dcsimg
Linux Today: Linux News On Internet Time.





More on LinuxToday


Advisories, November 1, 2006

Nov 02, 2006, 05:30 (0 Talkback[s])

Red Hat Lihux


Red Hat Security Advisory

Synopsis: Moderate: qt security update
Advisory ID: RHSA-2006:0725-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0725.html
Issue date: 2006-11-01
Updated on: 2006-11-01
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-4811


1. Summary:

Updated qt packages that correct an integer overflow flaw are now available.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System.

An integer overflow flaw was found in the way Qt handled certain pixmap images. If an application linked against Qt created a pixmap image in a certain way, it could lead to a denial of service or possibly allow the execution of arbitrary code. (CVE-2006-4811)

Users of Qt should upgrade to these updated packages, which contain a backported patch to correct this issue.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

211829 - CVE-2006-4811 qt integer overflow

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/qt-2.3.1-12.EL2.src.rpm
172de071af27b97a7f5288e7631bcbc4 qt-2.3.1-12.EL2.src.rpm

i386:
ead15c619bc32aa0f40b9dbe0cccd517 qt-2.3.1-12.EL2.i386.rpm
14d45496f6ea9a424813dbb5780142e2
qt-Xt-2.3.1-12.EL2.i386.rpm
1c2f25193663dc8f9688047a397f18e4 qt-designer-2.3.1-12.EL2.i386.rpm
9e6d8262422bd6c5e002d18260890bce
qt-devel-2.3.1-12.EL2.i386.rpm
8f3dee00f4bfd421b9624d19d8749ad4 qt-static-2.3.1-12.EL2.i386.rpm

ia64:
840fe2321ffea68ab8794dd0b7e9c881 qt-2.3.1-12.EL2.ia64.rpm
b0c0f0a0529ba133a310a8f3e5acdc51
qt-Xt-2.3.1-12.EL2.ia64.rpm
93f70e2c50513ddf335525c42e5ee3c0 qt-designer-2.3.1-12.EL2.ia64.rpm
34e5c46f4d58bf350b3444e16ab3da9c
qt-devel-2.3.1-12.EL2.ia64.rpm
8af03a401773e06a150b8e276f5a1efd qt-static-2.3.1-12.EL2.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/qt-2.3.1-12.EL2.src.rpm
172de071af27b97a7f5288e7631bcbc4 qt-2.3.1-12.EL2.src.rpm

ia64:
840fe2321ffea68ab8794dd0b7e9c881 qt-2.3.1-12.EL2.ia64.rpm
b0c0f0a0529ba133a310a8f3e5acdc51
qt-Xt-2.3.1-12.EL2.ia64.rpm
93f70e2c50513ddf335525c42e5ee3c0 qt-designer-2.3.1-12.EL2.ia64.rpm
34e5c46f4d58bf350b3444e16ab3da9c
qt-devel-2.3.1-12.EL2.ia64.rpm
8af03a401773e06a150b8e276f5a1efd qt-static-2.3.1-12.EL2.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/qt-2.3.1-12.EL2.src.rpm
172de071af27b97a7f5288e7631bcbc4 qt-2.3.1-12.EL2.src.rpm

i386:
ead15c619bc32aa0f40b9dbe0cccd517 qt-2.3.1-12.EL2.i386.rpm
14d45496f6ea9a424813dbb5780142e2
qt-Xt-2.3.1-12.EL2.i386.rpm
1c2f25193663dc8f9688047a397f18e4 qt-designer-2.3.1-12.EL2.i386.rpm
9e6d8262422bd6c5e002d18260890bce
qt-devel-2.3.1-12.EL2.i386.rpm
8f3dee00f4bfd421b9624d19d8749ad4 qt-static-2.3.1-12.EL2.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/qt-2.3.1-12.EL2.src.rpm
172de071af27b97a7f5288e7631bcbc4 qt-2.3.1-12.EL2.src.rpm

i386:
ead15c619bc32aa0f40b9dbe0cccd517 qt-2.3.1-12.EL2.i386.rpm
14d45496f6ea9a424813dbb5780142e2
qt-Xt-2.3.1-12.EL2.i386.rpm
1c2f25193663dc8f9688047a397f18e4 qt-designer-2.3.1-12.EL2.i386.rpm
9e6d8262422bd6c5e002d18260890bce
qt-devel-2.3.1-12.EL2.i386.rpm
8f3dee00f4bfd421b9624d19d8749ad4 qt-static-2.3.1-12.EL2.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/qt-3.1.2-14.RHEL3.src.rpm
9bb9f9baad9df9a2e0f212ad2f805619 qt-3.1.2-14.RHEL3.src.rpm

i386:
cecdc062e2ed6378753b685860a6dfdb qt-3.1.2-14.RHEL3.i386.rpm
d2645cca7c6204b767681b5e3107434a
qt-MySQL-3.1.2-14.RHEL3.i386.rpm
5836df16307118bc33dd9486deb51b3e qt-ODBC-3.1.2-14.RHEL3.i386.rpm
5869bccdc667a73d4e0cf3e85c18b7a1
qt-config-3.1.2-14.RHEL3.i386.rpm
5942e1d4f2792980fe7c8f9c7f2bdfcb qt-debuginfo-3.1.2-14.RHEL3.i386.rpm
f091d865dc63dccdfdf6bfc316691391
qt-designer-3.1.2-14.RHEL3.i386.rpm
20542bee5fa05e55954411192c65ab6e qt-devel-3.1.2-14.RHEL3.i386.rpm

