---

Home Security

Slackware Linux Advisory: qt

By

[slackware-security] Qt (SSA:2004-236-01)

New Qt packages are available for Slackware 9.0, 9.1, 10.0, and
-current to fix security issues. Bugs in the routines that handle
PNG, BMP, GIF, and JPEG images may allow an attacker to cause
unauthorized code to execute when a specially crafted image file is
processed. These flaws may also cause crashes that lead to a denial
of service.

More details about these issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0691

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0692

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0693

Here are the details from the Slackware 10.0 ChangeLog:
+————————–+
Mon Aug 23 12:12:58 PDT 2004
patches/packages/qt-3.3.3-i486-1.tgz: Upgraded to qt-3.3.3. This
fixes bugs in the image loading routines which could be used by an
attacker to run unauthorized code or create a
denial-of-service.
For more details, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0691

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0692

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0693

(* Security fix *)
+————————–+

Where to find the new packages:

Updated package for Slackware 9.0:

ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/kde/qt-3.1.2-i486-4.tgz

Updated package for Slackware 9.1:

ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/qt-3.2.1-i486-2.tgz

Updated package for Slackware 10.0:

ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/qt-3.3.3-i486-1.tgz

Updated package for Slackware -current:

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/kde/qt-3.3.3-i486-1.tgz

MD5 signatures:

Slackware 9.0 package:
1c08c5c4565bc9705c77c68158b243ff qt-3.1.2-i486-4.tgz

Slackware 9.1 package:
0ac3036c617f3236d868524d7b04c9ac qt-3.2.1-i486-2.tgz

Slackware 10.0 package:
58f31da25d9e03b6d00bda1402c361ef qt-3.3.3-i486-1.tgz

Slackware -current package:
58f31da25d9e03b6d00bda1402c361ef qt-3.3.3-i486-1.tgz

Installation instructions:

Upgrade the package as root:
# upgradepkg qt-3.3.3-i486-1.tgz

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
[email protected]

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.