__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN Qt Security Update [Red Hat RHSA-2007:0883-2] September 17, 2007 17:00 GMT Number R-350 [REVISED 8 Oct 2007] ______________________________________________________________________________ PROBLEM: A flaw was found in the was Qt expanded certain UTF8 characters and a buffer overflow in the way Qt expanded malformed Unicode strings. PLATFORM: RHEL Desktop Workstation (v. 5 client) Red Hat Desktop (v. 3, v. 4) Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux AS, ES, WS (v. 2.1, v. 3, v. 4) Red Hat Enterprise Linux Desktop (v. 5 client) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor SGI Security Advisory 20070901-01-P for SGI ProPack 3 Service Pack 6 DAMAGE: Could lead to a Denial of Service or possibly allow the execution of arbitrary code. SOLUTION: Upgrade to the appropriate version. ______________________________________________________________________________ VULNERABILITY The risk is LOW. Could lead to a Denial of Service or possibly ASSESSMENT: allow the execution of arbitrary code. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/r-350.shtml ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2007-0883.html ADDITIONAL LINKS: https://rhn.redhat.com/errata/RHSA-2007-0909.html http://www.sgi.com/support/security/advisories.html CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2007-0242 CVE-2007-4137 ______________________________________________________________________________ REVISION HISTORY: 10/08/2007 - revised R-350 to add links to Red Hat RHSA-2007:0909-5 for RHEL Desktop Workstation (v. 5 client), Red Hat Desktop (v. 4), Red Hat Enterprise Linux (v. 5 server), AS, ES, WS (v. 4), Desktop (v. 5 client, and SGI Security Advisory 20070901-01-P for SGI ProPack 3 Service Pack 6. [***** Start Red Hat RHSA-2007:0883-2 *****] qt security update Advisory: RHSA-2007:0883-2 Type: Security Advisory Severity: Important Issued on: 2007-09-13 Last updated on: 2007-09-13 Affected Products: RHEL Desktop Workstation (v. 5 client) Red Hat Desktop (v. 3) Red Hat Desktop (v. 4) Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux Desktop (v. 5 client) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Enterprise Linux WS (v. 3) Red Hat Enterprise Linux WS (v. 4) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor OVAL: com.redhat.rhsa-20070883.xml CVEs (cve.mitre.org): CVE-2007-0242 CVE-2007-4137 Details Updated qt packages that correct two security flaws are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. A flaw was found in the way Qt expanded certain UTF8 characters. It was possible to prevent a Qt-based application from properly sanitizing user supplied input. This could, for example, result in a cross-site scripting attack against the Konqueror web browser. (CVE-2007-0242) A buffer overflow flaw was found in the way Qt expanded malformed Unicode strings. If an application linked against Qt parsed a malicious Unicode string, it could lead to a denial of service or possibly allow the execution of arbitrary code. (CVE-2007-4137) Users of Qt should upgrade to these updated packages, which contain a backported patch to correct these issues. Solution Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 Updated packages RHEL Desktop Workstation (v. 5 