ia64:
cecdc062e2ed6378753b685860a6dfdb qt-3.1.2-14.RHEL3.i386.rpm
7c6b66949a29a072bebe5043a9bfeda6
qt-3.1.2-14.RHEL3.ia64.rpm
00a5e47901973df234e421c889466a4f qt-MySQL-3.1.2-14.RHEL3.ia64.rpm
4450f80105e0b60623e850bdc63a730d
qt-ODBC-3.1.2-14.RHEL3.ia64.rpm
48a733546f937c88fa0b0226ca8482d9 qt-config-3.1.2-14.RHEL3.ia64.rpm
5942e1d4f2792980fe7c8f9c7f2bdfcb
qt-debuginfo-3.1.2-14.RHEL3.i386.rpm
b633daf5f0b95f9236298a6473564c4b qt-debuginfo-3.1.2-14.RHEL3.ia64.rpm
50ebab6f9c36eb87736d22befae3cfe6
qt-designer-3.1.2-14.RHEL3.ia64.rpm
9b2b8783f32e73b1cde16e9d8a2c7043 qt-devel-3.1.2-14.RHEL3.ia64.rpm

ppc:
eb123e8918e907fb4368c2b3e30dd56e qt-3.1.2-14.RHEL3.ppc.rpm
95794f8af28f1bd8f906fe55fa400aac
qt-3.1.2-14.RHEL3.ppc64.rpm
3769ff3b301baf302ad29024bd1461ca qt-MySQL-3.1.2-14.RHEL3.ppc.rpm
fa3458602464e6dca6a709b48e2ed6ca
qt-ODBC-3.1.2-14.RHEL3.ppc.rpm
bacbcea750dbecbae69b2418f02ec501 qt-config-3.1.2-14.RHEL3.ppc.rpm
c32d2f42a0ac7f1e9d233e0974f3ce32
qt-debuginfo-3.1.2-14.RHEL3.ppc.rpm
f518348ba5dfab0a735dd68f53e84fbc qt-debuginfo-3.1.2-14.RHEL3.ppc64.rpm
6044d028270bf11a524eaf07cda98fe7
qt-designer-3.1.2-14.RHEL3.ppc.rpm
965ba14dffddbe364c5afc3c5f78ece8 qt-devel-3.1.2-14.RHEL3.ppc.rpm

s390:
f8f8b9ffcd5a7d73cd92d47e9e167834 qt-3.1.2-14.RHEL3.s390.rpm
7771c040708f0792ccd29bfbfb5adf68
qt-MySQL-3.1.2-14.RHEL3.s390.rpm
5e12a9fa5b30595b286731b9209484be qt-ODBC-3.1.2-14.RHEL3.s390.rpm
8be36789eec024722427ea0741e1e5bd
qt-config-3.1.2-14.RHEL3.s390.rpm
1bf62c720c8a01ee208164ca92ff1dd6 qt-debuginfo-3.1.2-14.RHEL3.s390.rpm
2ff0622cb94ec95b429aaf0998442f4a
qt-designer-3.1.2-14.RHEL3.s390.rpm
e287eeff849c20d5240213a244fcf245 qt-devel-3.1.2-14.RHEL3.s390.rpm

s390x:
f8f8b9ffcd5a7d73cd92d47e9e167834 qt-3.1.2-14.RHEL3.s390.rpm
6709146e92c7e239478b2f1496ec2541
qt-3.1.2-14.RHEL3.s390x.rpm
5b9826ccd506ea05cceae2aa083e6876 qt-MySQL-3.1.2-14.RHEL3.s390x.rpm
d15232a89ff6692e9b54b1d3237138f6
qt-ODBC-3.1.2-14.RHEL3.s390x.rpm
c80c52d750d64acd1062c929bc91466c qt-config-3.1.2-14.RHEL3.s390x.rpm
1bf62c720c8a01ee208164ca92ff1dd6
qt-debuginfo-3.1.2-14.RHEL3.s390.rpm
975b58ab7abd77a1178aa1c868444de9 qt-debuginfo-3.1.2-14.RHEL3.s390x.rpm
83fde45cadb6bcad528531aca855263a
qt-designer-3.1.2-14.RHEL3.s390x.rpm
b3eca10a171029b77c51ad45210b8391 qt-devel-3.1.2-14.RHEL3.s390x.rpm

x86_64:
cecdc062e2ed6378753b685860a6dfdb qt-3.1.2-14.RHEL3.i386.rpm
596a0b6a4111a20440e211d56ff34647
qt-3.1.2-14.RHEL3.x86_64.rpm
3ac0c1881b7b6d0a62164155fa7698b2 qt-MySQL-3.1.2-14.RHEL3.x86_64.rpm
0bdde3f71be2e18d5b86c7ead7fb2fd1
qt-ODBC-3.1.2-14.RHEL3.x86_64.rpm
37bb48b6dd98574f22615bb412e283ed qt-config-3.1.2-14.RHEL3.x86_64.rpm
5942e1d4f2792980fe7c8f9c7f2bdfcb
qt-debuginfo-3.1.2-14.RHEL3.i386.rpm
5d239010deae684435a3cb2497070597 qt-debuginfo-3.1.2-14.RHEL3.x86_64.rpm
e56616aa922c8542e90d2fdf21ec0dc0
qt-designer-3.1.2-14.RHEL3.x86_64.rpm
30d29be398442022fc99cbd2009b52b7 qt-devel-3.1.2-14.RHEL3.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/qt-3.1.2-14.RHEL3.src.rpm
9bb9f9baad9df9a2e0f212ad2f805619 qt-3.1.2-14.RHEL3.src.rpm

i386:
cecdc062e2ed6378753b685860a6dfdb qt-3.1.2-14.RHEL3.i386.rpm
d2645cca7c6204b767681b5e3107434a
qt-MySQL-3.1.2-14.RHEL3.i386.rpm
5836df16307118bc33dd9486deb51b3e qt-ODBC-3.1.2-14.RHEL3.i386.rpm
5869bccdc667a73d4e0cf3e85c18b7a1
qt-config-3.1.2-14.RHEL3.i386.rpm
5942e1d4f2792980fe7c8f9c7f2bdfcb qt-debuginfo-3.1.2-14.RHEL3.i386.rpm
f091d865dc63dccdfdf6bfc316691391
qt-designer-3.1.2-14.RHEL3.i386.rpm
20542bee5fa05e55954411192c65ab6e qt-devel-3.1.2-14.RHEL3.i386.rpm

