Säkerhetsbulletin från Debian

DSA-542-1 qt -- städar inte indata

Rapporterat den:

2004-08-30

Berörda paket:

qt-copy

Sårbara:

Referenser i säkerhetsdatabaser:

I Debians felrapporteringssystem: Fel 267092.
I Mitres CVE-förteckning: CVE-2004-0691, CVE-2004-0692, CVE-2004-0693.

Ytterligare information:

Flera sårbarheter upptäcktes i senare versioner av Qt, ett vanligt grafiskt bibliotek som bland annat används i KDE. Det första problemet gör det möjligt för en angripare att exekvera godtycklig kod medan de andra två bara verkar kunna utnyttjas till överbelastningsattacker. Projektet Common Vulnerabilities and Exposures identifierar följande sårbarheter:

CAN-2004-0691:
Chris Evans upptäckte ett heapbaserat buffertspill vid hantering av åttabitars RLE-kodade BMP-filer.
CAN-2004-0692:
Marcus Meissner upptäckte en krasch i XPM-hanteringskoden som ännu inte rättats i Qt 3.3.
CAN-2004-0693:
Marcus Meissner upptäckte en krasch i GIF-hanteringskoden som ännu inte rättats i Qt 3.3.

För den stabila utgåvan (Woody) har dessa problem rättats i version 3.0.3-20020329-1woody2.

För den instabila utgåvan (Sid) har dessa problem rättats i version 3.3.3-4 av qt-x11-free.

Vi rekommenderar att ni uppgraderar era qt-paket.

Rättat i:

Debian GNU/Linux 3.0 (woody)