client) -------------------------------------------------------------------------------- IA-32: qt-designer-3.3.6-23.el5.i386.rpm 4abddb794a3e6c0d17e5b346704dd845 qt-devel-3.3.6-23.el5.i386.rpm 06cf3030bd05e5f1e0b8c5600f87aba3 qt-devel-docs-3.3.6-23.el5.i386.rpm e3b7d0e850d7881dda277fff035ef628 x86_64: qt-designer-3.3.6-23.el5.x86_64.rpm 3e334d03261e207876ea304ebdeae2da qt-devel-3.3.6-23.el5.i386.rpm 06cf3030bd05e5f1e0b8c5600f87aba3 qt-devel-3.3.6-23.el5.x86_64.rpm abe5a8d59f403ae69196eb3b589ed835 qt-devel-docs-3.3.6-23.el5.x86_64.rpm 68f0b57e3946e02ad43412762874a3d3 Red Hat Desktop (v. 3) -------------------------------------------------------------------------------- SRPMS: qt-3.1.2-17.RHEL3.src.rpm 4452104615d5039ef765f24ebe799e1c IA-32: qt-3.1.2-17.RHEL3.i386.rpm 4e7da717ff29695dec2f60f65c8bea42 qt-MySQL-3.1.2-17.RHEL3.i386.rpm f6e248010ecb3249e9716cbd9609f67e qt-ODBC-3.1.2-17.RHEL3.i386.rpm d8e44ac11a48067e72b0b6b8e3a300f4 qt-config-3.1.2-17.RHEL3.i386.rpm fbe9a42f58d7b0e3c6daa24e68b3c705 qt-designer-3.1.2-17.RHEL3.i386.rpm dd9aedcd46add344bed346a3787fae7d qt-devel-3.1.2-17.RHEL3.i386.rpm ea348d29d479a87f455230317c9582a8 x86_64: qt-3.1.2-17.RHEL3.i386.rpm 4e7da717ff29695dec2f60f65c8bea42 qt-3.1.2-17.RHEL3.x86_64.rpm b4d67ce781877567e5950edeae095d9c qt-MySQL-3.1.2-17.RHEL3.x86_64.rpm f7e37ead1216d9d628f76cce389c7c11 qt-ODBC-3.1.2-17.RHEL3.x86_64.rpm 1127d279723acd84a8ba1a690a126e6a qt-config-3.1.2-17.RHEL3.x86_64.rpm b49507c20a3e85a51c6b1b765e23b192 qt-designer-3.1.2-17.RHEL3.x86_64.rpm 62c12fb3d070752064d3c3dfc71e6af4 qt-devel-3.1.2-17.RHEL3.x86_64.rpm 8f4e7c7dd00b7da9b951d1b4003bbc92 Red Hat Desktop (v. 4) -------------------------------------------------------------------------------- SRPMS: qt-3.3.3-13.RHEL4.src.rpm eacd0d205f0ae8a9ad4a71ed4a903b09 IA-32: qt-3.3.3-13.RHEL4.i386.rpm 33a3edaba08e6c726f51e0f308295af5 qt-MySQL-3.3.3-13.RHEL4.i386.rpm 23ff559a8658ddaa8922955ffee8efcf qt-ODBC-3.3.3-13.RHEL4.i386.rpm c2515c4ded4e84eb996bdbc9ac2882e2 qt-PostgreSQL-3.3.3-13.RHEL4.i386.rpm 1bf2c5e313a98dab595d4a1db0dca65d qt-config-3.3.3-13.RHEL4.i386.rpm ea13732e9a74fa1353420b49d54472b2 qt-designer-3.3.3-13.RHEL4.i386.rpm d2f94bfb4f65bf8f2c7271a008d3582d qt-devel-3.3.3-13.RHEL4.i386.rpm 45d90d6346d0f2a259b98bc55878fb50 x86_64: qt-3.3.3-13.RHEL4.i386.rpm 33a3edaba08e6c726f51e0f308295af5 qt-3.3.3-13.RHEL4.x86_64.rpm ec3d82a12614186892ba614a6452a390 qt-MySQL-3.3.3-13.RHEL4.x86_64.rpm 9368a7a67e77a1b686587f65a80c113f qt-ODBC-3.3.3-13.RHEL4.x86_64.rpm 08c4c78f6ae7dc0ee9ddbb4ca4c7516d qt-PostgreSQL-3.3.3-13.RHEL4.x86_64.rpm 0366ea5efdae2032fc68d3aa70841498 qt-config-3.3.3-13.RHEL4.x86_64.rpm a35ac6463cb2305df0611577656e7aae qt-designer-3.3.3-13.RHEL4.x86_64.rpm 8eaf0d19632e5476b41022a05fee2a73 qt-devel-3.3.3-13.RHEL4.x86_64.rpm e9bd6ed3ea896ff3fc85d10d2c7b8221 Red Hat Enterprise Linux (v. 5 server) -------------------------------------------------------------------------------- SRPMS: qt-3.3.6-23.el5.src.rpm 8aa420e8844191f9b99a3106bc4775d5 IA-32: qt-3.3.6-23.el5.i386.rpm a62815532d4d95fb0a2ace2bd2aa7056 qt-MySQL-3.3.6-23.el5.i386.rpm 704559a3c43a04a23aca0fb68354b97d qt-ODBC-3.3.6-23.el5.i386.rpm f8ef38105f543865e6430c986cf1de3b qt-PostgreSQL-3.3.6-23.el5.i386.rpm 02cbb89197fd63e49774e7c028662689 qt-config-3.3.6-23.el5.i386.rpm 648b9919e69bfa355cdd3e6ed731e079 