x86_64:
cecdc062e2ed6378753b685860a6dfdb qt-3.1.2-14.RHEL3.i386.rpm
596a0b6a4111a20440e211d56ff34647
qt-3.1.2-14.RHEL3.x86_64.rpm
3ac0c1881b7b6d0a62164155fa7698b2 qt-MySQL-3.1.2-14.RHEL3.x86_64.rpm
0bdde3f71be2e18d5b86c7ead7fb2fd1
qt-ODBC-3.1.2-14.RHEL3.x86_64.rpm
37bb48b6dd98574f22615bb412e283ed qt-config-3.1.2-14.RHEL3.x86_64.rpm
5942e1d4f2792980fe7c8f9c7f2bdfcb
qt-debuginfo-3.1.2-14.RHEL3.i386.rpm
5d239010deae684435a3cb2497070597 qt-debuginfo-3.1.2-14.RHEL3.x86_64.rpm
e56616aa922c8542e90d2fdf21ec0dc0
qt-designer-3.1.2-14.RHEL3.x86_64.rpm
30d29be398442022fc99cbd2009b52b7 qt-devel-3.1.2-14.RHEL3.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/qt-3.1.2-14.RHEL3.src.rpm
9bb9f9baad9df9a2e0f212ad2f805619 qt-3.1.2-14.RHEL3.src.rpm

i386:
cecdc062e2ed6378753b685860a6dfdb qt-3.1.2-14.RHEL3.i386.rpm
d2645cca7c6204b767681b5e3107434a
qt-MySQL-3.1.2-14.RHEL3.i386.rpm
5836df16307118bc33dd9486deb51b3e qt-ODBC-3.1.2-14.RHEL3.i386.rpm
5869bccdc667a73d4e0cf3e85c18b7a1
qt-config-3.1.2-14.RHEL3.i386.rpm
5942e1d4f2792980fe7c8f9c7f2bdfcb qt-debuginfo-3.1.2-14.RHEL3.i386.rpm
f091d865dc63dccdfdf6bfc316691391
qt-designer-3.1.2-14.RHEL3.i386.rpm
20542bee5fa05e55954411192c65ab6e qt-devel-3.1.2-14.RHEL3.i386.rpm

ia64:
cecdc062e2ed6378753b685860a6dfdb qt-3.1.2-14.RHEL3.i386.rpm
7c6b66949a29a072bebe5043a9bfeda6
qt-3.1.2-14.RHEL3.ia64.rpm
00a5e47901973df234e421c889466a4f qt-MySQL-3.1.2-14.RHEL3.ia64.rpm
4450f80105e0b60623e850bdc63a730d
qt-ODBC-3.1.2-14.RHEL3.ia64.rpm
48a733546f937c88fa0b0226ca8482d9 qt-config-3.1.2-14.RHEL3.ia64.rpm
5942e1d4f2792980fe7c8f9c7f2bdfcb
qt-debuginfo-3.1.2-14.RHEL3.i386.rpm
b633daf5f0b95f9236298a6473564c4b qt-debuginfo-3.1.2-14.RHEL3.ia64.rpm
50ebab6f9c36eb87736d22befae3cfe6
qt-designer-3.1.2-14.RHEL3.ia64.rpm
9b2b8783f32e73b1cde16e9d8a2c7043 qt-devel-3.1.2-14.RHEL3.ia64.rpm

x86_64:
cecdc062e2ed6378753b685860a6dfdb qt-3.1.2-14.RHEL3.i386.rpm
596a0b6a4111a20440e211d56ff34647
qt-3.1.2-14.RHEL3.x86_64.rpm
3ac0c1881b7b6d0a62164155fa7698b2 qt-MySQL-3.1.2-14.RHEL3.x86_64.rpm
0bdde3f71be2e18d5b86c7ead7fb2fd1
qt-ODBC-3.1.2-14.RHEL3.x86_64.rpm
37bb48b6dd98574f22615bb412e283ed qt-config-3.1.2-14.RHEL3.x86_64.rpm
5942e1d4f2792980fe7c8f9c7f2bdfcb
qt-debuginfo-3.1.2-14.RHEL3.i386.rpm
5d239010deae684435a3cb2497070597 qt-debuginfo-3.1.2-14.RHEL3.x86_64.rpm
e56616aa922c8542e90d2fdf21ec0dc0
qt-designer-3.1.2-14.RHEL3.x86_64.rpm
30d29be398442022fc99cbd2009b52b7 qt-devel-3.1.2-14.RHEL3.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/qt-3.1.2-14.RHEL3.src.rpm
9bb9f9baad9df9a2e0f212ad2f805619 qt-3.1.2-14.RHEL3.src.rpm

i386:
cecdc062e2ed6378753b685860a6dfdb qt-3.1.2-14.RHEL3.i386.rpm
d2645cca7c6204b767681b5e3107434a
qt-MySQL-3.1.2-14.RHEL3.i386.rpm
5836df16307118bc33dd9486deb51b3e qt-ODBC-3.1.2-14.RHEL3.i386.rpm
5869bccdc667a73d4e0cf3e85c18b7a1
qt-config-3.1.2-14.RHEL3.i386.rpm
5942e1d4f2792980fe7c8f9c7f2bdfcb qt-debuginfo-3.1.2-14.RHEL3.i386.rpm
f091d865dc63dccdfdf6bfc316691391
qt-designer-3.1.2-14.RHEL3.i386.rpm
20542bee5fa05e55954411192c65ab6e qt-devel-3.1.2-14.RHEL3.i386.rpm

