Säkerhetsbulletin från Debian

DSA-1292-1 qt4-x11 -- saknad kontroll av indata

Rapporterat den:
2007-05-15
Berörda paket:
qt4-x11
Sårbara:
Ja
Referenser i säkerhetsdatabaser:
I Debians felrapporteringssystem: Fel 417391.
I Bugtraq-databasen (hos SecurityFocus): BugTraq-id 23269.
I Mitres CVE-förteckning: CVE-2007-0242.
Ytterligare information:

Andreas Nolden upptäckte ett fel i UTF8-avkodningsrutinerna i qt4-x11, ett grafiskt C++-ramverk, vilket kunde göra det möjligt för angripare utifrån att utföra serveröverskridande skriptangrepp (XSS) och katalogtraversering genom att använda långa sekvenser som kodar farliga metatecken.

För den stabila utgåvan (Etch) har detta problem rättats i version 4.2.1-2etch1.

För uttestningsutgåvan och den instabila utgåvan (Lenny och Sid) har detta problem rättats i version 4.2.2-2.

Vi rekommenderar att ni uppgraderar ert qt4-x11-paket.

Rättat i:

Debian GNU/Linux 4.0 (etch)

Källkod:
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-x11_4.2.1-2etch1.dsc
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-x11_4.2.1.orig.tar.gz
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-x11_4.2.1-2etch1.diff.gz
Arkitekturoberoende komponent:
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-doc_4.2.1-2etch1_all.deb
Alpha:
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.2.1-2etch1_alpha.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.2.1-2etch1_alpha.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.2.1-2etch1_alpha.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.2.1-2etch1_alpha.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.2.1-2etch1_alpha.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-debug_4.2.1-2etch1_alpha.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.2.1-2etch1_alpha.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.2.1-2etch1_alpha.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.2.1-2etch1_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.2.1-2etch1_amd64.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.2.1-2etch1_amd64.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.2.1-2etch1_amd64.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.2.1-2etch1_amd64.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.2.1-2etch1_amd64.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-debug_4.2.1-2etch1_amd64.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.2.1-2etch1_amd64.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.2.1-2etch1_amd64.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.2.1-2etch1_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.2.1-2etch1_arm.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.2.1-2etch1_arm.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.2.1-2etch1_arm.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.2.1-2etch1_arm.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-debug_4.2.1-2etch1_arm.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.2.1-2etch1_arm.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.2.1-2etch1_arm.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.2.1-2etch1_arm.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.2.1-2etch1_arm.deb
HP Precision:
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.2.1-2etch1_hppa.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.2.1-2etch1_hppa.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.2.1-2etch1_hppa.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-debug_4.2.1-2etch1_hppa.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.2.1-2etch1_hppa.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.2.1-2etch1_hppa.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.2.1-2etch1_hppa.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.2.1-2etch1_hppa.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.2.1-2etch1_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.2.1-2etch1_i386.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.2.1-2etch1_i386.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.2.1-2etch1_i386.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.2.1-2etch1_i386.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.2.1-2etch1_i386.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-debug_4.2.1-2etch1_i386.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.2.1-2etch1_i386.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.2.1-2etch1_i386.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.2.1-2etch1_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-debug_4.2.1-2etch1_ia64.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.2.1-2etch1_ia64.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.2.1-2etch1_ia64.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.2.1-2etch1_ia64.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.2.1-2etch1_ia64.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.2.1-2etch1_ia64.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.2.1-2etch1_ia64.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.2.1-2etch1_ia64.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.2.1-2etch1_ia64.deb
Big-endian MIPS:
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.2.1-2etch1_mips.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.2.1-2etch1_mips.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.2.1-2etch1_mips.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.2.1-2etch1_mips.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.2.1-2etch1_mips.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-debug_4.2.1-2etch1_mips.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.2.1-2etch1_mips.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.2.1-2etch1_mips.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.2.1-2etch1_mips.deb
Little-endian MIPS:
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-debug_4.2.1-2etch1_mipsel.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.2.1-2etch1_mipsel.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.2.1-2etch1_mipsel.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.2.1-2etch1_mipsel.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.2.1-2etch1_mipsel.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.2.1-2etch1_mipsel.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.2.1-2etch1_mipsel.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.2.1-2etch1_mipsel.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.2.1-2etch1_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.2.1-2etch1_powerpc.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.2.1-2etch1_powerpc.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.2.1-2etch1_powerpc.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.2.1-2etch1_powerpc.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.2.1-2etch1_powerpc.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.2.1-2etch1_powerpc.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.2.1-2etch1_powerpc.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-debug_4.2.1-2etch1_powerpc.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.2.1-2etch1_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.2.1-2etch1_s390.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.2.1-2etch1_s390.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.2.1-2etch1_s390.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.2.1-2etch1_s390.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-debug_4.2.1-2etch1_s390.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.2.1-2etch1_s390.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.2.1-2etch1_s390.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.2.1-2etch1_s390.deb
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.2.1-2etch1_s390.deb

MD5-kontrollsummor för dessa filer finns i originalbulletinen.