[gentoo-announce] [ GLSA 200712-08 ] AMD64 x86 emulation Qt library: Multiple vulnerabilities - gentoo-announce

From:	Pierre-Yves Rofes <py@g.o>
To:	gentoo-announce@l.g.o
Cc:	full-disclosure@××××××××××××××.uk, bugtraq@×××××××××××××.com, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200712-08 ] AMD64 x86 emulation Qt library: Multiple vulnerabilities
Date:	Sun, 09 Dec 2007 22:18:09
Message-Id:	`475C6665.8020805@gentoo.org`

1

-----BEGIN PGP SIGNED MESSAGE-----

2

Hash: SHA1

3

4

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

5

Gentoo Linux Security Advisory                           GLSA 200712-08

6

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

7

                                            http://security.gentoo.org/

8

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

9

10

  Severity: Normal

11

     Title: AMD64 x86 emulation Qt library: Multiple vulnerabilities

12

      Date: December 09, 2007

13

      Bugs: #189536

14

        ID: 200712-08

15

16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

17

18

Synopsis

19

========

20

21

Multiple vulnerabilities in the AMD64 x86 emulation Qt library may lead

22

to the remote execution of arbitrary code in Qt applications.

23

24

Background

25

==========

26

27

Qt is a cross-platform GUI framework, which is used e.g. by KDE. The

28

AMD64 x86 emulation Qt library packages Qt libraries for 32bit x86

29

emulation on AMD64.

30

31

Affected packages

32

=================

33

34

    -------------------------------------------------------------------

35

     Package                /    Vulnerable    /            Unaffected

36

    -------------------------------------------------------------------

37

  1  emul-linux-x86-qtlibs      < 20071114-r2           >= 20071114-r2

38

    -------------------------------------------------------------------

39

     # Package 1 only applies to AMD64 users.

40

41

Description

42

===========

43

44

The Qt versions used by the AMD64 x86 emulation Qt libraries were

45

vulnerable to several flaws (GLSA 200708-16, GLSA 200710-28)

46

47

Impact

48

======

49

50

An attacker could trigger one of the vulnerabilities by causing a Qt

51

application to parse specially crafted text or Unicode strings, which

52

may lead to the execution of arbitrary code with the privileges of the

53

user running the application.

54

55

Workaround

56

==========

57

58

There is no known workaround at this time.

59

60

Resolution

61

==========

62

63

All AMD64 x86 emulation Qt library users should upgrade to the latest

64

version:

65

66

    # emerge --sync

67

    # emerge --ask --oneshot --verbose

68

">=app-emulation/emul-linux-x86-qtlibs-20071114-r2"

69

70

References

71

==========

72

73

  [ 1 ] GLSA 200708-16

74

        http://www.gentoo.org/security/en/glsa/glsa-200708-16.xml

75

  [ 2 ] GLSA 200710-28

76

        http://www.gentoo.org/security/en/glsa/glsa-200710-28.xml

77

78

Availability

79

============

80

81

This GLSA and any updates to it are available for viewing at

82

the Gentoo Security Website:

83

84

  http://security.gentoo.org/glsa/glsa-200712-08.xml

85

86

Concerns?

87

=========

88

89

Security is a primary focus of Gentoo Linux and ensuring the

90

confidentiality and security of our users machines is of utmost

91

importance to us. Any security concerns should be addressed to

92

security@g.o or alternatively, you may file a bug at

93

http://bugs.gentoo.org.

94

95

License

96

=======

97

98

Copyright 2007 Gentoo Foundation, Inc; referenced text

99

belongs to its owner(s).

100

101

The contents of this document are licensed under the

102

Creative Commons - Attribution / Share Alike license.