ia64:
cecdc062e2ed6378753b685860a6dfdb qt-3.1.2-14.RHEL3.i386.rpm
7c6b66949a29a072bebe5043a9bfeda6
qt-3.1.2-14.RHEL3.ia64.rpm
00a5e47901973df234e421c889466a4f qt-MySQL-3.1.2-14.RHEL3.ia64.rpm
4450f80105e0b60623e850bdc63a730d
qt-ODBC-3.1.2-14.RHEL3.ia64.rpm
48a733546f937c88fa0b0226ca8482d9 qt-config-3.1.2-14.RHEL3.ia64.rpm
5942e1d4f2792980fe7c8f9c7f2bdfcb
qt-debuginfo-3.1.2-14.RHEL3.i386.rpm
b633daf5f0b95f9236298a6473564c4b qt-debuginfo-3.1.2-14.RHEL3.ia64.rpm
50ebab6f9c36eb87736d22befae3cfe6
qt-designer-3.1.2-14.RHEL3.ia64.rpm
9b2b8783f32e73b1cde16e9d8a2c7043 qt-devel-3.1.2-14.RHEL3.ia64.rpm

x86_64:
cecdc062e2ed6378753b685860a6dfdb qt-3.1.2-14.RHEL3.i386.rpm
596a0b6a4111a20440e211d56ff34647
qt-3.1.2-14.RHEL3.x86_64.rpm
3ac0c1881b7b6d0a62164155fa7698b2 qt-MySQL-3.1.2-14.RHEL3.x86_64.rpm
0bdde3f71be2e18d5b86c7ead7fb2fd1
qt-ODBC-3.1.2-14.RHEL3.x86_64.rpm
37bb48b6dd98574f22615bb412e283ed qt-config-3.1.2-14.RHEL3.x86_64.rpm
5942e1d4f2792980fe7c8f9c7f2bdfcb
qt-debuginfo-3.1.2-14.RHEL3.i386.rpm
5d239010deae684435a3cb2497070597 qt-debuginfo-3.1.2-14.RHEL3.x86_64.rpm
e56616aa922c8542e90d2fdf21ec0dc0
qt-designer-3.1.2-14.RHEL3.x86_64.rpm
30d29be398442022fc99cbd2009b52b7 qt-devel-3.1.2-14.RHEL3.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/qt-3.3.3-10.RHEL4.src.rpm
e96c2079caaba15d4da427679c50b320 qt-3.3.3-10.RHEL4.src.rpm

i386:
31ab6c923d2e5fd4d6c69fb349ccc560 qt-3.3.3-10.RHEL4.i386.rpm
b9cedf469bc4283642d65c094e22d885
qt-MySQL-3.3.3-10.RHEL4.i386.rpm
deaf173be23d8938d4f621a6540f7301 qt-ODBC-3.3.3-10.RHEL4.i386.rpm
19525ace2952226f233cb30752640a69
qt-PostgreSQL-3.3.3-10.RHEL4.i386.rpm
0c7fac0ab371572b85a55aa3c00a14d1 qt-config-3.3.3-10.RHEL4.i386.rpm
98c091e5d408b62f8bac3490428966b4
qt-debuginfo-3.3.3-10.RHEL4.i386.rpm
bab89de21763006da22b46bd4da2d725 qt-designer-3.3.3-10.RHEL4.i386.rpm
9ac6a8be50a60907c8736da1d02a98a1
qt-devel-3.3.3-10.RHEL4.i386.rpm

ia64:
31ab6c923d2e5fd4d6c69fb349ccc560 qt-3.3.3-10.RHEL4.i386.rpm
88bea8a52bf61e5cb9c915005a6deac0
qt-3.3.3-10.RHEL4.ia64.rpm
6adaf5ee21f41dd1a9a1b10b27357fa2 qt-MySQL-3.3.3-10.RHEL4.ia64.rpm
392aaf230957bd010c2c4d982c239977
qt-ODBC-3.3.3-10.RHEL4.ia64.rpm
06a2375719a64cad5fbeb98aadca29d3 qt-PostgreSQL-3.3.3-10.RHEL4.ia64.rpm
2143ecba6026bea49d971dc8b3242098
qt-config-3.3.3-10.RHEL4.ia64.rpm
98c091e5d408b62f8bac3490428966b4 qt-debuginfo-3.3.3-10.RHEL4.i386.rpm
ca0cd6413db4f628a1061256382afd08
qt-debuginfo-3.3.3-10.RHEL4.ia64.rpm
665b39d1800ff2d938e0288183a01d43 qt-designer-3.3.3-10.RHEL4.ia64.rpm
6a0aae116c4c1ac42c3cfd83285640b0
qt-devel-3.3.3-10.RHEL4.ia64.rpm

ppc:
af899156603937f643aee411040819ae qt-3.3.3-10.RHEL4.ppc.rpm
4711e911443d4da04c1dfa6ca7f1ec8e
qt-3.3.3-10.RHEL4.ppc64.rpm
7c3390672494adeec49a78e8f510ab2b qt-MySQL-3.3.3-10.RHEL4.ppc.rpm
b803022c4fabc6cd68b3ec7454561946
qt-ODBC-3.3.3-10.RHEL4.ppc.rpm
25decf84def26479db5da4b724445e47 qt-PostgreSQL-3.3.3-10.RHEL4.ppc.rpm
fd9b1a0bff5f16dfcf679ffa29113758
qt-config-3.3.3-10.RHEL4.ppc.rpm
ac12826c19ebbdcbc8be0cff75642e89 qt-debuginfo-3.3.3-10.RHEL4.ppc.rpm
7dd3e107367043151849fd492679001e
qt-debuginfo-3.3.3-10.RHEL4.ppc64.rpm
4d0509a6edca771ffbc24f5c8bd7a838 qt-designer-3.3.3-10.RHEL4.ppc.rpm
90c08159730b655c9035ac1ef3b37c39
qt-devel-3.3.3-10.RHEL4.ppc.rpm

