[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Redhat : RHN Errata Alert: Updated qt packages fix security issues
Red Hat Network has determined that the following advisory is applicable to
one or more of the systems you have registered:
Complete information about this errata can be found at the following location:
https://rhn.redhat.com/network/errata/errata_details.pxt?eid=2285
Security Advisory - RHSA-2004:414-19
------------------------------------------------------------------------------
Summary:
Updated qt packages fix security issues
Updated qt packages that fix security issues in several of the image
decoders are now available.
Description:
Qt is a software toolkit that simplifies the task of writing and
maintaining GUI (Graphical User Interface) applications for the X Window
System.
During a security audit, Chris Evans discovered a heap overflow in the BMP
image decoder in Qt versions prior to 3.3.3. An attacker could create a
carefully crafted BMP file in such a way that it would cause an application
linked with Qt to crash or possibly execute arbitrary code when the file
was opened by a victim. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0691 to this issue.
Additionally, various flaws were discovered in the GIF, XPM, and JPEG
decoders in Qt versions prior to 3.3.3. An attacker could create carefully
crafted image files in such a way that it could cause an application linked
against Qt to crash when the file was opened by a victim. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
names CAN-2004-0692 and CAN-2004-0693 to these issues.
Users of Qt should update to these updated packages which contain
backported patches and are not vulnerable to these issues.
References:
http://www.trolltech.com/developer/changes/changes-3.3.3.html
------------------------------------------------------------------------------
-------------
Taking Action
-------------
You may address the issues outlined in this advisory in two ways:
- select your server name by clicking on its name from the list
available at the following location, and then schedule an
errata update for it:
https://rhn.redhat.com/network/systemlist/system_list.pxt
- run the Update Agent on each affected server.
---------------------------------
Changing Notification Preferences
---------------------------------
To enable/disable your Errata Alert preferences globally please log in to RHN
and navigate from "Your RHN" / "Your Account" to the "Preferences" tab.
URL: https://rhn.redhat.com/network/my_account/my_prefs.pxt
You can also enable/disable notification on a per system basis by selecting an
individual system from the "Systems List". From the individual system view
click the "Details" tab.
---------------------
Affected Systems List
---------------------
This Errata Advisory may apply to the systems listed below. If you know that
this errata does not apply to a system listed, it might be possible that the
package profile for that server is out of date. In that case you should run
'up2date -p' as root on the system in question to refresh your software profile.
There are 12 affected systems registered in 'Your RHN' (only systems for
which you have explicitly enabled Errata Alerts are shown).
Release Arch Profile Name
-------- -------- ------------
3AS i686 durian.nac.uci.edu
3AS i686 br.nac.uci.edu
3AS i686 hydra.nac.uci.edu
3AS i686 p02.es.uci.edu
3AS x86_64 mpc64.nacs.uci.edu
3AS x86_64 narg.nac.uci.edu
3AS i686 vesta.nac.uci.edu
3AS x86_64 pxe.es.uci.edu
3WS i686 node-xeon-4
3WS i686 node-xeon-10
3WS i686 northdome.nac.uci.edu
3WS i686 trillian.ics.uci.edu
The Red Hat Network Team
This message is being sent by Red Hat Network Alert to:
RHN user login: ucinacs
Email address on file: <root@rhn.nacs.uci.edu>
If you lost your RHN password, you can use the information above to
retrieve it by email from the following address:
https://rhn.redhat.com/forgot_password.pxt
To cancel these notices, go to:
https://rhn.redhat.com/oo.pxt?uid=3145121&oid=3699264