor1-3.3.6-18.3mdv2007.0.i586.rpm
7b5d2c3dade2761d2cfda191b9b64007 2007.0/i586/libqassistantclient1-3.3.6-18.3mdv2007.0.i586.rpm
ef5c47cca08d8c61f49cc8f5079c9530 2007.0/i586/libqt3-3.3.6-18.3mdv2007.0.i586.rpm
1351e443eb632ae1353361960674df09 2007.0/i586/libqt3-devel-3.3.6-18.3mdv2007.0.i586.rpm
cdb6e25c831c6a80621fd1e2786a706a 2007.0/i586/libqt3-mysql-3.3.6-18.3mdv2007.0.i586.rpm
a4a03c9d3b4fb5b8bf7bbb698085b8f9 2007.0/i586/libqt3-odbc-3.3.6-18.3mdv2007.0.i586.rpm
7853e420094557482fb5258e14c8caa3 2007.0/i586/libqt3-psql-3.3.6-18.3mdv2007.0.i586.rpm
9260fc52f792e4eb3ae17edeeedad3f9 2007.0/i586/libqt3-sqlite-3.3.6-18.3mdv2007.0.i586.rpm
ad12f0dc6c5b6007c0fa326b2d853930 2007.0/i586/libqt3-static-devel-3.3.6-18.3mdv2007.0.i586.rpm
c109e982693cb1698287a80c493b3961 2007.0/i586/qt3-common-3.3.6-18.3mdv2007.0.i586.rpm
cfad56aa1c0ee5fd67d1e6c8090d1b6d 2007.0/i586/qt3-doc-3.3.6-18.3mdv2007.0.i586.rpm
0eccadc116d3918e43eb74600d60ad4f 2007.0/i586/qt3-example-3.3.6-18.3mdv2007.0.i586.rpm
2499a2bf3f69f77a4942a18068331ec4 2007.0/i586/qt3-tutorial-3.3.6-18.3mdv2007.0.i586.rpm
91aad72a3e393be4f71eacc89a304a4b 2007.0/SRPMS/qt3-3.3.6-18.3mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
457642358c8514efdf92558fc047edef 2007.0/x86_64/lib64designercore1-3.3.6-18.3mdv2007.0.x86_64.rpm
1f6eeb9a0669e741ab3a5990edf25cc6 2007.0/x86_64/lib64editor1-3.3.6-18.3mdv2007.0.x86_64.rpm
5e29145fdca5ab04e94f3c205a8703d0 2007.0/x86_64/lib64qassistantclient1-3.3.6-18.3mdv2007.0.x86_64.rpm
3e0231d5db209fbc5d991ba52c1b915a 2007.0/x86_64/lib64qt3-3.3.6-18.3mdv2007.0.x86_64.rpm
2fd65d9bf31ccacd31c28d30a1a4f107 2007.0/x86_64/lib64qt3-devel-3.3.6-18.3mdv2007.0.x86_64.rpm
aa14be509decd6fa57b367b97eb60adc 2007.0/x86_64/lib64qt3-mysql-3.3.6-18.3mdv2007.0.x86_64.rpm
e6ee67759c5781ed5968c9684fd812f4 2007.0/x86_64/lib64qt3-odbc-3.3.6-18.3mdv2007.0.x86_64.rpm
7a4c368159c8ffaeb1af1b84740afaf5 2007.0/x86_64/lib64qt3-psql-3.3.6-18.3mdv2007.0.x86_64.rpm
06d81033389e0295233b5798b5cdd8cb 2007.0/x86_64/lib64qt3-sqlite-3.3.6-18.3mdv2007.0.x86_64.rpm
18ce8b51725aaf658fe01f5e4ae8ac4f 2007.0/x86_64/lib64qt3-static-devel-3.3.6-18.3mdv2007.0.x86_64.rpm
6df81bd244102ae58fb02fe82959dacc 2007.0/x86_64/qt3-common-3.3.6-18.3mdv2007.0.x86_64.rpm
640ffac5c35d861992d78c35588d307c 2007.0/x86_64/qt3-doc-3.3.6-18.3mdv2007.0.x86_64.rpm
381fe2a406bde1148e70f806eec93dc6 2007.0/x86_64/qt3-example-3.3.6-18.3mdv2007.0.x86_64.rpm
a9cc3c67b4567a291c92289287d72109 2007.0/x86_64/qt3-tutorial-3.3.6-18.3mdv2007.0.x86_64.rpm