s390:
674006e7a60a8252c3daaf72ce15f915 qt-3.3.3-10.RHEL4.s390.rpm
9fc64ddd074d0c9fd23b742cbdae5e7f
qt-MySQL-3.3.3-10.RHEL4.s390.rpm
6b60729ae65dca173f11fa732f4989d7 qt-ODBC-3.3.3-10.RHEL4.s390.rpm
56d3b38b64dc7fe02d1ff6056f327ca6
qt-PostgreSQL-3.3.3-10.RHEL4.s390.rpm
95d82ca2eaffe644902677772817a4e2 qt-config-3.3.3-10.RHEL4.s390.rpm
8f3aafbf40d80ea503a7b8e7a9243fb2
qt-debuginfo-3.3.3-10.RHEL4.s390.rpm
a87168eb1dc412ee5e4e7aa9cecfe1b8 qt-designer-3.3.3-10.RHEL4.s390.rpm
90f75e6d3798afb0ba3d11f3a6396899
qt-devel-3.3.3-10.RHEL4.s390.rpm

s390x:
674006e7a60a8252c3daaf72ce15f915 qt-3.3.3-10.RHEL4.s390.rpm
ad7274344aa2f01f37aef5aa5836d9ab
qt-3.3.3-10.RHEL4.s390x.rpm
eb16006dfaf6c3b19c3c706591f0e598 qt-MySQL-3.3.3-10.RHEL4.s390x.rpm
fa19babbbcacda561448136a8fe57d63
qt-ODBC-3.3.3-10.RHEL4.s390x.rpm
ec383290556ee25b170cba560620b4a8 qt-PostgreSQL-3.3.3-10.RHEL4.s390x.rpm
0b0f9695fc9d85c534a7e24caa27a79e
qt-config-3.3.3-10.RHEL4.s390x.rpm
8f3aafbf40d80ea503a7b8e7a9243fb2 qt-debuginfo-3.3.3-10.RHEL4.s390.rpm
2b9093c4df249f12f04be23062da1878
qt-debuginfo-3.3.3-10.RHEL4.s390x.rpm
728e59b495e9bbc25f2e9c2c0cd95923 qt-designer-3.3.3-10.RHEL4.s390x.rpm
908b9e83b1a380619f5ba35920cdc46e
qt-devel-3.3.3-10.RHEL4.s390x.rpm

x86_64:
31ab6c923d2e5fd4d6c69fb349ccc560 qt-3.3.3-10.RHEL4.i386.rpm
dc152407e42498c66478db318201755c
qt-3.3.3-10.RHEL4.x86_64.rpm
498631658224a5d27cb0c0f8c36e2f9a qt-MySQL-3.3.3-10.RHEL4.x86_64.rpm
8b2bbdc3536a4d1a3272f1a36fe9819c
qt-ODBC-3.3.3-10.RHEL4.x86_64.rpm
6efc9ec471ef21ba44d86e497a589682 qt-PostgreSQL-3.3.3-10.RHEL4.x86_64.rpm
0c99c2596c245d97bf3d5247665472fb
qt-config-3.3.3-10.RHEL4.x86_64.rpm
98c091e5d408b62f8bac3490428966b4 qt-debuginfo-3.3.3-10.RHEL4.i386.rpm
73c87d5e77e22b3e948f39085552b9a6
qt-debuginfo-3.3.3-10.RHEL4.x86_64.rpm
d488f90b7518fabcbe03744eead9241e qt-designer-3.3.3-10.RHEL4.x86_64.rpm
754a5d20d242140186b49e88ea5c5884
qt-devel-3.3.3-10.RHEL4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/qt-3.3.3-10.RHEL4.src.rpm
e96c2079caaba15d4da427679c50b320 qt-3.3.3-10.RHEL4.src.rpm

i386:
31ab6c923d2e5fd4d6c69fb349ccc560 qt-3.3.3-10.RHEL4.i386.rpm
b9cedf469bc4283642d65c094e22d885
qt-MySQL-3.3.3-10.RHEL4.i386.rpm
deaf173be23d8938d4f621a6540f7301 qt-ODBC-3.3.3-10.RHEL4.i386.rpm
19525ace2952226f233cb30752640a69
qt-PostgreSQL-3.3.3-10.RHEL4.i386.rpm
0c7fac0ab371572b85a55aa3c00a14d1 qt-config-3.3.3-10.RHEL4.i386.rpm
98c091e5d408b62f8bac3490428966b4
qt-debuginfo-3.3.3-10.RHEL4.i386.rpm
bab89de21763006da22b46bd4da2d725 qt-designer-3.3.3-10.RHEL4.i386.rpm
9ac6a8be50a60907c8736da1d02a98a1
qt-devel-3.3.3-10.RHEL4.i386.rpm

x86_64:
31ab6c923d2e5fd4d6c69fb349ccc560 qt-3.3.3-10.RHEL4.i386.rpm
dc152407e42498c66478db318201755c
qt-3.3.3-10.RHEL4.x86_64.rpm
498631658224a5d27cb0c0f8c36e2f9a qt-MySQL-3.3.3-10.RHEL4.x86_64.rpm
8b2bbdc3536a4d1a3272f1a36fe9819c
qt-ODBC-3.3.3-10.RHEL4.x86_64.rpm
6efc9ec471ef21ba44d86e497a589682 qt-PostgreSQL-3.3.3-10.RHEL4.x86_64.rpm
0c99c2596c245d97bf3d5247665472fb
qt-config-3.3.3-10.RHEL4.x86_64.rpm
98c091e5d408b62f8bac3490428966b4 qt-debuginfo-3.3.3-10.RHEL4.i386.rpm
73c87d5e77e22b3e948f39085552b9a6
qt-debuginfo-3.3.3-10.RHEL4.x86_64.rpm
d488f90b7518fabcbe03744eead9241e qt-designer-3.3.3-10.RHEL4.x86_64.rpm
754a5d20d242140186b49e88ea5c5884
qt-devel-3.3.3-10.RHEL4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/qt-3.3.3-10.RHEL4.src.rpm
e96c2079caaba15d4da427679c50b320 qt-3.3.3-10.RHEL4.src.rpm

