Debian alert DSA-542-1 (qt-copy)
| From: | joey@infodrom.org (Martin Schulze) | |
| To: | debian-security-announce@lists.debian.org (Debian Security Announcements) | |
| Subject: | [SECURITY] [DSA 542-1] New Qt packages fix arbitrary code execution and denial of service | |
| Date: | Mon, 30 Aug 2004 15:46:03 +0200 (CEST) |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 542-1 security@debian.org http://www.debian.org/security/ Martin Schulze August 30th, 2004 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : qt-copy Vulnerability : unsanitised input Problem-Type : remote Debian-specific: no CVE ID : CAN-2004-0691 CAN-2004-0692 CAN-2004-0693 Debian Bug : 267092 Several vulnerabilities were discovered in recent versions of Qt, a commonly used graphic widget set, used in KDE for example. The first problem allows an attacker to execute arbitrary code, while the other two only seem to pose a denial of service danger. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CAN-2004-0691: Chris Evans has discovered a heap-based overflow when handling 8-bit RLE encoded BMP files. CAN-2004-0692: Marcus Meissner has discovered a crash condition in the XPM handling code, which is not yet fixed in Qt 3.3. CAN-2004-0693: Marcus Meissner has discovered a crash condition in the GIF handling code, which is not yet fixed in Qt 3.3. For the stable distribution (woody) this problem has been fixed in version 3.0.3-20020329-1woody2. For the unstable distribution (sid) this problem has been fixed in version 3.3.3-4 of qt-x11-free. We recommend that you upgrade your qt packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/q/qt-copy/qt... Size/MD5 checksum: 974 8310ba3e5a86f6d366ff8b3de0bba5e8 http://security.debian.org/pool/updates/main/q/qt-copy/qt... Size/MD5 checksum: 3389 4639e4bf10aa3f9582769fb517b192e3 http://security.debian.org/pool/updates/main/q/qt-copy/qt... Size/MD5 checksum: 15576630 1d91e7f90e8c6e2dd7d93738ae42a0b4 Architecture independent components: http://security.debian.org/pool/updates/main/q/qt-copy/qt... Size/MD5 checksum: 8602244 a36ca7f4be9889f6d2a6141c6b11f0fb Alpha architecture: http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 3313166 937a81563cd1aa7f8c962d6662ce21e2 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 1419182 003d0e8e54039c13a5cbe3203a178308 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 3494652 7c436d0f781947e1a7b6213273b81aaf http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 17402 d86e3efa04c9ab4562771dc695f2b705 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 37404 3d37ea2458a20d916d793c04804087d9 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 46664 895d3c0497acbcac5ac6d9fd49e564ae http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 37352 94f05fa06512370db653150643445cb8 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 46616 d524b57c7988e7b0af2cb02e2d7ac5ce http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 31378 635e21687a646e9b206b51b725f7340d http://security.debian.org/pool/updates/main/q/qt-copy/qt... Size/MD5 checksum: 1825146 a09b064d09e4c1fc1f0135fb4e013879 ARM architecture: http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 2683822 3949d54da77df42a40f18e6d70de36fc http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 1119934 28ad280b4b285abea031db5a3a254557 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 2853650 3e8970f4654a950e0cee23c5305dc057 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 17402 74918f0b34534a6fd365a94831538615 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 31822 69c5a6336243262f7bd6ef7030eb3abf http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 43626 dd3f35afd778c6ef146ef2a421c92111 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 31772 19dfff175022d7a36171ab95032aeaa7 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 43562 6bc59696d96014f1f7a39538944593cb http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 29144 aaefacb6153ec91cc1ed1a636a920a5a http://security.debian.org/pool/updates/main/q/qt-copy/qt... Size/MD5 checksum: 1607562 ca2fd9baee8daea396fba58912be5e5d Intel IA-32 architecture: http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 2643638 518f281374ca8c5bdd9fca94bcb3bdca http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 1112604 4bfeb647ea19bb77c1eb7a5581f6826a http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 2802796 c5176e73c7319d4f200015b0ec3d6b02 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 17396 bf71c0691336640aed5aa6082a9e4310 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 32468 c78b6662365a8fe4075421a67813c41c http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 46386 264b4e657dd78e09a52d08de248257e0 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 32420 09028471a6bc160482c0eff5bd00bbff http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 46336 420b4f2643582fb1c8f387c8a9b1901b http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 28584 bb4c081a2c0fbdc6dda7baf121bbb71c http://security.debian.org/pool/updates/main/q/qt-copy/qt... Size/MD5 checksum: 1607150 f5423588bfa6146eb1b240b813766200 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 4141968 b9adc2f100479404ce3a54187ea07236 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 1477720 9701518afcb4c1efb8032a0b0b2b7be7 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 4307166 79aa7fe46dbd4f4eec118bb35115f8ad http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 17396 2900298dd385d1ff96afae049ec9ea75 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 40240 2149dd7fff17b31cef0123a12368c110 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 59144 36d10718b4606c132c10e17834c1f0e6 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 40184 1b3a214fe698db0f4ecc036b8b137c50 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 59072 033687a9c7973efff0b58f64ef735436 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 32722 a8c67bd97221bbcdf031bd3de29de1f0 http://security.debian.org/pool/updates/main/q/qt-copy/qt... Size/MD5 checksum: 2385262 9feac551ccf3b0e9e88fef628e4f8ea1 HP Precision architecture: http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 3232484 30edb556e1b064e86c2965dd6b0e2c14 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 1187048 5584863ef0f05eb0a55014b3ffad82bb http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 3426488 36e084d94f41a8618b3980351689ecbe http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 17392 b47e504397945a4616c686185f144102 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 35878 6978aa05eb9414856dc83f1112d16c45 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 46936 