Bulletin d'alerte Debian

DSA-542-1 qt -- Entrée non assainie

Date du rapport:

30 août 2004

Paquets concernés:

Vulnérabilité:

Oui

Références dans la base de données de sécurité:

Dans le système de suivi des bogues Debian : Bogue 267092.
Dans le dictionnaire CVE du Mitre : CVE-2004-0691, CVE-2004-0692, CVE-2004-0693.

Pour plus d'information:

Plusieurs failles de sécurité ont été découvertes dans les versions récentes de Qt, un jeu répandu de widgets graphiques, utilisé dans KDE par exemple. Le premier souci permet à un attaquant d'exécuter n'importe quel code, alors que les deux autres semblent causer un déni de service. Le projet Common Vulnerabilities and Exposures identifie les failles de sécurité suivantes :

CAN-2004-0691:
Chris Evans a découvert un dépassement de pile mémoire en gérant les fichiers BMP encodés en 8 bits.
CAN-2004-0692:
Marcus Meissner a découvert une condition de plantage dans le code de gestion XPM, qui n'est pas encore corrigée dans Qt 3.3.
CAN-2004-0693:
Marcus Meissner a découvert une condition de plantage dans le code de gestion GIF, qui n'est pas encore corrigée dans Qt 3.3.

Pour la distribution stable (Woody), ces problèmes ont été corrigés dans la version 3.0.3-20020329-1woody2.

Pour la distribution instable (Sid), ces problèmes ont été corrigés dans la version 3.3.3-4 de qt-x11-free.

Nous vous recommandons de mettre à jour vos paquets qt.

Corrigé dans:

Debian GNU/Linux 3.0 (woody)