i386:
31ab6c923d2e5fd4d6c69fb349ccc560 qt-3.3.3-10.RHEL4.i386.rpm
b9cedf469bc4283642d65c094e22d885
qt-MySQL-3.3.3-10.RHEL4.i386.rpm
deaf173be23d8938d4f621a6540f7301 qt-ODBC-3.3.3-10.RHEL4.i386.rpm
19525ace2952226f233cb30752640a69
qt-PostgreSQL-3.3.3-10.RHEL4.i386.rpm
0c7fac0ab371572b85a55aa3c00a14d1 qt-config-3.3.3-10.RHEL4.i386.rpm
98c091e5d408b62f8bac3490428966b4
qt-debuginfo-3.3.3-10.RHEL4.i386.rpm
bab89de21763006da22b46bd4da2d725 qt-designer-3.3.3-10.RHEL4.i386.rpm
9ac6a8be50a60907c8736da1d02a98a1
qt-devel-3.3.3-10.RHEL4.i386.rpm

ia64:
31ab6c923d2e5fd4d6c69fb349ccc560 qt-3.3.3-10.RHEL4.i386.rpm
88bea8a52bf61e5cb9c915005a6deac0
qt-3.3.3-10.RHEL4.ia64.rpm
6adaf5ee21f41dd1a9a1b10b27357fa2 qt-MySQL-3.3.3-10.RHEL4.ia64.rpm
392aaf230957bd010c2c4d982c239977
qt-ODBC-3.3.3-10.RHEL4.ia64.rpm
06a2375719a64cad5fbeb98aadca29d3 qt-PostgreSQL-3.3.3-10.RHEL4.ia64.rpm
2143ecba6026bea49d971dc8b3242098
qt-config-3.3.3-10.RHEL4.ia64.rpm
98c091e5d408b62f8bac3490428966b4 qt-debuginfo-3.3.3-10.RHEL4.i386.rpm
ca0cd6413db4f628a1061256382afd08
qt-debuginfo-3.3.3-10.RHEL4.ia64.rpm
665b39d1800ff2d938e0288183a01d43 qt-designer-3.3.3-10.RHEL4.ia64.rpm
6a0aae116c4c1ac42c3cfd83285640b0
qt-devel-3.3.3-10.RHEL4.ia64.rpm

x86_64:
31ab6c923d2e5fd4d6c69fb349ccc560 qt-3.3.3-10.RHEL4.i386.rpm
dc152407e42498c66478db318201755c
qt-3.3.3-10.RHEL4.x86_64.rpm
498631658224a5d27cb0c0f8c36e2f9a qt-MySQL-3.3.3-10.RHEL4.x86_64.rpm
8b2bbdc3536a4d1a3272f1a36fe9819c
qt-ODBC-3.3.3-10.RHEL4.x86_64.rpm
6efc9ec471ef21ba44d86e497a589682 qt-PostgreSQL-3.3.3-10.RHEL4.x86_64.rpm
0c99c2596c245d97bf3d5247665472fb
qt-config-3.3.3-10.RHEL4.x86_64.rpm
98c091e5d408b62f8bac3490428966b4 qt-debuginfo-3.3.3-10.RHEL4.i386.rpm
73c87d5e77e22b3e948f39085552b9a6
qt-debuginfo-3.3.3-10.RHEL4.x86_64.rpm
d488f90b7518fabcbe03744eead9241e qt-designer-3.3.3-10.RHEL4.x86_64.rpm
754a5d20d242140186b49e88ea5c5884
qt-devel-3.3.3-10.RHEL4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/qt-3.3.3-10.RHEL4.src.rpm
e96c2079caaba15d4da427679c50b320 qt-3.3.3-10.RHEL4.src.rpm

i386:
31ab6c923d2e5fd4d6c69fb349ccc560 qt-3.3.3-10.RHEL4.i386.rpm
b9cedf469bc4283642d65c094e22d885
qt-MySQL-3.3.3-10.RHEL4.i386.rpm
deaf173be23d8938d4f621a6540f7301 qt-ODBC-3.3.3-10.RHEL4.i386.rpm
19525ace2952226f233cb30752640a69
qt-PostgreSQL-3.3.3-10.RHEL4.i386.rpm
0c7fac0ab371572b85a55aa3c00a14d1 qt-config-3.3.3-10.RHEL4.i386.rpm
98c091e5d408b62f8bac3490428966b4
qt-debuginfo-3.3.3-10.RHEL4.i386.rpm
bab89de21763006da22b46bd4da2d725 qt-designer-3.3.3-10.RHEL4.i386.rpm
9ac6a8be50a60907c8736da1d02a98a1
qt-devel-3.3.3-10.RHEL4.i386.rpm

ia64:
31ab6c923d2e5fd4d6c69fb349ccc560 qt-3.3.3-10.RHEL4.i386.rpm
88bea8a52bf61e5cb9c915005a6deac0
qt-3.3.3-10.RHEL4.ia64.rpm
6adaf5ee21f41dd1a9a1b10b27357fa2 qt-MySQL-3.3.3-10.RHEL4.ia64.rpm
392aaf230957bd010c2c4d982c239977
qt-ODBC-3.3.3-10.RHEL4.ia64.rpm
06a2375719a64cad5fbeb98aadca29d3 qt-PostgreSQL-3.3.3-10.RHEL4.ia64.rpm
2143ecba6026bea49d971dc8b3242098
qt-config-3.3.3-10.RHEL4.ia64.rpm
98c091e5d408b62f8bac3490428966b4 qt-debuginfo-3.3.3-10.RHEL4.i386.rpm
ca0cd6413db4f628a1061256382afd08
qt-debuginfo-3.3.3-10.RHEL4.ia64.rpm
665b39d1800ff2d938e0288183a01d43 qt-designer-3.3.3-10.RHEL4.ia64.rpm
6a0aae116c4c1ac42c3cfd83285640b0
qt-devel-3.3.3-10.RHEL4.ia64.rpm