Källkod:: http://security.debian.org/pool/updates/main/q/qt-copy/qt-copy_3.0.3-20020329-1woody2.dsc; http://security.debian.org/pool/updates/main/q/qt-copy/qt-copy_3.0.3-20020329-1woody2.diff.gz; http://security.debian.org/pool/updates/main/q/qt-copy/qt-copy_3.0.3-20020329.orig.tar.gz
Arkitekturoberoende komponent:: http://security.debian.org/pool/updates/main/q/qt-copy/qt3-doc_3.0.3-20020329-1woody2_all.deb
Alpha:: http://security.debian.org/pool/updates/main/q/qt-copy/libqt3_3.0.3-20020329-1woody2_alpha.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-dev_3.0.3-20020329-1woody2_alpha.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt_3.0.3-20020329-1woody2_alpha.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-dev_3.0.3-20020329-1woody2_alpha.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-mysql_3.0.3-20020329-1woody2_alpha.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-odbc_3.0.3-20020329-1woody2_alpha.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mysql_3.0.3-20020329-1woody2_alpha.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-odbc_3.0.3-20020329-1woody2_alpha.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqxt0_3.0.3-20020329-1woody2_alpha.deb; http://security.debian.org/pool/updates/main/q/qt-copy/qt3-tools_3.0.3-20020329-1woody2_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/q/qt-copy/libqt3_3.0.3-20020329-1woody2_arm.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-dev_3.0.3-20020329-1woody2_arm.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt_3.0.3-20020329-1woody2_arm.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-dev_3.0.3-20020329-1woody2_arm.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-mysql_3.0.3-20020329-1woody2_arm.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-odbc_3.0.3-20020329-1woody2_arm.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mysql_3.0.3-20020329-1woody2_arm.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-odbc_3.0.3-20020329-1woody2_arm.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqxt0_3.0.3-20020329-1woody2_arm.deb; http://security.debian.org/pool/updates/main/q/qt-copy/qt3-tools_3.0.3-20020329-1woody2_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/q/qt-copy/libqt3_3.0.3-20020329-1woody2_i386.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-dev_3.0.3-20020329-1woody2_i386.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt_3.0.3-20020329-1woody2_i386.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-dev_3.0.3-20020329-1woody2_i386.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-mysql_3.0.3-20020329-1woody2_i386.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-odbc_3.0.3-20020329-1woody2_i386.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mysql_3.0.3-20020329-1woody2_i386.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-odbc_3.0.3-20020329-1woody2_i386.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqxt0_3.0.3-20020329-1woody2_i386.deb; http://security.debian.org/pool/updates/main/q/qt-copy/qt3-tools_3.0.3-20020329-1woody2_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/q/qt-copy/libqt3_3.0.3-20020329-1woody2_ia64.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-dev_3.0.3-20020329-1woody2_ia64.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt_3.0.3-20020329-1woody2_ia64.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-dev_3.0.3-20020329-1woody2_ia64.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-mysql_3.0.3-20020329-1woody2_ia64.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-odbc_3.0.3-20020329-1woody2_ia64.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mysql_3.0.3-20020329-1woody2_ia64.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-odbc_3.0.3-20020329-1woody2_ia64.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqxt0_3.0.3-20020329-1woody2_ia64.deb; http://security.debian.org/pool/updates/main/q/qt-copy/qt3-tools_3.0.3-20020329-1woody2_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/q/qt-copy/libqt3_3.0.3-20020329-1woody2_hppa.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-dev_3.0.3-20020329-1woody2_hppa.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt_3.0.3-20020329-1woody2_hppa.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-dev_3.0.3-20020329-1woody2_hppa.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-mysql_3.0.3-20020329-1woody2_hppa.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-odbc_3.0.3-20020329-1woody2_hppa.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mysql_3.0.3-20020329-1woody2_hppa.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-odbc_3.0.3-20020329-1woody2_hppa.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqxt0_3.0.3-20020329-1woody2_hppa.deb; http://security.debian.org/pool/updates/main/q/qt-copy/qt3-tools_3.0.3-20020329-1woody2_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/q/qt-copy/libqt3_3.0.3-20020329-1woody2_m68k.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-dev_3.0.3-20020329-1woody2_m68k.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt_3.0.3-20020329-1woody2_m68k.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-dev_3.0.3-20020329-1woody2_m68k.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-mysql_3.0.3-20020329-1woody2_m68k.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-odbc_3.0.3-20020329-1woody2_m68k.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mysql_3.0.3-20020329-1woody2_m68k.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-odbc_3.0.3-20020329-1woody2_m68k.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqxt0_3.0.3-20020329-1woody2_m68k.deb; http://security.debian.org/pool/updates/main/q/qt-copy/qt3-tools_3.0.3-20020329-1woody2_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/q/qt-copy/libqt3_3.0.3-20020329-1woody2_mips.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-dev_3.0.3-20020329-1woody2_mips.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt_3.0.3-20020329-1woody2_mips.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-dev_3.0.3-20020329-1woody2_mips.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-mysql_3.0.3-20020329-1woody2_mips.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-odbc_3.0.3-20020329-1woody2_mips.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mysql_3.0.3-20020329-1woody2_mips.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-odbc_3.0.3-20020329-1woody2_mips.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqxt0_3.0.3-20020329-1woody2_mips.deb; http://security.debian.org/pool/updates/main/q/qt-copy/qt3-tools_3.0.3-20020329-1woody2_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/q/qt-copy/libqt3_3.0.3-20020329-1woody2_mipsel.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-dev_3.0.3-20020329-1woody2_mipsel.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt_3.0.3-20020329-1woody2_mipsel.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-dev_3.0.3-20020329-1woody2_mipsel.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-mysql_3.0.3-20020329-1woody2_mipsel.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-odbc_3.0.3-20020329-1woody2_mipsel.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mysql_3.0.3-20020329-1woody2_mipsel.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-odbc_3.0.3-20020329-1woody2_mipsel.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqxt0_3.0.3-20020329-1woody2_mipsel.deb; http://security.debian.org/pool/updates/main/q/qt-copy/qt3-tools_3.0.3-20020329-1woody2_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/q/qt-copy/libqt3_3.0.3-20020329-1woody2_powerpc.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-dev_3.0.3-20020329-1woody2_powerpc.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt_3.0.3-20020329-1woody2_powerpc.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-dev_3.0.3-20020329-1woody2_powerpc.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-mysql_3.0.3-20020329-1woody2_powerpc.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-odbc_3.0.3-20020329-1woody2_powerpc.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mysql_3.0.3-20020329-1woody2_powerpc.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-odbc_3.0.3-20020329-1woody2_powerpc.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqxt0_3.0.3-20020329-1woody2_powerpc.deb; http://security.debian.org/pool/updates/main/q/qt-copy/qt3-tools_3.0.3-20020329-1woody2_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/q/qt-copy/libqt3_3.0.3-20020329-1woody2_s390.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-dev_3.0.3-20020329-1woody2_s390.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt_3.0.3-20020329-1woody2_s390.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-dev_3.0.3-20020329-1woody2_s390.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-mysql_3.0.3-20020329-1woody2_s390.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-odbc_3.0.3-20020329-1woody2_s390.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mysql_3.0.3-20020329-1woody2_s390.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-odbc_3.0.3-20020329-1woody2_s390.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqxt0_3.0.3-20020329-1woody2_s390.deb; http://security.debian.org/pool/updates/main/q/qt-copy/qt3-tools_3.0.3-20020329-1woody2_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/q/qt-copy/libqt3_3.0.3-20020329-1woody2_sparc.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-dev_3.0.3-20020329-1woody2_sparc.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt_3.0.3-20020329-1woody2_sparc.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-dev_3.0.3-20020329-1woody2_sparc.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-mysql_3.0.3-20020329-1woody2_sparc.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-odbc_3.0.3-20020329-1woody2_sparc.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mysql_3.0.3-20020329-1woody2_sparc.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-odbc_3.0.3-20020329-1woody2_sparc.deb; http://security.debian.org/pool/updates/main/q/qt-copy/libqxt0_3.0.3-20020329-1woody2_sparc.deb; http://security.debian.org/pool/updates/main/q/qt-copy/qt3-tools_3.0.3-20020329-1woody2_sparc.deb

MD5-kontrollsummor för dessa filer finns i originalbulletinen.