qt-designer-3.3.6-23.el5.i386.rpm 4abddb794a3e6c0d17e5b346704dd845 qt-devel-3.3.6-23.el5.i386.rpm 06cf3030bd05e5f1e0b8c5600f87aba3 qt-devel-docs-3.3.6-23.el5.i386.rpm e3b7d0e850d7881dda277fff035ef628 IA-64: qt-3.3.6-23.el5.i386.rpm a62815532d4d95fb0a2ace2bd2aa7056 qt-3.3.6-23.el5.ia64.rpm d6ce784c073bec6df6deb6ad39f36b34 qt-MySQL-3.3.6-23.el5.ia64.rpm f4678f53b56ff024922f6d6842eb069c qt-ODBC-3.3.6-23.el5.ia64.rpm 358e38dfc0d738448a3f92ba04b094fc qt-PostgreSQL-3.3.6-23.el5.ia64.rpm a64ecfdf8159d5e28e46a8eccbc9f06d qt-config-3.3.6-23.el5.ia64.rpm de856dccb5c773f4ec622e6605e60aed qt-designer-3.3.6-23.el5.ia64.rpm 0bfdab13be794fa8bd39a94b461acbe2 qt-devel-3.3.6-23.el5.ia64.rpm 5440af6664c56fe3c377eacd567bed7e qt-devel-docs-3.3.6-23.el5.ia64.rpm fe7bc051f63bc519381f80bc38f6b295 PPC: qt-3.3.6-23.el5.ppc.rpm e658cc6d041b6cb0ba6712d87d304cbe qt-3.3.6-23.el5.ppc64.rpm b3d5eb5fab36b43f2758228425913e90 qt-MySQL-3.3.6-23.el5.ppc.rpm 9a723a34290afc0649ff317de7c6935b qt-ODBC-3.3.6-23.el5.ppc.rpm a25fc5f5c72b877d341e7aba8f8019cf qt-PostgreSQL-3.3.6-23.el5.ppc.rpm d877e30725e2405ad9a3c1fd0ac9c34d qt-config-3.3.6-23.el5.ppc.rpm 6f0cab940b12ef0b403067def463426d qt-designer-3.3.6-23.el5.ppc.rpm 7d20c3f7834e3b65cdc476b4df6ebd1e qt-devel-3.3.6-23.el5.ppc.rpm 7729b95028686932f12d7adf3e8e0661 qt-devel-3.3.6-23.el5.ppc64.rpm 5bcdc65d1922eb6546dfbf36b4caa4c7 qt-devel-docs-3.3.6-23.el5.ppc.rpm 3f8f5804975019509471122cfa7cc36f s390x: qt-3.3.6-23.el5.s390.rpm cf67f012961779248908d3310b8154bf qt-3.3.6-23.el5.s390x.rpm dafc14ec9191a516de769dc27b06bc11 qt-MySQL-3.3.6-23.el5.s390x.rpm f3e3dbf4bb84f2dbb3e88805d7d485cb qt-ODBC-3.3.6-23.el5.s390x.rpm bd6143220b20888e97c9e68d9fc9ceb9 qt-PostgreSQL-3.3.6-23.el5.s390x.rpm 70e17c732b26f00e10cf998ee315e145 qt-config-3.3.6-23.el5.s390x.rpm 8ff82552421d733739867646b23a12f8 qt-designer-3.3.6-23.el5.s390x.rpm 2a04827cdc5235f13fe5d794f784987f qt-devel-3.3.6-23.el5.s390.rpm fe76a4a2b913fa94e741f654747800ca qt-devel-3.3.6-23.el5.s390x.rpm 097357049eff412b87f8413bcc30c5b5 qt-devel-docs-3.3.6-23.el5.s390x.rpm cc3fd75cf2eca25cb0f9734287223003 x86_64: qt-3.3.6-23.el5.i386.rpm a62815532d4d95fb0a2ace2bd2aa7056 qt-3.3.6-23.el5.x86_64.rpm bc8b1445b84bc1245d6a93d1d7405015 qt-MySQL-3.3.6-23.el5.x86_64.rpm 3ee51007e2735c0edd37eb0d6d0b66af qt-ODBC-3.3.6-23.el5.x86_64.rpm 81c765d55082d719bb5e6aa5aafd9cdd qt-PostgreSQL-3.3.6-23.el5.x86_64.rpm 166edb97c1045be8403b608676dc2838 qt-config-3.3.6-23.el5.x86_64.rpm f45940dba2c29b90f4032739efebdadf qt-designer-3.3.6-23.el5.x86_64.rpm 3e334d03261e207876ea304ebdeae2da qt-devel-3.3.6-23.el5.i386.rpm 06cf3030bd05e5f1e0b8c5600f87aba3 qt-devel-3.3.6-23.el5.x86_64.rpm abe5a8d59f403ae69196eb3b589ed835 qt-devel-docs-3.3.6-23.el5.x86_64.rpm 68f0b57e3946e02ad43412762874a3d3 Red Hat Enterprise Linux AS (v. 2.1) -------------------------------------------------------------------------------- SRPMS: qt-2.3.1-14.EL2.src.rpm 8a502e3256a080712354cfd395a6101a IA-32: qt-2.3.1-14.EL2.i386.rpm cb7a55558352f341e8a1dd18ac60da76 qt-Xt-2.3.1-14.EL2.i386.rpm c9fb0cb63d012c2906001e1fe8b36d7b qt-designer-2.3.1-14.EL2.i386.rpm d1d821355732840df2c17cd163c0cbf4 qt-devel-2.3.1-14.EL2.i386.rpm fdb0a7b446ae6439160425de257c1cec qt-static-2.3.1-14.EL2.i386.rpm 51524582af71a8df368368037f9e5034 IA-64: qt-2.3.1-14.EL2.ia64.rpm 09128ea44d4e3e1e689f84aea45caba7 