Source :: http://security.debian.org/pool/updates/main/q/qt-copy/qt-copy_3.0.3-20020329-1woody2.dsc; http://security.debian.org/pool/updates/main/q/qt-copy/qt-copy_3.0.3-20020329-1woody2.diff.gz; http://security.debian.org/pool/updates/main/q/qt-copy/qt-copy_3.0.3-20020329.orig.tar.gz
Composant indépendant de l'architecture :: http://security.debian.org/pool/updates/main/q/qt-copy/qt3-doc_3.0.3-20020329-1woody2_all.deb
Alpha:: http://security.debian.org/pool/updates/main/q/qt-copy/libqt3_3.0.3-20020329-1woody2_alpha.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-dev_3.0.3-20020329-1woody2_alpha.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt_3.0.3-20020329-1woody2_alpha.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-dev_3.0.3-20020329-1woody2_alpha.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-mysql_3.0.3-20020329-1woody2_alpha.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-odbc_3.0.3-20020329-1woody2_alpha.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mysql_3.0.3-20020329-1woody2_alpha.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-odbc_3.0.3-20020329-1woody2_alpha.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqxt0_3.0.3-20020329-1woody2_alpha.deb; http://security.debian.org/pool/updates/main/q/qt-copy/qt3-tools_3.0.3-20020329-1woody2_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/q/qt-copy/libqt3_3.0.3-20020329-1woody2_arm.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-dev_3.0.3-20020329-1woody2_arm.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt_3.0.3-20020329-1woody2_arm.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-dev_3.0.3-20020329-1woody2_arm.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-mysql_3.0.3-20020329-1woody2_arm.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-odbc_3.0.3-20020329-1woody2_arm.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mysql_3.0.3-20020329-1woody2_arm.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-odbc_3.0.3-20020329-1woody2_arm.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqxt0_3.0.3-20020329-1woody2_arm.deb; http://security.debian.org/pool/updates/main/q/qt-copy/qt3-tools_3.0.3-20020329-1woody2_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/q/qt-copy/libqt3_3.0.3-20020329-1woody2_i386.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-dev_3.0.3-20020329-1woody2_i386.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt_3.0.3-20020329-1woody2_i386.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-dev_3.0.3-20020329-1woody2_i386.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-mysql_3.0.3-20020329-1woody2_i386.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-odbc_3.0.3-20020329-1woody2_i386.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mysql_3.0.3-20020329-1woody2_i386.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-odbc_3.0.3-20020329-1woody2_i386.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqxt0_3.0.3-20020329-1woody2_i386.deb; http://security.debian.org/pool/updates/main/q/qt-copy/qt3-tools_3.0.3-20020329-1woody2_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/q/qt-copy/libqt3_3.0.3-20020329-1woody2_ia64.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-dev_3.0.3-20020329-1woody2_ia64.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt_3.0.3-20020329-1woody2_ia64.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-dev_3.0.3-20020329-1woody2_ia64.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-mysql_3.0.3-20020329-1woody2_ia64.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-odbc_3.0.3-20020329-1woody2_ia64.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mysql_3.0.3-20020329-1woody2_ia64.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-odbc_3.0.3-20020329-1woody2_ia64.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqxt0_3.0.3-20020329-1woody2_ia64.deb; http://security.debian.org/pool/updates/main/q/qt-copy/qt3-tools_3.0.3-20020329-1woody2_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/q/qt-copy/libqt3_3.0.3-20020329-1woody2_hppa.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-dev_3.0.3-20020329-1woody2_hppa.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt_3.0.3-20020329-1woody2_hppa.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-dev_3.0.3-20020329-1woody2_hppa.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-mysql_3.0.3-20020329-1woody2_hppa.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-odbc_3.0.3-20020329-1woody2_hppa.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mysql_3.0.3-20020329-1woody2_hppa.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-odbc_3.0.3-20020329-1woody2_hppa.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqxt0_3.0.3-20020329-1woody2_hppa.deb; http://security.debian.org/pool/updates/main/q/qt-copy/qt3-tools_3.0.3-20020329-1woody2_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/q/qt-copy/libqt3_3.0.3-20020329-1woody2_m68k.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-dev_3.0.3-20020329-1woody2_m68k.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt_3.0.3-20020329-1woody2_m68k.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-dev_3.0.3-20020329-1woody2_m68k.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-mysql_3.0.3-20020329-1woody2_m68k.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-odbc_3.0.3-20020329-1woody2_m68k.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mysql_3.0.3-20020329-1woody2_m68k.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-odbc_3.0.3-20020329-1woody2_m68k.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqxt0_3.0.3-20020329-1woody2_m68k.deb; http://security.debian.org/pool/updates/main/q/qt-copy/qt3-tools_3.0.3-20020329-1woody2_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/q/qt-copy/libqt3_3.0.3-20020329-1woody2_mips.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-dev_3.0.3-20020329-1woody2_mips.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt_3.0.3-20020329-1woody2_mips.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-dev_3.0.3-20020329-1woody2_mips.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-mysql_3.0.3-20020329-1woody2_mips.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-odbc_3.0.3-20020329-1woody2_mips.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mysql_3.0.3-20020329-1woody2_mips.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-odbc_3.0.3-20020329-1woody2_mips.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqxt0_3.0.3-20020329-1woody2_mips.deb; http://security.debian.org/pool/updates/main/q/qt-copy/qt3-tools_3.0.3-20020329-1woody2_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/q/qt-copy/libqt3_3.0.3-20020329-1woody2_mipsel.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-dev_3.0.3-20020329-1woody2_mipsel.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt_3.0.3-20020329-1woody2_mipsel.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-dev_3.0.3-20020329-1woody2_mipsel.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-mysql_3.0.3-20020329-1woody2_mipsel.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-odbc_3.0.3-20020329-1woody2_mipsel.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mysql_3.0.3-20020329-1woody2_mipsel.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-odbc_3.0.3-20020329-1woody2_mipsel.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqxt0_3.0.3-20020329-1woody2_mipsel.deb; http://security.debian.org/pool/updates/main/q/qt-copy/qt3-tools_3.0.3-20020329-1woody2_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/q/qt-copy/libqt3_3.0.3-20020329-1woody2_powerpc.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-dev_3.0.3-20020329-1woody2_powerpc.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt_3.0.3-20020329-1woody2_powerpc.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-dev_3.0.3-20020329-1woody2_powerpc.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-mysql_3.0.3-20020329-1woody2_powerpc.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-odbc_3.0.3-20020329-1woody2_powerpc.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mysql_3.0.3-20020329-1woody2_powerpc.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-odbc_3.0.3-20020329-1woody2_powerpc.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqxt0_3.0.3-20020329-1woody2_powerpc.deb; http://security.debian.org/pool/updates/main/q/qt-copy/qt3-tools_3.0.3-20020329-1woody2_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/q/qt-copy/libqt3_3.0.3-20020329-1woody2_s390.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-dev_3.0.3-20020329-1woody2_s390.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt_3.0.3-20020329-1woody2_s390.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-dev_3.0.3-20020329-1woody2_s390.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-mysql_3.0.3-20020329-1woody2_s390.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-odbc_3.0.3-20020329-1woody2_s390.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mysql_3.0.3-20020329-1woody2_s390.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-odbc_3.0.3-20020329-1woody2_s390.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqxt0_3.0.3-20020329-1woody2_s390.deb; http://security.debian.org/pool/updates/main/q/qt-copy/qt3-tools_3.0.3-20020329-1woody2_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/q/qt-copy/libqt3_3.0.3-20020329-1woody2_sparc.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-dev_3.0.3-20020329-1woody2_sparc.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt_3.0.3-20020329-1woody2_sparc.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-dev_3.0.3-20020329-1woody2_sparc.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-mysql_3.0.3-20020329-1woody2_sparc.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-odbc_3.0.3-20020329-1woody2_sparc.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mysql_3.0.3-20020329-1woody2_sparc.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-odbc_3.0.3-20020329-1woody2_sparc.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqxt0_3.0.3-20020329-1woody2_sparc.deb; http://security.debian.org/pool/updates/main/q/qt-copy/qt3-tools_3.0.3-20020329-1woody2_sparc.deb

Les sommes MD5 des fichiers indiqués sont disponibles sur la page originale de l'alerte de sécurité.