x86_64:
31ab6c923d2e5fd4d6c69fb349ccc560 qt-3.3.3-10.RHEL4.i386.rpm
dc152407e42498c66478db318201755c
qt-3.3.3-10.RHEL4.x86_64.rpm
498631658224a5d27cb0c0f8c36e2f9a qt-MySQL-3.3.3-10.RHEL4.x86_64.rpm
8b2bbdc3536a4d1a3272f1a36fe9819c
qt-ODBC-3.3.3-10.RHEL4.x86_64.rpm
6efc9ec471ef21ba44d86e497a589682 qt-PostgreSQL-3.3.3-10.RHEL4.x86_64.rpm
0c99c2596c245d97bf3d5247665472fb
qt-config-3.3.3-10.RHEL4.x86_64.rpm
98c091e5d408b62f8bac3490428966b4 qt-debuginfo-3.3.3-10.RHEL4.i386.rpm
73c87d5e77e22b3e948f39085552b9a6
qt-debuginfo-3.3.3-10.RHEL4.x86_64.rpm
d488f90b7518fabcbe03744eead9241e qt-designer-3.3.3-10.RHEL4.x86_64.rpm
754a5d20d242140186b49e88ea5c5884
qt-devel-3.3.3-10.RHEL4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4811 http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.

rPath Linux

rPath Security Advisory: 2006-0202-1
Published: 2006-11-01
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification: Remote Deterministic Denial of Service
Updated Versions:
      wireshark=/conary.rpath.com@rpl:devel//1/0.99.4-0.1-1
      tshark=/conary.rpath.com@rpl:devel//1/0.99.4-0.1-1

References:

    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4574

    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4805

    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5468

    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5469

    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5740

    https://issues.rpath.com/browse/RPL-746

Description:
In previous versions of the wireshark and tshark packages, and all versions of the ethereal and tethereal packages, are vulnerable to several remote Denial of Service attacks which can cause the application to crash. None of these vulnerabilities is currently believed to enable remote unauthorized access.

The fixes are available only as part of the wireshark package. Development of the ethereal program has ceased under the ethereal name and continued under the wireshark name, due to restrictions on the use of the "ethereal" trademark. The latest version of the ethereal and tethereal packages in rPath Linux 1 are now redirects to the wireshark and tshark packages. The command "conary update ethereal tethereal" will cause the ethereal and tethereal packages on the system to be replaced by wireshark and tshark, respectively. The "conary updateall" command will also appropriately migrate the system from ethereal to wireshark.

Ubuntu


Ubuntu Security Notice USN-370-1 October 31, 2006
screen vulnerability
CVE-2006-4573

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 5.04:
screen 4.0.2-4.1ubuntu2.5.04

Ubuntu 5.10:
screen 4.0.2-4.1ubuntu2.5.10

Ubuntu 6.06 LTS:
screen 4.0.2-4.1ubuntu5.6.06

Ubuntu 6.10:
screen 4.0.2-4.1ubuntu5.6.10

After a standard system upgrade you need to restart any running screen sessions to effect the necessary changes.

Details follow:

cstone and Rich Felker discovered a programming error in the UTF8 string handling code of "screen" leading to a denial of service. If a crafted string was displayed within a screen session, screen would crash or possibly execute arbitrary code.

Updated packages for Ubuntu 5.04:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu2.5.04.diff.gz
      Size/MD5: 34158 cba61559263bcc4370232cdadc6e582f
    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu2.5.04.dsc
      Size/MD5: 648 f6c73c29a88533bec08a0c7a596af8da
    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2.orig.tar.gz
      Size/MD5: 840519 ed68ea9b43d9fba0972cb017a24940a1

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu2.5.04_amd64.deb
      Size/MD5: 600012 b2f316afe7637709a5da52356d0e05ec

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu2.5.04_i386.deb
      Size/MD5: 577644 d8b407353de17ecda15979be0f42f892

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu2.5.04_powerpc.deb
      Size/MD5: 593876 3fa2c203b8aa9f7178d9489bc547845a

Updated packages for Ubuntu 5.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu2.5.10.diff.gz
      Size/MD5: 34163 6070d837711a9eb26aed7f6e253b8976
    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu2.5.10.dsc
      Size/MD5: 648 b10627fdfffa9eb56c883febe4e1d879
    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2.orig.tar.gz
      Size/MD5: 840519 ed68ea9b43d9fba0972cb017a24940a1

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu2.5.10_amd64.deb
      Size/MD5: 608874 cafd5e3cebd014b2f91ad1abc9be6ea7

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu2.5.10_i386.deb
      Size/MD5: 580646 a5e927874bef8d3989d728758bf37c4a

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu2.5.10_powerpc.deb
      Size/MD5: 598392 8e667231c080709c1900d543cdc6575f

sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu2.5.10_sparc.deb
      Size/MD5: 596636 6bb3b98e8575d7c5bedf3c4306c37bd8

Updated packages for Ubuntu 6.06 LTS:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.06.diff.gz
      Size/MD5: 54523 ffd98c68cd22cec18f7017b0e26e0003
    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.06.dsc
      Size/MD5: 648 cc1098ba02b1f371e2d8afe72a06802c
    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2.orig.tar.gz
      Size/MD5: 840519 ed68ea9b43d9fba0972cb017a24940a1

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.06_amd64.deb
      Size/MD5: 609606 2ed54b9ddd4626ea693d0c549c1ddefa

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.06_i386.deb
      Size/MD5: 580748 38ef03be6459a041f92668b550b3efa7

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.06_powerpc.deb
      Size/MD5: 598866 3213b3cef084f98fa010a719535aa72a

sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.06_sparc.deb
      Size/MD5: 594890 bd551cba69f370ed1ffc2aa3b9eb39ec

