(Mandrake Issues Fix) Qt Image File Buffer Overflows May Let Remote Users Execute Arbitrary Code or Crash the System
|
|
SecurityTracker Alert ID: 1010987 |
|
SecurityTracker URL: http://securitytracker.com/id/1010987
|
|
CVE Reference:
CAN-2004-0691, CAN-2004-0692, CAN-2004-0693
(Links to External Site)
|
Date: Aug 19 2004
|
Impact:
Denial of service via network, Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 3.3.2
|
Description:
Several vulnerabilities were reported in Qt. A remote user can create a specially crafted image file that, when viewed by the target user, will execute arbitrary code.
It is reported that Chris Evans discovered a heap-based buffer overflow in the Qt library in the processing of 8-bit RLE encoded BMP files. A remote user can create a specially crafted BMP file that, when viewed by the target user, will execute arbitrary code on the target user's system.
It is also reported that the handlers for XPM, GIF, and JPEG image types are also vulnerable.
[Editor's note: It appears that these flaws are related to the recently reported libpng vulnerabilities. However, we are issuing a separate alert because, according to Mandrake, separate CVE numbers have been issued.]
|
Impact:
A remote user may be able to cause an affected application to crash or execute arbitrary code. The specific impact depends on the application using Qt.
|
Solution:
Mandrake has released a fix.
Mandrakelinux 10.0:
21a786e53866b3071faf0c8ea1c8b729 10.0/RPMS/libqt3-3.2.3-19.2.100mdk.i586.rpm
f9a5891b174fc577eb3fc54e56a682d6 10.0/RPMS/libqt3-devel-3.2.3-19.2.100mdk.i586.rpm
564544fb071708fc02e9ab11330368f8 10.0/RPMS/libqt3-mysql-3.2.3-19.2.100mdk.i586.rpm
cf5a7257a4cce067050cde773e312462 10.0/RPMS/libqt3-odbc-3.2.3-19.2.100mdk.i586.rpm
b77aeed4530fc4738c9c12b4af07b075 10.0/RPMS/libqt3-psql-3.2.3-19.2.100mdk.i586.rpm
e2f788f8122f993621593204f99d86de 10.0/RPMS/qt3-common-3.2.3-19.2.100mdk.i586.rpm
694a3cff5aa940e2d7f4dc2c5eefeb16 10.0/RPMS/qt3-example-3.2.3-19.2.100mdk.i586.rpm
9349845dc7b64c0beeed1be6b16267c6 10.0/SRPMS/qt3-3.2.3-19.2.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
ee3473b5e34eb683a3643240c659ffcc amd64/10.0/RPMS/lib64qt3-3.2.3-19.2.100mdk.amd64.rpm
b15b7d5b23125b9d564b92cf93febcdc amd64/10.0/RPMS/lib64qt3-devel-3.2.3-19.2.100mdk.amd64.rpm
1b68d045c0037d08b63a795ac1e53bd7 amd64/10.0/RPMS/lib64qt3-mysql-3.2.3-19.2.100mdk.amd64.rpm
2c442445182e657e54bb74f5d9144654 amd64/10.0/RPMS/lib64qt3-odbc-3.2.3-19.2.100mdk.amd64.rpm
bbd265dad6cff808a4e9ca273ef05611 amd64/10.0/RPMS/lib64qt3-psql-3.2.3-19.2.100mdk.amd64.rpm
60563c190b4da887cd805f714769345e amd64/10.0/RPMS/qt3-common-3.2.3-19.2.100mdk.amd64.rpm