91aad72a3e393be4f71eacc89a304a4b 2007.0/SRPMS/qt3-3.3.6-18.3mdv2007.0.src.rpm
Mandriva Linux 2007.1:
f231e74f4430c2af2d98ceea4d8a10d6 2007.1/i586/libdesignercore1-3.3.8-4.1mdv2007.1.i586.rpm
a4ef440b08c6bdd01c623d45ef8bab58 2007.1/i586/libeditor1-3.3.8-4.1mdv2007.1.i586.rpm
eaa9762ebeef32cac2c05e98322e7ac4 2007.1/i586/libqassistantclient1-3.3.8-4.1mdv2007.1.i586.rpm
1daa2c536a539407c5d223365402609f 2007.1/i586/libqt3-3.3.8-4.1mdv2007.1.i586.rpm
a9e19c1bba726c8bfe292f794c037857 2007.1/i586/libqt3-devel-3.3.8-4.1mdv2007.1.i586.rpm
1a8907d6fd1b748bed29e14d968296fb 2007.1/i586/libqt3-mysql-3.3.8-4.1mdv2007.1.i586.rpm
a8cd79d1d0da5dd44720c37c305fd38d 2007.1/i586/libqt3-odbc-3.3.8-4.1mdv2007.1.i586.rpm
3728a43c435707c1cddc5d36da39ec40 2007.1/i586/libqt3-psql-3.3.8-4.1mdv2007.1.i586.rpm
7d6804a498f307e21a3c16de14733451 2007.1/i586/libqt3-sqlite-3.3.8-4.1mdv2007.1.i586.rpm
3c60a4e503adec67a80ad3b85a94f28c 2007.1/i586/libqt3-static-devel-3.3.8-4.1mdv2007.1.i586.rpm
b0cbefd80eb6ad6491455b5890fbd15d 2007.1/i586/qt3-common-3.3.8-4.1mdv2007.1.i586.rpm
e4151b1dd7fef834fe9ddfbf261a8663 2007.1/i586/qt3-doc-3.3.8-4.1mdv2007.1.i586.rpm
745512805d0b5d9dac89fdae8809c69e 2007.1/i586/qt3-example-3.3.8-4.1mdv2007.1.i586.rpm
04b08ed74120fba9407c776cdefd43ef 2007.1/i586/qt3-tutorial-3.3.8-4.1mdv2007.1.i586.rpm
35b2281563c76e4702848971a8eb6adf 2007.1/SRPMS/qt3-3.3.8-4.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
0f5eccb73f8d9ccd8ee2e15299500339 2007.1/x86_64/lib64designercore1-3.3.8-4.1mdv2007.1.x86_64.rpm
8b615c6a4dc8bf00ba5e501384d62497 2007.1/x86_64/lib64editor1-3.3.8-4.1mdv2007.1.x86_64.rpm
5fbb343226162f67558eac9681a1d3a7 2007.1/x86_64/lib64qassistantclient1-3.3.8-4.1mdv2007.1.x86_64.rpm
05658b8692701ff40fee19038823970f 2007.1/x86_64/lib64qt3-3.3.8-4.1mdv2007.1.x86_64.rpm
2a500d7589d2cb2a7339bdc85e309bfd 2007.1/x86_64/lib64qt3-devel-3.3.8-4.1mdv2007.1.x86_64.rpm
b8090f42b7224877ba1acdcc84438c7c 2007.1/x86_64/lib64qt3-mysql-3.3.8-4.1mdv2007.1.x86_64.rpm
5ee78ae3040a4a8820384cf719ecf671 2007.1/x86_64/lib64qt3-odbc-3.3.8-4.1mdv2007.1.x86_64.rpm
14241ab4fe05e87665820740ceb0fe7c 2007.1/x86_64/lib64qt3-psql-3.3.8-4.1mdv2007.1.x86_64.rpm
fa57b309216faa3e74b22461c11d7bb4 2007.1/x86_64/lib64qt3-sqlite-3.3.8-4.1mdv2007.1.x86_64.rpm
b4879b2f4f9ba825d3c0e03300f5770a 2007.1/x86_64/lib64qt3-static-devel-3.3.8-4.1mdv2007.1.x86_64.rpm
2567048cc93c595e9ba92831ab50f236 2007.1/x86_64/qt3-common-3.3.8-4.1mdv2007.1.x86_64.rpm
bc4dde47830027874ceed09a612f3b60 2007.1/x86_64/qt3-doc-3.3.8-4.1mdv2007.1.x86_64.rpm