qt-Xt-2.3.1-14.EL2.ia64.rpm 8572b659567a7245c431925b8f7b845e qt-designer-2.3.1-14.EL2.ia64.rpm eb9f2850e612c063dae986c4c7830394 qt-devel-2.3.1-14.EL2.ia64.rpm 548ff9654e84a52776168ec9aec60036 qt-static-2.3.1-14.EL2.ia64.rpm 20862134ba8ccbec2c633588eacfa39d Red Hat Enterprise Linux AS (v. 3) -------------------------------------------------------------------------------- SRPMS: qt-3.1.2-17.RHEL3.src.rpm 4452104615d5039ef765f24ebe799e1c IA-32: qt-3.1.2-17.RHEL3.i386.rpm 4e7da717ff29695dec2f60f65c8bea42 qt-MySQL-3.1.2-17.RHEL3.i386.rpm f6e248010ecb3249e9716cbd9609f67e qt-ODBC-3.1.2-17.RHEL3.i386.rpm d8e44ac11a48067e72b0b6b8e3a300f4 qt-config-3.1.2-17.RHEL3.i386.rpm fbe9a42f58d7b0e3c6daa24e68b3c705 qt-designer-3.1.2-17.RHEL3.i386.rpm dd9aedcd46add344bed346a3787fae7d qt-devel-3.1.2-17.RHEL3.i386.rpm ea348d29d479a87f455230317c9582a8 IA-64: qt-3.1.2-17.RHEL3.i386.rpm 4e7da717ff29695dec2f60f65c8bea42 qt-3.1.2-17.RHEL3.ia64.rpm 15a08a587461cf623d9dc3104ad7577d qt-MySQL-3.1.2-17.RHEL3.ia64.rpm 3409cbbf9a7406f3ae95fb6c7ba38a55 qt-ODBC-3.1.2-17.RHEL3.ia64.rpm 2714ed3ec1fc284fd9d4e6d8a606e00a qt-config-3.1.2-17.RHEL3.ia64.rpm ec631e82f087a731ab91a072c03ab7d8 qt-designer-3.1.2-17.RHEL3.ia64.rpm af2c9f21f5c109c5af3ae5eb8b7c07d4 qt-devel-3.1.2-17.RHEL3.ia64.rpm c4d1dab266f31bfe2df09addb913b21b PPC: qt-3.1.2-17.RHEL3.ppc.rpm fa6166b2dca5413683c230de4a8adefb qt-3.1.2-17.RHEL3.ppc64.rpm 1470f6c2333a9d7688f79b13e0c44367 qt-MySQL-3.1.2-17.RHEL3.ppc.rpm b61084cc6e1468c79b4840e82e98df77 qt-ODBC-3.1.2-17.RHEL3.ppc.rpm 21ab8b06f2c55d6e84573d450e972507 qt-config-3.1.2-17.RHEL3.ppc.rpm c0419d4280cbe211db8e584250c16ca3 qt-designer-3.1.2-17.RHEL3.ppc.rpm 1b03fc820f91473e04d842e5ccc5a5c2 qt-devel-3.1.2-17.RHEL3.ppc.rpm d7f238560b2913109ac7648ad40644ab s390: qt-3.1.2-17.RHEL3.s390.rpm 0f8b2b05eb52bfa18f00128e9277d510 qt-MySQL-3.1.2-17.RHEL3.s390.rpm 66ab42f90bf03cdb80df900e171c5f91 qt-ODBC-3.1.2-17.RHEL3.s390.rpm c4096459b203a4747d0ac578be771dac qt-config-3.1.2-17.RHEL3.s390.rpm de865a0674affe9a2bbbb2f0d62ce07b qt-designer-3.1.2-17.RHEL3.s390.rpm 234e1e39581347dd670e99df337b3345 qt-devel-3.1.2-17.RHEL3.s390.rpm 5519f62409d281b4622c4a50ecd726ed s390x: qt-3.1.2-17.RHEL3.s390.rpm 0f8b2b05eb52bfa18f00128e9277d510 qt-3.1.2-17.RHEL3.s390x.rpm f4d2f3ef04c8f4b3e755f00f93225cd3 qt-MySQL-3.1.2-17.RHEL3.s390x.rpm c5b824f23b9ed5877cb7ae6a0277a6ab qt-ODBC-3.1.2-17.RHEL3.s390x.rpm 7d29a3cd9c4bc45e940122bb45f970e6 qt-config-3.1.2-17.RHEL3.s390x.rpm a70989f0c21fa60fc8fa87a33da646c8 qt-designer-3.1.2-17.RHEL3.s390x.rpm 274daf861dce6c85b7cec2ea919c7868 qt-devel-3.1.2-17.RHEL3.s390x.rpm 7989bf5f14c33a31004f0f441a4da12c x86_64: qt-3.1.2-17.RHEL3.i386.rpm 4e7da717ff29695dec2f60f65c8bea42 qt-3.1.2-17.RHEL3.x86_64.rpm b4d67ce781877567e5950edeae095d9c qt-MySQL-3.1.2-17.RHEL3.x86_64.rpm f7e37ead1216d9d628f76cce389c7c11 qt-ODBC-3.1.2-17.RHEL3.x86_64.rpm 1127d279723acd84a8ba1a690a126e6a qt-config-3.1.2-17.RHEL3.x86_64.rpm b49507c20a3e85a51c6b1b765e23b192 qt-designer-3.1.2-17.RHEL3.x86_64.rpm 62c12fb3d070752064d3c3dfc71e6af4 qt-devel-3.1.2-17.RHEL3.x86_64.rpm 8f4e7c7dd00b7da9b951d1b4003bbc92 Red Hat Enterprise Linux AS (v. 4) -------------------------------------------------------------------------------- SRPMS: qt-3.3.3-13.RHEL4.src.rpm eacd0d205f0ae8a9ad4a71ed4a903b09 IA-32: qt-3.3.3-13.RHEL4.i386.rpm 