103

104

http://creativecommons.org/licenses/by-sa/2.5

105

-----BEGIN PGP SIGNATURE-----

106

Version: GnuPG v1.4.7 (GNU/Linux)

107

Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

108

109

iD8DBQFHXGZluhJ+ozIKI5gRAj5ZAJ40lr7zEtqcXN8aHlK8p/6bDUOGvQCfVvmC

110

GGeXoBiDVsdlOTvGI72PidQ=

111

=hDrS

112

-----END PGP SIGNATURE-----

113

--

114

gentoo-announce@g.o mailing list

1	-----BEGIN PGP SIGNED MESSAGE-----
2	Hash: SHA1
3
4	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
5	Gentoo Linux Security Advisory GLSA 200712-08
6	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
7	http://security.gentoo.org/
8	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
9
10	Severity: Normal
11	Title: AMD64 x86 emulation Qt library: Multiple vulnerabilities
12	Date: December 09, 2007
13	Bugs: #189536
14	ID: 200712-08
15
16	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
17
18	Synopsis
19	========
20
21	Multiple vulnerabilities in the AMD64 x86 emulation Qt library may lead
22	to the remote execution of arbitrary code in Qt applications.
23
24	Background
25	==========
26
27	Qt is a cross-platform GUI framework, which is used e.g. by KDE. The
28	AMD64 x86 emulation Qt library packages Qt libraries for 32bit x86
29	emulation on AMD64.
30
31	Affected packages
32	=================
33
34	-------------------------------------------------------------------
35	Package / Vulnerable / Unaffected
36	-------------------------------------------------------------------
37	1 emul-linux-x86-qtlibs < 20071114-r2 >= 20071114-r2
38	-------------------------------------------------------------------
39	# Package 1 only applies to AMD64 users.
40
41	Description
42	===========
43
44	The Qt versions used by the AMD64 x86 emulation Qt libraries were
45	vulnerable to several flaws (GLSA 200708-16, GLSA 200710-28)
46
47	Impact
48	======
49
50	An attacker could trigger one of the vulnerabilities by causing a Qt
51	application to parse specially crafted text or Unicode strings, which
52	may lead to the execution of arbitrary code with the privileges of the
53	user running the application.
54
55	Workaround
56	==========
57
58	There is no known workaround at this time.
59
60	Resolution
61	==========
62
63	All AMD64 x86 emulation Qt library users should upgrade to the latest
64	version:
65
66	# emerge --sync
67	# emerge --ask --oneshot --verbose
68	">=app-emulation/emul-linux-x86-qtlibs-20071114-r2"
69
70	References
71	==========
72
73	[ 1 ] GLSA 200708-16
74	http://www.gentoo.org/security/en/glsa/glsa-200708-16.xml
75	[ 2 ] GLSA 200710-28
76	http://www.gentoo.org/security/en/glsa/glsa-200710-28.xml
77
78	Availability
79	============
80
81	This GLSA and any updates to it are available for viewing at
82	the Gentoo Security Website:
83
84	http://security.gentoo.org/glsa/glsa-200712-08.xml
85
86	Concerns?
87	=========
88
89	Security is a primary focus of Gentoo Linux and ensuring the
90	confidentiality and security of our users machines is of utmost
91	importance to us. Any security concerns should be addressed to
92	security@g.o or alternatively, you may file a bug at
93	http://bugs.gentoo.org.
94
95	License
96	=======
97
98	Copyright 2007 Gentoo Foundation, Inc; referenced text
99	belongs to its owner(s).
100
101	The contents of this document are licensed under the
102	Creative Commons - Attribution / Share Alike license.
103
104	http://creativecommons.org/licenses/by-sa/2.5
105	-----BEGIN PGP SIGNATURE-----
106	Version: GnuPG v1.4.7 (GNU/Linux)
107	Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
108
109	iD8DBQFHXGZluhJ+ozIKI5gRAj5ZAJ40lr7zEtqcXN8aHlK8p/6bDUOGvQCfVvmC
110	GGeXoBiDVsdlOTvGI72PidQ=
111	=hDrS
112	-----END PGP SIGNATURE-----
113	--
114	gentoo-announce@g.o mailing list

Gentoo Archives: gentoo-announce