00963b8232ad87bf525a44999b3b5fc8 2007.1/x86_64/qt3-example-3.3.8-4.1mdv2007.1.x86_64.rpm
95f6570b6d8f8c65c100b1967cc77e75 2007.1/x86_64/qt3-tutorial-3.3.8-4.1mdv2007.1.x86_64.rpm
35b2281563c76e4702848971a8eb6adf 2007.1/SRPMS/qt3-3.3.8-4.1mdv2007.1.src.rpm
Corporate 3.0:
1f7758f27c9c137754c3c8215e84c25a corporate/3.0/i586/libqt3-3.2.3-19.10.C30mdk.i586.rpm
6a903a7962492bd6c6e1bc257ab63660 corporate/3.0/i586/libqt3-devel-3.2.3-19.10.C30mdk.i586.rpm
bf1d05273e423e3d212aa56433c05a59 corporate/3.0/i586/libqt3-mysql-3.2.3-19.10.C30mdk.i586.rpm
47611eaf3ffcce4646b02da86194085a corporate/3.0/i586/libqt3-odbc-3.2.3-19.10.C30mdk.i586.rpm
b5aefe3cca08c409409e6856afc81cc9 corporate/3.0/i586/libqt3-psql-3.2.3-19.10.C30mdk.i586.rpm
d45e4a0f29a78e2438f9e35f2b20aff1 corporate/3.0/i586/qt3-common-3.2.3-19.10.C30mdk.i586.rpm
e8fb9ce91f15584b68f5e0595eb9eb2d corporate/3.0/i586/qt3-example-3.2.3-19.10.C30mdk.i586.rpm
066138bdd08ddacb04e374d0f0e2b629 corporate/3.0/SRPMS/qt3-3.2.3-19.10.C30mdk.src.rpm
Corporate 3.0/X86_64:
3dbe8ab3bcf717dc8c26d1866cbaf910 corporate/3.0/x86_64/lib64qt3-3.2.3-19.10.C30mdk.x86_64.rpm
1007fd1df9c8da4540dcd8f9a4a7c242 corporate/3.0/x86_64/lib64qt3-devel-3.2.3-19.10.C30mdk.x86_64.rpm
c5b948b0d327cb8e425c17e32a53cef7 corporate/3.0/x86_64/lib64qt3-mysql-3.2.3-19.10.C30mdk.x86_64.rpm
94606657665adcf18caf209154723b5a corporate/3.0/x86_64/lib64qt3-odbc-3.2.3-19.10.C30mdk.x86_64.rpm
2afa63aafcd40d2fb7407332d8c4f740 corporate/3.0/x86_64/lib64qt3-psql-3.2.3-19.10.C30mdk.x86_64.rpm
a5c11a462da1cc91950ee516c5d12c8e corporate/3.0/x86_64/qt3-common-3.2.3-19.10.C30mdk.x86_64.rpm
cf250128fcb3b2fd479a7d93a06ef4ef corporate/3.0/x86_64/qt3-example-3.2.3-19.10.C30mdk.x86_64.rpm
066138bdd08ddacb04e374d0f0e2b629 corporate/3.0/SRPMS/qt3-3.2.3-19.10.C30mdk.src.rpm
Corporate 4.0:
5785e1d82182fe9cd58cc6fa2a1bed9f corporate/4.0/i586/libdesignercore1-3.3.6-1.4.20060mlcs4.i586.rpm
0b362e1e68c178ec9724d23161b944d1 corporate/4.0/i586/libeditor1-3.3.6-1.4.20060mlcs4.i586.rpm
491b686f4260d6bc0a01dbaf0993dadf corporate/4.0/i586/libqassistantclient1-3.3.6-1.4.20060mlcs4.i586.rpm
52d1f4ed88e76298dc2fed78f5ae369f corporate/4.0/i586/libqt3-3.3.6-1.4.20060mlcs4.i586.rpm
6f064b92df7038c3808c8aee32e54e8b corporate/4.0/i586/libqt3-devel-3.3.6-1.4.20060mlcs4.i586.rpm
63b08845ca757bd283955aad38ba263d corporate/4.0/i586/libqt3-mysql-3.3.6-1.4.20060mlcs4.i586.rpm
19ae9f75833a9dac2aba655e5d341ae7 corporate/4.0/i586/libqt3-odbc-3.3.6-1.4.20060mlcs4.i586.rpm