33a3edaba08e6c726f51e0f308295af5 qt-MySQL-3.3.3-13.RHEL4.i386.rpm 23ff559a8658ddaa8922955ffee8efcf qt-ODBC-3.3.3-13.RHEL4.i386.rpm c2515c4ded4e84eb996bdbc9ac2882e2 qt-PostgreSQL-3.3.3-13.RHEL4.i386.rpm 1bf2c5e313a98dab595d4a1db0dca65d qt-config-3.3.3-13.RHEL4.i386.rpm ea13732e9a74fa1353420b49d54472b2 qt-designer-3.3.3-13.RHEL4.i386.rpm d2f94bfb4f65bf8f2c7271a008d3582d qt-devel-3.3.3-13.RHEL4.i386.rpm 45d90d6346d0f2a259b98bc55878fb50 IA-64: qt-3.3.3-13.RHEL4.i386.rpm 33a3edaba08e6c726f51e0f308295af5 qt-3.3.3-13.RHEL4.ia64.rpm 4b839a970c94ae85ea4c4eb2a8f0777f qt-MySQL-3.3.3-13.RHEL4.ia64.rpm 4c0683fe8b96b97bb3d302f4e6a5413f qt-ODBC-3.3.3-13.RHEL4.ia64.rpm 6cc15886d103a59d5da0796581fffa17 qt-PostgreSQL-3.3.3-13.RHEL4.ia64.rpm e7649946a8b1c63e8cca6b0997a4daa8 qt-config-3.3.3-13.RHEL4.ia64.rpm 635ecb49dd6cfe1aa33f9ced8d0c196d qt-designer-3.3.3-13.RHEL4.ia64.rpm 50970f840ded0e2ecf0f768ab07f507d qt-devel-3.3.3-13.RHEL4.ia64.rpm d198efb46f188cc5d2f70500c81a45a2 PPC: qt-3.3.3-13.RHEL4.ppc.rpm f61e45ae8cf66628b8b59173afce998e qt-3.3.3-13.RHEL4.ppc64.rpm a3fc0a6927ba39b7fa6757c182aa0853 qt-MySQL-3.3.3-13.RHEL4.ppc.rpm 860f250295c57ffa6f694db47401bac0 qt-ODBC-3.3.3-13.RHEL4.ppc.rpm de7e9655e7ec8106861d74aa7ed434a0 qt-PostgreSQL-3.3.3-13.RHEL4.ppc.rpm bcf141cb835a2b4dbcc249cce2798cdc qt-config-3.3.3-13.RHEL4.ppc.rpm 72e5b361e1aa82e8ad2bf6114ac93536 qt-designer-3.3.3-13.RHEL4.ppc.rpm 00d63d59b5ed908b798bc8ab59d68926 qt-devel-3.3.3-13.RHEL4.ppc.rpm 79b971a1e8f17213b0ef445d4b2f3251 s390: qt-3.3.3-13.RHEL4.s390.rpm 15313e1a96de44148e9278cd82f3fe26 qt-MySQL-3.3.3-13.RHEL4.s390.rpm 9a7e2ccd2d09f35d84d72d0a0d19b66b qt-ODBC-3.3.3-13.RHEL4.s390.rpm 2ead59ab901d3d50c40f788aec347d16 qt-PostgreSQL-3.3.3-13.RHEL4.s390.rpm 95112987f8c20b315f4cb6ad1eef4b82 qt-config-3.3.3-13.RHEL4.s390.rpm 8c01f4883ea19c8ac1b2d4f27677a24b qt-designer-3.3.3-13.RHEL4.s390.rpm dd1be468d062efe273cc8348d29b1439 qt-devel-3.3.3-13.RHEL4.s390.rpm a4d1f23615abb461a67732af75f95acc s390x: qt-3.3.3-13.RHEL4.s390.rpm 15313e1a96de44148e9278cd82f3fe26 qt-3.3.3-13.RHEL4.s390x.rpm 74abc98b6e148cec5f454141e7055404 qt-MySQL-3.3.3-13.RHEL4.s390x.rpm e2166a937dc1a96461a62e0cf137967d qt-ODBC-3.3.3-13.RHEL4.s390x.rpm d944968f790042f626dc9ea071088c38 qt-PostgreSQL-3.3.3-13.RHEL4.s390x.rpm d177c1c53cf3eb877060fe5000e32f16 qt-config-3.3.3-13.RHEL4.s390x.rpm 3899655a7092360c159c7890b5f78075 qt-designer-3.3.3-13.RHEL4.s390x.rpm 8a97b705609aa0cae46bb385c81b6c77 qt-devel-3.3.3-13.RHEL4.s390x.rpm 375d159cabc92732675d73a0fed41757 x86_64: qt-3.3.3-13.RHEL4.i386.rpm 33a3edaba08e6c726f51e0f308295af5 qt-3.3.3-13.RHEL4.x86_64.rpm ec3d82a12614186892ba614a6452a390 qt-MySQL-3.3.3-13.RHEL4.x86_64.rpm 9368a7a67e77a1b686587f65a80c113f qt-ODBC-3.3.3-13.RHEL4.x86_64.rpm 08c4c78f6ae7dc0ee9ddbb4ca4c7516d qt-PostgreSQL-3.3.3-13.RHEL4.x86_64.rpm 0366ea5efdae2032fc68d3aa70841498 qt-config-3.3.3-13.RHEL4.x86_64.rpm a35ac6463cb2305df0611577656e7aae qt-designer-3.3.3-13.RHEL4.x86_64.rpm 8eaf0d19632e5476b41022a05fee2a73 qt-devel-3.3.3-13.RHEL4.x86_64.rpm e9bd6ed3ea896ff3fc85d10d2c7b8221 Red Hat Enterprise Linux Desktop (v. 5 client) -------------------------------------------------------------------------------- SRPMS: qt-3.3.6-23.el5.src.rpm 8aa420e8844191f9b99a3106bc4775d5 IA-32: qt-3.3.6-23.el5.i386.rpm a62815532d4d95fb0a2ace2bd2aa7056 