Säkerhetsbulletin från Debian
DSA-1292-1 qt4-x11 -- saknad kontroll av indata
- Rapporterat den:
- 2007-05-15
- Berörda paket:
- qt4-x11
- Sårbara:
- Ja
- Referenser i säkerhetsdatabaser:
- I Debians felrapporteringssystem: Fel 417391.
I Bugtraq-databasen (hos SecurityFocus): BugTraq-id 23269.
I Mitres CVE-förteckning: CVE-2007-0242. - Ytterligare information:
-
Andreas Nolden upptäckte ett fel i UTF8-avkodningsrutinerna i qt4-x11, ett grafiskt C++-ramverk, vilket kunde göra det möjligt för angripare utifrån att utföra serveröverskridande skriptangrepp (XSS) och katalogtraversering genom att använda långa sekvenser som kodar farliga metatecken.
För den stabila utgåvan (Etch) har detta problem rättats i version 4.2.1-2etch1.
För uttestningsutgåvan och den instabila utgåvan (Lenny och Sid) har detta problem rättats i version 4.2.2-2.
Vi rekommenderar att ni uppgraderar ert qt4-x11-paket.
- Rättat i:
-
Debian GNU/Linux 4.0 (etch)
- Källkod:
- http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-x11_4.2.1-2etch1.dsc
- http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-x11_4.2.1.orig.tar.gz
- http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-x11_4.2.1-2etch1.diff.gz
- http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-x11_4.2.1.orig.tar.gz
- Arkitekturoberoende komponent:
- http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-doc_4.2.1-2etch1_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.2.1-2etch1_alpha.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.2.1-2etch1_alpha.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.2.1-2etch1_alpha.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.2.1-2etch1_alpha.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.2.1-2etch1_alpha.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-debug_4.2.1-2etch1_alpha.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.2.1-2etch1_alpha.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.2.1-2etch1_alpha.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.2.1-2etch1_alpha.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.2.1-2etch1_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.2.1-2etch1_amd64.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.2.1-2etch1_amd64.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.2.1-2etch1_amd64.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.2.1-2etch1_amd64.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.2.1-2etch1_amd64.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-debug_4.2.1-2etch1_amd64.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.2.1-2etch1_amd64.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.2.1-2etch1_amd64.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.2.1-2etch1_amd64.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.2.1-2etch1_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.2.1-2etch1_arm.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.2.1-2etch1_arm.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.2.1-2etch1_arm.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.2.1-2etch1_arm.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-debug_4.2.1-2etch1_arm.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.2.1-2etch1_arm.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.2.1-2etch1_arm.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.2.1-2etch1_arm.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.2.1-2etch1_arm.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.2.1-2etch1_arm.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.2.1-2etch1_hppa.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.2.1-2etch1_hppa.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.2.1-2etch1_hppa.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-debug_4.2.1-2etch1_hppa.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.2.1-2etch1_hppa.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.2.1-2etch1_hppa.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.2.1-2etch1_hppa.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.2.1-2etch1_hppa.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.2.1-2etch1_hppa.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.2.1-2etch1_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.2.1-2etch1_i386.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.2.1-2etch1_i386.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.2.1-2etch1_i386.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.2.1-2etch1_i386.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.2.1-2etch1_i386.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-debug_4.2.1-2etch1_i386.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.2.1-2etch1_i386.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.2.1-2etch1_i386.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.2.1-2etch1_i386.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.2.1-2etch1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-debug_4.2.1-2etch1_ia64.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.2.1-2etch1_ia64.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.2.1-2etch1_ia64.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.2.1-2etch1_ia64.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.2.1-2etch1_ia64.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.2.1-2etch1_ia64.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.2.1-2etch1_ia64.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.2.1-2etch1_ia64.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.2.1-2etch1_ia64.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.2.1-2etch1_ia64.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.2.1-2etch1_mips.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.2.1-2etch1_mips.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.2.1-2etch1_mips.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.2.1-2etch1_mips.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.2.1-2etch1_mips.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-debug_4.2.1-2etch1_mips.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.2.1-2etch1_mips.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.2.1-2etch1_mips.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.2.1-2etch1_mips.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.2.1-2etch1_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-debug_4.2.1-2etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.2.1-2etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.2.1-2etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.2.1-2etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.2.1-2etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.2.1-2etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.2.1-2etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.2.1-2etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.2.1-2etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.2.1-2etch1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.2.1-2etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.2.1-2etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.2.1-2etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.2.1-2etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.2.1-2etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.2.1-2etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.2.1-2etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-debug_4.2.1-2etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.2.1-2etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.2.1-2etch1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.2.1-2etch1_s390.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.2.1-2etch1_s390.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.2.1-2etch1_s390.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.2.1-2etch1_s390.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-debug_4.2.1-2etch1_s390.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.2.1-2etch1_s390.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.2.1-2etch1_s390.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.2.1-2etch1_s390.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.2.1-2etch1_s390.deb
- http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.2.1-2etch1_s390.deb
MD5-kontrollsummor för dessa filer finns i originalbulletinen.