3876d1490ea3dee84ceb2bcedb46aa24 amd64/10.0/RPMS/qt3-example-3.2.3-19.2.100mdk.amd64.rpm
9349845dc7b64c0beeed1be6b16267c6 amd64/10.0/SRPMS/qt3-3.2.3-19.2.100mdk.src.rpm
Mandrakelinux 9.2:
1ad7ba2889f42f3509d5f598fa3ed886 9.2/RPMS/libqt3-3.1.2-15.4.92mdk.i586.rpm
4d24014ae885c403535cbeef08ff7903 9.2/RPMS/libqt3-devel-3.1.2-15.4.92mdk.i586.rpm
d727939706c9ce02da6b6d571f8385ba 9.2/RPMS/libqt3-mysql-3.1.2-15.4.92mdk.i586.rpm
9c375f83090adb8dde8600c1a4efa78c 9.2/RPMS/libqt3-odbc-3.1.2-15.4.92mdk.i586.rpm
5d957b60606594817142e5266eacbefe 9.2/RPMS/libqt3-psql-3.1.2-15.4.92mdk.i586.rpm
62aca38f15c5fb48505ddd9090d34cf5 9.2/RPMS/qt3-common-3.1.2-15.4.92mdk.i586.rpm
13f5e3b7863e05c37cdf2a696aac870f 9.2/RPMS/qt3-example-3.1.2-15.4.92mdk.i586.rpm
94edf3bf024e2fd75009a81101ec594b 9.2/SRPMS/qt3-3.1.2-15.4.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
94a17b47ecffd42bce0adac5d84e47ad amd64/9.2/RPMS/lib64qt3-3.1.2-15.4.92mdk.amd64.rpm
c16857f3695c52ddc9b8128200d459f4 amd64/9.2/RPMS/lib64qt3-devel-3.1.2-15.4.92mdk.amd64.rpm
48f7ddd93ca67c1abe158d07fb45633d amd64/9.2/RPMS/lib64qt3-mysql-3.1.2-15.4.92mdk.amd64.rpm
068ae44a1df137a5c03f34ee0a708a58 amd64/9.2/RPMS/lib64qt3-odbc-3.1.2-15.4.92mdk.amd64.rpm
028ab20a009637885e78542c9724a027 amd64/9.2/RPMS/lib64qt3-psql-3.1.2-15.4.92mdk.amd64.rpm
2827dfd029093b8c2564d23750642c1d amd64/9.2/RPMS/qt3-common-3.1.2-15.4.92mdk.amd64.rpm
9b360daab6dfc57a15d6ad0e6dff8f35 amd64/9.2/RPMS/qt3-example-3.1.2-15.4.92mdk.amd64.rpm
94edf3bf024e2fd75009a81101ec594b amd64/9.2/SRPMS/qt3-3.1.2-15.4.92mdk.src.rpm
|
Vendor URL: www.trolltech.com/newsroom/announcements/00000174.html (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
Linux (Mandriva/Mandrake)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: 18 Aug 2004 23:23:55 -0000
Subject: [Security Announce] MDKSA-2004:085 - Updated qt3 packages fix
|
This is a multi-part message in MIME format...
------------=_1092871869-595-6248
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: qt3
Advisory ID: MDKSA-2004:085
Date: August 18th, 2004
Affected versions: 10.0, 9.2
______________________________________________________________________
Problem Description:
Chris Evans discovered a heap-based overflow in the QT library when
handling 8-bit RLE encoded BMP files. This vulnerability could allow
for the compromise of the account used to view or browse malicious
BMP files. On subsequent investigation, it was also found that the
handlers for XPM, GIF, and JPEG image types were also faulty.
These problems affect all applications that use QT to handle image
files, such as QT-based image viewers, the Konqueror web browser,
and others.