qt-MySQL-3.3.6-23.el5.i386.rpm 704559a3c43a04a23aca0fb68354b97d qt-ODBC-3.3.6-23.el5.i386.rpm f8ef38105f543865e6430c986cf1de3b qt-PostgreSQL-3.3.6-23.el5.i386.rpm 02cbb89197fd63e49774e7c028662689 qt-config-3.3.6-23.el5.i386.rpm 648b9919e69bfa355cdd3e6ed731e079 x86_64: qt-3.3.6-23.el5.i386.rpm a62815532d4d95fb0a2ace2bd2aa7056 qt-3.3.6-23.el5.x86_64.rpm bc8b1445b84bc1245d6a93d1d7405015 qt-MySQL-3.3.6-23.el5.x86_64.rpm 3ee51007e2735c0edd37eb0d6d0b66af qt-ODBC-3.3.6-23.el5.x86_64.rpm 81c765d55082d719bb5e6aa5aafd9cdd qt-PostgreSQL-3.3.6-23.el5.x86_64.rpm 166edb97c1045be8403b608676dc2838 qt-config-3.3.6-23.el5.x86_64.rpm f45940dba2c29b90f4032739efebdadf Red Hat Enterprise Linux ES (v. 2.1) -------------------------------------------------------------------------------- SRPMS: qt-2.3.1-14.EL2.src.rpm 8a502e3256a080712354cfd395a6101a IA-32: qt-2.3.1-14.EL2.i386.rpm cb7a55558352f341e8a1dd18ac60da76 qt-Xt-2.3.1-14.EL2.i386.rpm c9fb0cb63d012c2906001e1fe8b36d7b qt-designer-2.3.1-14.EL2.i386.rpm d1d821355732840df2c17cd163c0cbf4 qt-devel-2.3.1-14.EL2.i386.rpm fdb0a7b446ae6439160425de257c1cec qt-static-2.3.1-14.EL2.i386.rpm 51524582af71a8df368368037f9e5034 Red Hat Enterprise Linux ES (v. 3) -------------------------------------------------------------------------------- SRPMS: qt-3.1.2-17.RHEL3.src.rpm 4452104615d5039ef765f24ebe799e1c IA-32: qt-3.1.2-17.RHEL3.i386.rpm 4e7da717ff29695dec2f60f65c8bea42 qt-MySQL-3.1.2-17.RHEL3.i386.rpm f6e248010ecb3249e9716cbd9609f67e qt-ODBC-3.1.2-17.RHEL3.i386.rpm d8e44ac11a48067e72b0b6b8e3a300f4 qt-config-3.1.2-17.RHEL3.i386.rpm fbe9a42f58d7b0e3c6daa24e68b3c705 qt-designer-3.1.2-17.RHEL3.i386.rpm dd9aedcd46add344bed346a3787fae7d qt-devel-3.1.2-17.RHEL3.i386.rpm ea348d29d479a87f455230317c9582a8 IA-64: qt-3.1.2-17.RHEL3.i386.rpm 4e7da717ff29695dec2f60f65c8bea42 qt-3.1.2-17.RHEL3.ia64.rpm 15a08a587461cf623d9dc3104ad7577d qt-MySQL-3.1.2-17.RHEL3.ia64.rpm 3409cbbf9a7406f3ae95fb6c7ba38a55 qt-ODBC-3.1.2-17.RHEL3.ia64.rpm 2714ed3ec1fc284fd9d4e6d8a606e00a qt-config-3.1.2-17.RHEL3.ia64.rpm ec631e82f087a731ab91a072c03ab7d8 qt-designer-3.1.2-17.RHEL3.ia64.rpm af2c9f21f5c109c5af3ae5eb8b7c07d4 qt-devel-3.1.2-17.RHEL3.ia64.rpm c4d1dab266f31bfe2df09addb913b21b x86_64: qt-3.1.2-17.RHEL3.i386.rpm 4e7da717ff29695dec2f60f65c8bea42 qt-3.1.2-17.RHEL3.x86_64.rpm b4d67ce781877567e5950edeae095d9c qt-MySQL-3.1.2-17.RHEL3.x86_64.rpm f7e37ead1216d9d628f76cce389c7c11 qt-ODBC-3.1.2-17.RHEL3.x86_64.rpm 1127d279723acd84a8ba1a690a126e6a qt-config-3.1.2-17.RHEL3.x86_64.rpm b49507c20a3e85a51c6b1b765e23b192 qt-designer-3.1.2-17.RHEL3.x86_64.rpm 62c12fb3d070752064d3c3dfc71e6af4 qt-devel-3.1.2-17.RHEL3.x86_64.rpm 8f4e7c7dd00b7da9b951d1b4003bbc92 Red Hat Enterprise Linux ES (v. 4) -------------------------------------------------------------------------------- SRPMS: qt-3.3.3-13.RHEL4.src.rpm eacd0d205f0ae8a9ad4a71ed4a903b09 IA-32: qt-3.3.3-13.RHEL4.i386.rpm 33a3edaba08e6c726f51e0f308295af5 qt-MySQL-3.3.3-13.RHEL4.i386.rpm 23ff559a8658ddaa8922955ffee8efcf qt-ODBC-3.3.3-13.RHEL4.i386.rpm c2515c4ded4e84eb996bdbc9ac2882e2 qt-PostgreSQL-3.3.3-13.RHEL4.i386.rpm 1bf2c5e313a98dab595d4a1db0dca65d qt-config-3.3.3-13.RHEL4.i386.rpm ea13732e9a74fa1353420b49d54472b2 qt-designer-3.3.3-13.RHEL4.i386.rpm d2f94bfb4f65bf8f2c7271a008d3582d qt-devel-3.3.3-13.RHEL4.i386.rpm 