LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-23-2004, 06:48 PM   #1
Joey.Dale
Member
 
Registered: Jun 2003
Location: Tampa, Fl
Distribution: Gentoo, Slackware
Posts: 828

Rep: Reputation: 39
[slackware-security] Qt (SSA:2004-236-01)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] Qt (SSA:2004-236-01)


New Qt packages are available for Slackware 9.0, 9.1, 10.0, and -current to
fix security issues. Bugs in the routines that handle PNG, BMP, GIF, and
JPEG images may allow an attacker to cause unauthorized code to execute when
a specially crafted image file is processed. These flaws may also cause
crashes that lead to a denial of service.

More details about these issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename...=CAN-2004-0691
http://cve.mitre.org/cgi-bin/cvename...=CAN-2004-0692
http://cve.mitre.org/cgi-bin/cvename...=CAN-2004-0693


Here are the details from the Slackware 10.0 ChangeLog:
+--------------------------+
Mon Aug 23 12:12:58 PDT 2004
patches/packages/qt-3.3.3-i486-1.tgz: Upgraded to qt-3.3.3.
This fixes bugs in the image loading routines which could be
used by an attacker to run unauthorized code or create a
denial-of-service.
For more details, see:
http://cve.mitre.org/cgi-bin/cvename...=CAN-2004-0691
http://cve.mitre.org/cgi-bin/cvename...=CAN-2004-0692
http://cve.mitre.org/cgi-bin/cvename...=CAN-2004-0693
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackwar...1.2-i486-4.tgz

Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackwar...2.1-i486-2.tgz

Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackwar...3.3-i486-1.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackwar...3.3-i486-1.tgz


MD5 signatures:
+-------------+

Slackware 9.0 package:
1c08c5c4565bc9705c77c68158b243ff qt-3.1.2-i486-4.tgz

Slackware 9.1 package:
0ac3036c617f3236d868524d7b04c9ac qt-3.2.1-i486-2.tgz

Slackware 10.0 package:
58f31da25d9e03b6d00bda1402c361ef qt-3.3.3-i486-1.tgz

Slackware -current package:
58f31da25d9e03b6d00bda1402c361ef qt-3.3.3-i486-1.tgz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg qt-3.3.3-i486-1.tgz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBKmKmakRjwEAQIjMRAhmOAJ9j1p+YJGrJTfHTeDa1HoNX7i7/wwCfUbYp
lvBrSwNQB4OtzGjbOxeW4C0=
=WALn
-----END PGP SIGNATURE-----
 
Old 08-24-2004, 08:57 AM   #2
joe83
Member
 
Registered: Sep 2003
Location: Kennesaw GA
Distribution: Slackware-current , Slack81Zip, Smoothwall v2
Posts: 427

Rep: Reputation: 31
Talking

Thanks for the heads up and HAPPY BIRTHDAY!!!


 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LQ Security Report - June 27 2004 Capt_Caveman Linux - Security 3 06-27-2004 01:37 AM
LQ Security Report May 28th 2004 Capt_Caveman Linux - Security 4 05-28-2004 01:26 PM
LQ Security Report - May 22nd 2004 Capt_Caveman Linux - Security 3 05-22-2004 02:41 AM
LQ Security Report - May 8th 2004 Capt_Caveman Linux - Security 3 05-08-2004 11:39 AM
Subject: [slackware-security] 2.4.21 kernels available (SSA:2003-168-01) Anibal Slackware 0 08-21-2003 01:29 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:51 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration