|
| Current Newswire:
Fedora Core Advisory: qtAug 24, 2004, 14:23 (0 Talkback[s])Fedora Update Notification FEDORA-2004-270 2004-08-23 Product : Fedora Core 1 Description : Qt is written in C++ and is fully object-oriented. This package contains the shared library needed to run qt applications, as well as the README files for qt. Update Information: During a security audit, Chris Evans discovered a heap overflow in the BMP image decoder in Qt versions prior to 3.3.3. An attacker could create a carefully crafted BMP file in such a way that it would cause an application linked with Qt to crash or possibly execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2004-0691 to this issue. Additionally, various flaws were discovered in the GIF, XPM, and JPEG decoders in Qt versions prior to 3.3.3. An attacker could create carefully crafted image files in such a way that it could cause an application linked against Qt to crash when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the names CAN-2004-0692 and CAN-2004-0693 to these issues. Users of Qt should update to these updated packages which contain backported patches and are not vulnerable to these issues.
This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ c763ada78b47f3bc72a06e26b929c8c4 SRPMS/qt-3.1.2-14.2.src.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. Fedora Update Notification FEDORA-2004-271 2004-08-23 Product : Fedora Core 2 Description : Qt is written in C++ and is fully object-oriented. This package contains the shared library needed to run qt applications, as well as the README files for qt. Update Information: During a security audit, Chris Evans discovered a heap overflow in the BMP image decoder in Qt versions prior to 3.3.3. An attacker could create a carefully crafted BMP file in such a way that it would cause an application linked with Qt to crash or possibly execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2004-0691 to this issue. Additionally, various flaws were discovered in the GIF, XPM, and JPEG decoders in Qt versions prior to 3.3.3. An attacker could create carefully crafted image files in such a way that it could cause an application linked against Qt to crash when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the names CAN-2004-0692 and CAN-2004-0693 to these issues. Users of Qt should update to these updated packages which contain backported patches and are not vulnerable to these issues.
This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ d7d133c9fb84ec203b4a96451397777c SRPMS/qt-3.3.3-0.1.src.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. |