8e245edddf113347e2ede4663f3369e6 corporate/4.0/i586/libqt3-psql-3.3.6-1.4.20060mlcs4.i586.rpm
e4b61a1a6cd1bcf5a230d1f86b7fc431 corporate/4.0/i586/libqt3-sqlite-3.3.6-1.4.20060mlcs4.i586.rpm
409ea3057318a5ab1cb180631df49807 corporate/4.0/i586/libqt3-static-devel-3.3.6-1.4.20060mlcs4.i586.rpm
b58a7ea2af37c318bd131ca981e03fec corporate/4.0/i586/qt3-common-3.3.6-1.4.20060mlcs4.i586.rpm
1f318bd8e121220c80b7a1d5bc37c6de corporate/4.0/i586/qt3-doc-3.3.6-1.4.20060mlcs4.i586.rpm
5c7134a448ed342756e1c7a31ec9d16a corporate/4.0/i586/qt3-example-3.3.6-1.4.20060mlcs4.i586.rpm
ede113df279e7f30256c1884d0e7a045 corporate/4.0/i586/qt3-tutorial-3.3.6-1.4.20060mlcs4.i586.rpm
1c624f6ef074be3be0ef1809f980b672 corporate/4.0/SRPMS/qt3-3.3.6-1.4.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
085733e867577d48884ba41eb55d992d corporate/4.0/x86_64/lib64designercore1-3.3.6-1.4.20060mlcs4.x86_64.rpm
57d03fc3d53110b64a19b0093c5cc6bb corporate/4.0/x86_64/lib64editor1-3.3.6-1.4.20060mlcs4.x86_64.rpm
b6662f742d74a63a91afbd69dd6f0ad3 corporate/4.0/x86_64/lib64qassistantclient1-3.3.6-1.4.20060mlcs4.x86_64.rpm
7bb37136dae3066d8e9c3a0cbe9a5061 corporate/4.0/x86_64/lib64qt3-3.3.6-1.4.20060mlcs4.x86_64.rpm
adb51caf14d5447741d4fc2a0632c722 corporate/4.0/x86_64/lib64qt3-devel-3.3.6-1.4.20060mlcs4.x86_64.rpm
2bd0c78e38250190a985abacc71406a8 corporate/4.0/x86_64/lib64qt3-mysql-3.3.6-1.4.20060mlcs4.x86_64.rpm
33ea7ac074afee9fe41d598b1d97e37c corporate/4.0/x86_64/lib64qt3-odbc-3.3.6-1.4.20060mlcs4.x86_64.rpm
659324555edd0e0bf30a4ca3bbd9ed14 corporate/4.0/x86_64/lib64qt3-psql-3.3.6-1.4.20060mlcs4.x86_64.rpm
55e4fa13fc3dc171f3d57d120ed5ca17 corporate/4.0/x86_64/lib64qt3-sqlite-3.3.6-1.4.20060mlcs4.x86_64.rpm
0fc343147af499022f61f2fbab5f7d03 corporate/4.0/x86_64/lib64qt3-static-devel-3.3.6-1.4.20060mlcs4.x86_64.rpm
1e3892f62ba3b6d69def7ef9e3bbbe24 corporate/4.0/x86_64/qt3-common-3.3.6-1.4.20060mlcs4.x86_64.rpm
7afeabcc5424b2f30fbff0e57e384421 corporate/4.0/x86_64/qt3-doc-3.3.6-1.4.20060mlcs4.x86_64.rpm
c91eccce209509a7dc5155866a9d63cb corporate/4.0/x86_64/qt3-example-3.3.6-1.4.20060mlcs4.x86_64.rpm
f6d6744eb8ac82c728458bca0b22834f corporate/4.0/x86_64/qt3-tutorial-3.3.6-1.4.20060mlcs4.x86_64.rpm
1c624f6ef074be3be0ef1809f980b672 corporate/4.0/SRPMS/qt3-3.3.6-1.4.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
https://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGsNXWmqjQ0CJFipgRAlFoAJ415aGJHr7UsILJ30TbecAKVm0OyACfSwf9
x6TncnS8p9nwC+bj83S1GRI=
=nYwu
-----END PGP SIGNATURE-----