LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

Synopsis:    Moderate: qt security update
Issue Date:  2011-09-21
CVE Numbers: CVE-2011-3193
              CVE-2011-3194


Qt is a software toolkit that simplifies the task of writing and
maintaining GUI (Graphical User Interface) applications for the X Window
System. HarfBuzz is an OpenType text shaping engine.

A buffer overflow flaw was found in the harfbuzz module in Qt. If a user
loaded a specially-crafted font file with an application linked against 
Qt, it could cause the application to crash or, possibly, execute 
arbitrary code with the privileges of the user running the application.
(CVE-2011-3193)

A buffer overflow flaw was found in the way Qt handled certain 
gray-scale image files. If a user loaded a specially-crafted gray-scale 
image file with an application linked against Qt, it could cause the 
application to crash or, possibly, execute arbitrary code with the 
privileges of the user running the application. (CVE-2011-3194)

Users of Qt should upgrade to these updated packages, which contain
backported patches to correct these issues. All running applications 
linked against Qt libraries must be restarted for this update to take 
effect.

SL6:
   i386
      phonon-backend-gstreamer-4.6.2-17.el6_1.1.i686.rpm
      qt-x11-4.6.2-17.el6_1.1.i686.rpm
      qt-sqlite-4.6.2-17.el6_1.1.i686.rpm
      qt-postgresql-4.6.2-17.el6_1.1.i686.rpm
      qt-odbc-4.6.2-17.el6_1.1.i686.rpm
      qt-mysql-4.6.2-17.el6_1.1.i686.rpm
      qt-examples-4.6.2-17.el6_1.1.i686.rpm
      qt-devel-4.6.2-17.el6_1.1.i686.rpm
      qt-demos-4.6.2-17.el6_1.1.i686.rpm
      qt-debuginfo-4.6.2-17.el6_1.1.i686.rpm
      qt-4.6.2-17.el6_1.1.i686.rpm
   noarch
      qt-doc-4.6.2-17.el6_1.1.noarch.rpm
   x86_64
      qt-mysql-4.6.2-17.el6_1.1.x86_64.rpm
      qt-odbc-4.6.2-17.el6_1.1.i686.rpm
      qt-odbc-4.6.2-17.el6_1.1.x86_64.rpm
      qt-postgresql-4.6.2-17.el6_1.1.i686.rpm
      qt-postgresql-4.6.2-17.el6_1.1.x86_64.rpm
      qt-sqlite-4.6.2-17.el6_1.1.i686.rpm
      qt-sqlite-4.6.2-17.el6_1.1.x86_64.rpm
      qt-x11-4.6.2-17.el6_1.1.i686.rpm
      qt-mysql-4.6.2-17.el6_1.1.i686.rpm
      qt-examples-4.6.2-17.el6_1.1.x86_64.rpm
      qt-devel-4.6.2-17.el6_1.1.x86_64.rpm
      phonon-backend-gstreamer-4.6.2-17.el6_1.1.i686.rpm
      phonon-backend-gstreamer-4.6.2-17.el6_1.1.x86_64.rpm
      qt-4.6.2-17.el6_1.1.i686.rpm
      qt-4.6.2-17.el6_1.1.x86_64.rpm
      qt-debuginfo-4.6.2-17.el6_1.1.i686.rpm
      qt-debuginfo-4.6.2-17.el6_1.1.x86_64.rpm
      qt-demos-4.6.2-17.el6_1.1.x86_64.rpm
      qt-devel-4.6.2-17.el6_1.1.i686.rpm
      qt-x11-4.6.2-17.el6_1.1.x86_64.rpm

- Scientific Linux Development Team