Updated packages for Ubuntu 6.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.10.diff.gz
      Size/MD5: 54524 eebf0a7b77625db94987d03d0171252f
    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.10.dsc
      Size/MD5: 648 e4cb0fca076db296eaf91f57b87e32f1
    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2.orig.tar.gz
      Size/MD5: 840519 ed68ea9b43d9fba0972cb017a24940a1

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.10_amd64.deb
      Size/MD5: 606076 d302fc97f5890de4a22ef77580f04c00

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.10_i386.deb
      Size/MD5: 584358 f01e1a4282ac189db902c252f92d6a7f

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.10_powerpc.deb
      Size/MD5: 599994 ac26d1da763cdad66e9fa8b1846968e6

sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.10_sparc.deb
      Size/MD5: 597784 76c7fd9e1ed7b229fb5de57f60394db1


Ubuntu Security Notice USN-371-1 October 31, 2006
ruby1.8 vulnerability
CVE-2006-5467

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 5.04:
libruby1.8 1.8.1+1.8.2pre4-1ubuntu0.5

Ubuntu 5.10:
libruby1.8 1.8.2-9ubuntu1.3

Ubuntu 6.06 LTS:
libruby1.8 1.8.4-1ubuntu1.2

Ubuntu 6.10:
libruby1.8 1.8.4-5ubuntu1.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

An error was found in Ruby's CGI library that did not correctly check for the end of multipart MIME requests. Using a crafted HTTP request, a remote user could cause a denial of service, where Ruby CGI applications would end up in a loop, monopolizing a CPU.

Updated packages for Ubuntu 5.04:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.8/ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.5.diff.gz
      Size/MD5: 36237 4cf0186e529c8572e63c3e5fa23b8490
    http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.8/ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.5.dsc
      Size/MD5: 1408 6840b3026fe9ff9c2d1b3bfc9439537a
    http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.8/ruby1.8_1.8.1+1.8.2pre4.orig.tar.gz
      Size/MD5: 3598517 1bf195093ed5279412f1047f70fafded

Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/irb1.8_1.8.1+1.8.2pre4-1ubuntu0.5_all.deb
      Size/MD5: 149518 d6e01838b9e3ea0a6ac87a946e14f934
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libdrb-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.5_all.deb
      Size/MD5: 132272 b7b8b94870d094ba4112d01b784ed22c
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/liberb-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.5_all.deb
      Size/MD5: 116086 e01642dfaac094d84f79d722a343ff72
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/librexml-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.5_all.deb
      Size/MD5: 169266 d68598481a8b39fb1d24eb9149751599
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libsoap-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.5_all.deb
      Size/MD5: 217882 7c8de749b8a03049e5210a8de0ce6c2e
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libtest-unit-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.5_all.deb
      Size/MD5: 135050 730a0c59a59656c5f26aeb2c8b1f937c
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libwebrick-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.5_all.deb
      Size/MD5: 140548 10e2ab4ab2301c037ac66365608cd442
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libxmlrpc-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.5_all.deb
      Size/MD5: 130030 d074e4e99f0ed12cf34cc8afebcd5e9d
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/rdoc1.8_1.8.1+1.8.2pre4-1ubuntu0.5_all.deb
      Size/MD5: 216690 35789f77e70556893b8095ef08144d75
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/ri1.8_1.8.1+1.8.2pre4-1ubuntu0.5_all.deb
      Size/MD5: 441292 f5165cfd3c11f6ab59f3ba52c4fe4a76
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/ruby1.8-elisp_1.8.1+1.8.2pre4-1ubuntu0.5_all.deb
      Size/MD5: 125722 f86226d1549be122b14c940ddeb2248a
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/ruby1.8-examples_1.8.1+1.8.2pre4-1ubuntu0.5_all.deb
      Size/MD5: 135282 8c2a63dbe3ebf140283482f48d8ddb0d

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libbigdecimal-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.5_amd64.deb
      Size/MD5: 153334 bec045743599c596c580408fd074b984
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libcurses-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.5_amd64.deb
      Size/MD5: 125830 3416bdebd82eb3c0b0f2d0980221366a
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libdbm-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.5_amd64.deb
      Size/MD5: 118448 877226c72df56d043caf480f687f8b14
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libdl-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.5_amd64.deb
      Size/MD5: 152266 13b2305e17ecff613ae4841ae375d7b2
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libgdbm-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.5_amd64.deb
      Size/MD5: 120004 7537cef5c40dfde22fb3497d56e695db
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libiconv-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.5_amd64.deb
      Size/MD5: 113948 c0ea069afcf5be9d770cd13ef0a144d2
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libopenssl-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.5_amd64.deb
      Size/MD5: 215018 65c7cb192eef7d4ab8d9a03619c4439e
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libpty-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.5_amd64.deb
      Size/MD5: 117162 9093ba931f4e29a51987cd19ef7c8214
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libracc-runtime-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.5_amd64.deb
      Size/MD5: 116964 b3b2dd1c7e64b8db3aeee006e9f2d60c
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libreadline-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.5_amd64.deb
      Size/MD5: 115778 4c390aa2468e089eb4794e60882369c6
    http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.8/libruby1.8-dbg_1.8.1+1.8.2pre4-1ubuntu0.5_amd64.deb
      Size/MD5: 759926 ec0bcd4af5d513baf492931c0bd8dfc6
    http://security.ubuntu.com/ubuntu/pool/main/r/ruby1.8/libruby1.8_1.8.1+1.8.2pre4-1ubuntu0.5_amd64.deb
      Size/MD5: 900776 6f2ef849e9a3b86261b9c2c41e35213f
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libsdbm-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.5_amd64.deb
      Size/MD5: 121806 f072088e99af30d2320b799d179e6fee
    http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libstrscan-ruby1.8_1.8.1+1.8.2pre