The updated packages have been patched to correct these problems.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0691
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0693
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
21a786e53866b3071faf0c8ea1c8b729 10.0/RPMS/libqt3-3.2.3-19.2.100mdk.i586.rpm
f9a5891b174fc577eb3fc54e56a682d6 10.0/RPMS/libqt3-devel-3.2.3-19.2.100mdk.i586.rpm
564544fb071708fc02e9ab11330368f8 10.0/RPMS/libqt3-mysql-3.2.3-19.2.100mdk.i586.rpm
cf5a7257a4cce067050cde773e312462 10.0/RPMS/libqt3-odbc-3.2.3-19.2.100mdk.i586.rpm
b77aeed4530fc4738c9c12b4af07b075 10.0/RPMS/libqt3-psql-3.2.3-19.2.100mdk.i586.rpm
e2f788f8122f993621593204f99d86de 10.0/RPMS/qt3-common-3.2.3-19.2.100mdk.i586.rpm
694a3cff5aa940e2d7f4dc2c5eefeb16 10.0/RPMS/qt3-example-3.2.3-19.2.100mdk.i586.rpm
9349845dc7b64c0beeed1be6b16267c6 10.0/SRPMS/qt3-3.2.3-19.2.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
ee3473b5e34eb683a3643240c659ffcc amd64/10.0/RPMS/lib64qt3-3.2.3-19.2.100mdk.amd64.rpm
b15b7d5b23125b9d564b92cf93febcdc amd64/10.0/RPMS/lib64qt3-devel-3.2.3-19.2.100mdk.amd64.rpm
1b68d045c0037d08b63a795ac1e53bd7 amd64/10.0/RPMS/lib64qt3-mysql-3.2.3-19.2.100mdk.amd64.rpm
2c442445182e657e54bb74f5d9144654 amd64/10.0/RPMS/lib64qt3-odbc-3.2.3-19.2.100mdk.amd64.rpm
bbd265dad6cff808a4e9ca273ef05611 amd64/10.0/RPMS/lib64qt3-psql-3.2.3-19.2.100mdk.amd64.rpm
60563c190b4da887cd805f714769345e amd64/10.0/RPMS/qt3-common-3.2.3-19.2.100mdk.amd64.rpm
3876d1490ea3dee84ceb2bcedb46aa24 amd64/10.0/RPMS/qt3-example-3.2.3-19.2.100mdk.amd64.rpm
9349845dc7b64c0beeed1be6b16267c6 amd64/10.0/SRPMS/qt3-3.2.3-19.2.100mdk.src.rpm
Mandrakelinux 9.2:
1ad7ba2889f42f3509d5f598fa3ed886 9.2/RPMS/libqt3-3.1.2-15.4.92mdk.i586.rpm
4d24014ae885c403535cbeef08ff7903 9.2/RPMS/libqt3-devel-3.1.2-15.4.92mdk.i586.rpm
d727939706c9ce02da6b6d571f8385ba 9.2/RPMS/libqt3-mysql-3.1.2-15.4.92mdk.i586.rpm
9c375f83090adb8dde8600c1a4efa78c 9.2/RPMS/libqt3-odbc-3.1.2-15.4.92mdk.i586.rpm
5d957b60606594817142e5266eacbefe 9.2/RPMS/libqt3-psql-3.1.2-15.4.92mdk.i586.rpm
62aca38f15c5fb48505ddd9090d34cf5 9.2/RPMS/qt3-common-3.1.2-15.4.92mdk.i586.rpm
13f5e3b7863e05c37cdf2a696aac870f 9.2/RPMS/qt3-example-3.1.2-15.4.92mdk.i586.rpm
94edf3bf024e2fd75009a81101ec594b 9.2/SRPMS/qt3-3.1.2-15.4.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
94a17b47ecffd42bce0adac5d84e47ad amd64/9.2/RPMS/lib64qt3-3.1.2-15.4.92mdk.amd64.rpm
c16857f3695c52ddc9b8128200d459f4 amd64/9.2/RPMS/lib64qt3-devel-3.1.2-15.4.92mdk.amd64.rpm
48f7ddd93ca67c1abe158d07fb45633d amd64/9.2/RPMS/lib64qt3-mysql-3.1.2-15.4.92mdk.amd64.rpm
068ae44a1df137a5c03f34ee0a708a58 amd64/9.2/RPMS/lib64qt3-odbc-3.1.2-15.4.92mdk.amd64.rpm
028ab20a009637885e78542c9724a027 amd64/9.2/RPMS/lib64qt3-psql-3.1.2-15.4.92mdk.amd64.rpm
2827dfd029093b8c2564d23750642c1d amd64/9.2/RPMS/qt3-common-3.1.2-15.4.92mdk.amd64.rpm
9b360daab6dfc57a15d6ad0e6dff8f35 amd64/9.2/RPMS/qt3-example-3.1.2-15.4.92mdk.amd64.rpm
94edf3bf024e2fd75009a81101ec594b amd64/9.2/SRPMS/qt3-3.1.2-15.4.92mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFBI+ULmqjQ0CJFipgRAmdXAKC7hturueBTjarpapKdBJme3BXyOQCfTxwq
qY49C///vNOST/+CT6hvifY=
=Ebjy
-----END PGP SIGNATURE-----
------------=_1092871869-595-6248
Content-Type: text/plain; name="message.footer"
Content-Disposition: inline; filename="message.footer"
Content-Transfer-Encoding: 8bit
____________________________________________________
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________
------------=_1092871869-595-6248--
|
|