45d90d6346d0f2a259b98bc55878fb50 IA-64: qt-3.3.3-13.RHEL4.i386.rpm 33a3edaba08e6c726f51e0f308295af5 qt-3.3.3-13.RHEL4.ia64.rpm 4b839a970c94ae85ea4c4eb2a8f0777f qt-MySQL-3.3.3-13.RHEL4.ia64.rpm 4c0683fe8b96b97bb3d302f4e6a5413f qt-ODBC-3.3.3-13.RHEL4.ia64.rpm 6cc15886d103a59d5da0796581fffa17 qt-PostgreSQL-3.3.3-13.RHEL4.ia64.rpm e7649946a8b1c63e8cca6b0997a4daa8 qt-config-3.3.3-13.RHEL4.ia64.rpm 635ecb49dd6cfe1aa33f9ced8d0c196d qt-designer-3.3.3-13.RHEL4.ia64.rpm 50970f840ded0e2ecf0f768ab07f507d qt-devel-3.3.3-13.RHEL4.ia64.rpm d198efb46f188cc5d2f70500c81a45a2 x86_64: qt-3.3.3-13.RHEL4.i386.rpm 33a3edaba08e6c726f51e0f308295af5 qt-3.3.3-13.RHEL4.x86_64.rpm ec3d82a12614186892ba614a6452a390 qt-MySQL-3.3.3-13.RHEL4.x86_64.rpm 9368a7a67e77a1b686587f65a80c113f qt-ODBC-3.3.3-13.RHEL4.x86_64.rpm 08c4c78f6ae7dc0ee9ddbb4ca4c7516d qt-PostgreSQL-3.3.3-13.RHEL4.x86_64.rpm 0366ea5efdae2032fc68d3aa70841498 qt-config-3.3.3-13.RHEL4.x86_64.rpm a35ac6463cb2305df0611577656e7aae qt-designer-3.3.3-13.RHEL4.x86_64.rpm 8eaf0d19632e5476b41022a05fee2a73 qt-devel-3.3.3-13.RHEL4.x86_64.rpm e9bd6ed3ea896ff3fc85d10d2c7b8221 Red Hat Enterprise Linux WS (v. 2.1) -------------------------------------------------------------------------------- SRPMS: qt-2.3.1-14.EL2.src.rpm 8a502e3256a080712354cfd395a6101a IA-32: qt-2.3.1-14.EL2.i386.rpm cb7a55558352f341e8a1dd18ac60da76 qt-Xt-2.3.1-14.EL2.i386.rpm c9fb0cb63d012c2906001e1fe8b36d7b qt-designer-2.3.1-14.EL2.i386.rpm d1d821355732840df2c17cd163c0cbf4 qt-devel-2.3.1-14.EL2.i386.rpm fdb0a7b446ae6439160425de257c1cec qt-static-2.3.1-14.EL2.i386.rpm 51524582af71a8df368368037f9e5034 Red Hat Enterprise Linux WS (v. 3) -------------------------------------------------------------------------------- SRPMS: qt-3.1.2-17.RHEL3.src.rpm 4452104615d5039ef765f24ebe799e1c IA-32: qt-3.1.2-17.RHEL3.i386.rpm 4e7da717ff29695dec2f60f65c8bea42 qt-MySQL-3.1.2-17.RHEL3.i386.rpm f6e248010ecb3249e9716cbd9609f67e qt-ODBC-3.1.2-17.RHEL3.i386.rpm d8e44ac11a48067e72b0b6b8e3a300f4 qt-config-3.1.2-17.RHEL3.i386.rpm fbe9a42f58d7b0e3c6daa24e68b3c705 qt-designer-3.1.2-17.RHEL3.i386.rpm dd9aedcd46add344bed346a3787fae7d qt-devel-3.1.2-17.RHEL3.i386.rpm ea348d29d479a87f455230317c9582a8 IA-64: qt-3.1.2-17.RHEL3.i386.rpm 4e7da717ff29695dec2f60f65c8bea42 qt-3.1.2-17.RHEL3.ia64.rpm 15a08a587461cf623d9dc3104ad7577d qt-MySQL-3.1.2-17.RHEL3.ia64.rpm 3409cbbf9a7406f3ae95fb6c7ba38a55 qt-ODBC-3.1.2-17.RHEL3.ia64.rpm 2714ed3ec1fc284fd9d4e6d8a606e00a qt-config-3.1.2-17.RHEL3.ia64.rpm ec631e82f087a731ab91a072c03ab7d8 qt-designer-3.1.2-17.RHEL3.ia64.rpm af2c9f21f5c109c5af3ae5eb8b7c07d4 qt-devel-3.1.2-17.RHEL3.ia64.rpm c4d1dab266f31bfe2df09addb913b21b x86_64: qt-3.1.2-17.RHEL3.i386.rpm 4e7da717ff29695dec2f60f65c8bea42 qt-3.1.2-17.RHEL3.x86_64.rpm b4d67ce781877567e5950edeae095d9c qt-MySQL-3.1.2-17.RHEL3.x86_64.rpm f7e37ead1216d9d628f76cce389c7c11 qt-ODBC-3.1.2-17.RHEL3.x86_64.rpm 1127d279723acd84a8ba1a690a126e6a qt-config-3.1.2-17.RHEL3.x86_64.rpm b49507c20a3e85a51c6b1b765e23b192 qt-designer-3.1.2-17.RHEL3.x86_64.rpm 62c12fb3d070752064d3c3dfc71e6af4 qt-devel-3.1.2-17.RHEL3.x86_64.rpm 8f4e7c7dd00b7da9b951d1b4003bbc92 Red Hat Enterprise Linux WS (v. 4) -------------------------------------------------------------------------------- SRPMS: qt-3.3.3-13.RHEL4.src.rpm eacd0d205f0ae8a9ad4a71ed4a903b09 