SCIENTIFIC-LINUX-ERRATA Archives

September 2011

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: qt on SL6.x i386/x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
Pat Riehecky <[log in to unmask]>
Date:
Wed, 21 Sep 2011 15:37:47 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (66 lines) 
Synopsis:    Moderate: qt security update
Issue Date:  2011-09-21
CVE Numbers: CVE-2011-3193
              CVE-2011-3194


Qt is a software toolkit that simplifies the task of writing and
maintaining GUI (Graphical User Interface) applications for the X Window
System. HarfBuzz is an OpenType text shaping engine.

A buffer overflow flaw was found in the harfbuzz module in Qt. If a user
loaded a specially-crafted font file with an application linked against 
Qt, it could cause the application to crash or, possibly, execute 
arbitrary code with the privileges of the user running the application.
(CVE-2011-3193)

A buffer overflow flaw was found in the way Qt handled certain 
gray-scale image files. If a user loaded a specially-crafted gray-scale 
image file with an application linked against Qt, it could cause the 
application to crash or, possibly, execute arbitrary code with the 
privileges of the user running the application. (CVE-2011-3194)

Users of Qt should upgrade to these updated packages, which contain
backported patches to correct these issues. All running applications 
linked against Qt libraries must be restarted for this update to take 
effect.

SL6:
   i386
      phonon-backend-gstreamer-4.6.2-17.el6_1.1.i686.rpm
      qt-x11-4.6.2-17.el6_1.1.i686.rpm
      qt-sqlite-4.6.2-17.el6_1.1.i686.rpm
      qt-postgresql-4.6.2-17.el6_1.1.i686.rpm
      qt-odbc-4.6.2-17.el6_1.1.i686.rpm
      qt-mysql-4.6.2-17.el6_1.1.i686.rpm
      qt-examples-4.6.2-17.el6_1.1.i686.rpm
      qt-devel-4.6.2-17.el6_1.1.i686.rpm
      qt-demos-4.6.2-17.el6_1.1.i686.rpm
      qt-debuginfo-4.6.2-17.el6_1.1.i686.rpm
      qt-4.6.2-17.el6_1.1.i686.rpm
   noarch
      qt-doc-4.6.2-17.el6_1.1.noarch.rpm
   x86_64
      qt-mysql-4.6.2-17.el6_1.1.x86_64.rpm
      qt-odbc-4.6.2-17.el6_1.1.i686.rpm
      qt-odbc-4.6.2-17.el6_1.1.x86_64.rpm
      qt-postgresql-4.6.2-17.el6_1.1.i686.rpm
      qt-postgresql-4.6.2-17.el6_1.1.x86_64.rpm
      qt-sqlite-4.6.2-17.el6_1.1.i686.rpm
      qt-sqlite-4.6.2-17.el6_1.1.x86_64.rpm
      qt-x11-4.6.2-17.el6_1.1.i686.rpm
      qt-mysql-4.6.2-17.el6_1.1.i686.rpm
      qt-examples-4.6.2-17.el6_1.1.x86_64.rpm
      qt-devel-4.6.2-17.el6_1.1.x86_64.rpm
      phonon-backend-gstreamer-4.6.2-17.el6_1.1.i686.rpm
      phonon-backend-gstreamer-4.6.2-17.el6_1.1.x86_64.rpm
      qt-4.6.2-17.el6_1.1.i686.rpm
      qt-4.6.2-17.el6_1.1.x86_64.rpm
      qt-debuginfo-4.6.2-17.el6_1.1.i686.rpm
      qt-debuginfo-4.6.2-17.el6_1.1.x86_64.rpm
      qt-demos-4.6.2-17.el6_1.1.x86_64.rpm
      qt-devel-4.6.2-17.el6_1.1.i686.rpm
      qt-x11-4.6.2-17.el6_1.1.x86_64.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2