c11950323dbc5fa5d991853ad2ea2692 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 35848 84ec20d117d2cd3ec4878680b120974e http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 46876 0abe196f6f05ce67317a88d8c92b661d http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 31962 ea07de26a2cc5ab90da56ca9ab05e7a5 http://security.debian.org/pool/updates/main/q/qt-copy/qt... Size/MD5 checksum: 1775898 a74277a773ebe504e084bc0e2ecd8de8 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 2545616 50629e83f98984d9e6963b2b02a54094 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 1091618 6c4612090293c87c8c6d5e1c42de003c http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 2714202 1a275e2ec61b7ad1119285218c432118 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 17404 6f7846c9400959378da79e7a5b48857a http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 32684 baa3f7b54144f0a709d836801f5c104c http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 42314 3198a653d73857f70a182951d98eed30 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 32638 4b00719e5c4210f0a44320f31e2fd0be http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 42262 948a022d65ada61a3f151d5c719ca817 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 30592 8828f4393e321501de7a14ecd50e0447 http://security.debian.org/pool/updates/main/q/qt-copy/qt... Size/MD5 checksum: 1510946 f214a1964e7072a6f4a346ecc3a20a73 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 2596286 be448d7388560e4a8da238467e83398d http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 1101826 7d996ca8f567215597c1723ea53b9247 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 2757612 c6ead9e942a8957083f85bfe8b8ce991 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 17392 27b2439a6932119e1760df7276a8dc4d http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 31930 406ca119e8bce4b027bec60cbf54162d http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 39602 4aab2752e807acd8f497a1fa924a4b24 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 31896 8a3582d0f7f7b49d22f7273db9150971 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 39556 c1ee78fadb6cc991c8b711646b6d5a71 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 28970 ad7f5a55836c198aeda458716f03693d http://security.debian.org/pool/updates/main/q/qt-copy/qt... Size/MD5 checksum: 1623366 527d1ce15e3104548ea031836da0832d Little endian MIPS architecture: http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 2558962 832e4ad5292ce8637d722471e0f987e1 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 1084214 d1ea1f62200f0d1bdf411220eaff9837 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 2717090 d534028cf4bd508ca0bd015bb6ac3f70 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 17400 6374e6859fe58ccd522d1bb95c3e44e8 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 31668 cbbde6f437a1f07bf90b115189037c27 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 39316 ef3aba50b5d76eaa3680be53aaef377e http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 31620 67372780d9097c96bba51f9ab382b085 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 39272 147ffddd4e40f874d62eb28500e9a643 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 28860 713e107a61fefc3e5e07bc0609b7cff1 http://security.debian.org/pool/updates/main/q/qt-copy/qt... Size/MD5 checksum: 1606626 a543a3a41a0924ef1a2981ebcef5ee0f PowerPC architecture: http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 2755810 2c4a889c9b4a2d8cfbb80d3208262f96 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 1096708 50bc489ef6bae5ba2b39736cb10701b8 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 2924052 6cb9e8e39f716f02aa6ceb3b9aea4207 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 17400 fceb2784e58520fb4d5659edd50d32b9 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 32148 c03657c2ab1586bafd9dd72649d03a39 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 43532 0a87f61566626a4581b2fa0b620fb2e6 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 32092 414708f48309b10dbb2b5daebf6dc83e http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 43476 dd4d6916dd137ff127f1debecc78132b http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 28572 f8a63f631f1de8e8e41e77ae2e99d5ea http://security.debian.org/pool/updates/main/q/qt-copy/qt... Size/MD5 checksum: 1601694 cc47106f3f88cc3478d8b267c81cb943 IBM S/390 architecture: http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 2759952 477624768d68821a8b040a797f424352 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 1059872 3648cf5128e7f12169f5dac6ef4da52b http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 2921986 020cbc666ee6295d19417aa1a5455f3b http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 17396 1f4fa86ee92e4ac43cedfb9b37ab9aaf http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 32994 53d2b535aeb5efb20ad2865b85014709 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 42138 d735dffc2e104bcfe3cbaa9479b3aaca http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 32958 f9feaae412ea9425e74e006f5c004bc4 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 42080 ddb71d42a18f0ded8d2fed08d83f73aa http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 29432 cd99b49168b982d0fb3a01cefeff89fd http://security.debian.org/pool/updates/main/q/qt-copy/qt... Size/MD5 checksum: 1525624 0afaff0b474b089c5d239f0b92379036 Sun Sparc architecture: http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 2671602 25c2f57f1567bc870f334c22f161190a http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 1073900 e9f817ddfa476af2fec344e232f9f4bb http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 2839566 cf7df619bedc65e9c6f9516b4da0fff3 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 17396 2ebd5b58a7313a12b1b1c6410c64e594 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 32300 88234b40f7672ace0c314fb24ebdb51d http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 42590 5dfe845ca3292397d37c2e722238df19 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 32248 318222e392121b03050d6e28f8f495b4 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 42544 6e235ad9503f1a04e956c9bdaf98c5e6 http://security.debian.org/pool/updates/main/q/qt-copy/li... Size/MD5 checksum: 29572 65dcbca49ce1de1200fc28da1e46221c http://security.debian.org/pool/updates/main/q/qt-copy/qt... Size/MD5 checksum: 1563728 8b503f2764ed8a38431c8d738b9dc8e4 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBMy+aW5ql+IAeqTIRAuDxAJ9hkOA/bCakNX99XPzLSct61/kSsgCfQkD1 TdDk+r780Nbo6rjczYmgmms= =McN7 -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
(Log in to post comments)