IA-32: qt-3.3.3-13.RHEL4.i386.rpm 33a3edaba08e6c726f51e0f308295af5 qt-MySQL-3.3.3-13.RHEL4.i386.rpm 23ff559a8658ddaa8922955ffee8efcf qt-ODBC-3.3.3-13.RHEL4.i386.rpm c2515c4ded4e84eb996bdbc9ac2882e2 qt-PostgreSQL-3.3.3-13.RHEL4.i386.rpm 1bf2c5e313a98dab595d4a1db0dca65d qt-config-3.3.3-13.RHEL4.i386.rpm ea13732e9a74fa1353420b49d54472b2 qt-designer-3.3.3-13.RHEL4.i386.rpm d2f94bfb4f65bf8f2c7271a008d3582d qt-devel-3.3.3-13.RHEL4.i386.rpm 45d90d6346d0f2a259b98bc55878fb50 IA-64: qt-3.3.3-13.RHEL4.i386.rpm 33a3edaba08e6c726f51e0f308295af5 qt-3.3.3-13.RHEL4.ia64.rpm 4b839a970c94ae85ea4c4eb2a8f0777f qt-MySQL-3.3.3-13.RHEL4.ia64.rpm 4c0683fe8b96b97bb3d302f4e6a5413f qt-ODBC-3.3.3-13.RHEL4.ia64.rpm 6cc15886d103a59d5da0796581fffa17 qt-PostgreSQL-3.3.3-13.RHEL4.ia64.rpm e7649946a8b1c63e8cca6b0997a4daa8 qt-config-3.3.3-13.RHEL4.ia64.rpm 635ecb49dd6cfe1aa33f9ced8d0c196d qt-designer-3.3.3-13.RHEL4.ia64.rpm 50970f840ded0e2ecf0f768ab07f507d qt-devel-3.3.3-13.RHEL4.ia64.rpm d198efb46f188cc5d2f70500c81a45a2 x86_64: qt-3.3.3-13.RHEL4.i386.rpm 33a3edaba08e6c726f51e0f308295af5 qt-3.3.3-13.RHEL4.x86_64.rpm ec3d82a12614186892ba614a6452a390 qt-MySQL-3.3.3-13.RHEL4.x86_64.rpm 9368a7a67e77a1b686587f65a80c113f qt-ODBC-3.3.3-13.RHEL4.x86_64.rpm 08c4c78f6ae7dc0ee9ddbb4ca4c7516d qt-PostgreSQL-3.3.3-13.RHEL4.x86_64.rpm 0366ea5efdae2032fc68d3aa70841498 qt-config-3.3.3-13.RHEL4.x86_64.rpm a35ac6463cb2305df0611577656e7aae qt-designer-3.3.3-13.RHEL4.x86_64.rpm 8eaf0d19632e5476b41022a05fee2a73 qt-devel-3.3.3-13.RHEL4.x86_64.rpm e9bd6ed3ea896ff3fc85d10d2c7b8221 Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor -------------------------------------------------------------------------------- SRPMS: qt-2.3.1-14.EL2.src.rpm 8a502e3256a080712354cfd395a6101a IA-64: qt-2.3.1-14.EL2.ia64.rpm 09128ea44d4e3e1e689f84aea45caba7 qt-Xt-2.3.1-14.EL2.ia64.rpm 8572b659567a7245c431925b8f7b845e qt-designer-2.3.1-14.EL2.ia64.rpm eb9f2850e612c063dae986c4c7830394 qt-devel-2.3.1-14.EL2.ia64.rpm 548ff9654e84a52776168ec9aec60036 qt-static-2.3.1-14.EL2.ia64.rpm 20862134ba8ccbec2c633588eacfa39d (The unlinked packages above are only available from the Red Hat Network) Bugs fixed (see bugzilla for more information) 234633 - CVE-2007-0242 QT UTF8 improper character expansion 269001 - CVE-2007-4137 QT off by one buffer overflow References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0242 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4137 http://www.redhat.com/security/updates/classification/#important -------------------------------------------------------------------------------- These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: https://www.redhat.com/security/team/key/#package The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/ [***** End Red Hat RHSA-2007:0883-2 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) R-340: Vulnerability in Microsoft Agent R-341: Vulnerability in Crystal Reports for Visual Studio R-342: Cisco Video Surveillance IP Gateway and Services Platform Authentication Vulnerabilities R-343: Vulnerability in MSN Messenger and Windows Live Messenger R-344: Vulnerability in Windows Services for UNIX R-345: ClamAV Vulnerabilities R-346: krb5 Vulnerability R-347: xorg-server Vulnerability R-348: Kernel Security Update R-349: Apple Quicktime Vulnerability