-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:151 http://www.mandriva.com/security/ _______________________________________________________________________ Package : qt3 Date : August 1, 2007 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: A number of format string flaws have been discovered in how Qt handled error messages by Dirk Mueller and Tracey Parry of Portcullis Computer Security. If an application linked against Qt created an error message from user-supplied data in a certain way, it could possibly lead to the execution of arbitrary code or a denial of service. This update provides packages which are patched to prevent these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3388 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: ce0be0c7f6a6e866476fbfd2e21ae98c 2007.0/i586/libdesignercore1-3.3.6-18.3mdv2007.0.i586.rpm d1a44381c8f93f1b7c339f6984f7e89f 2007.0/i586/libeditor1-3.3.6-18.3mdv2007.0.i586.rpm 7b5d2c3dade2761d2cfda191b9b64007 2007.0/i586/libqassistantclient1-3.3.6-18.3mdv2007.0.i586.rpm ef5c47cca08d8c61f49cc8f5079c9530 2007.0/i586/libqt3-3.3.6-18.3mdv2007.0.i586.rpm 1351e443eb632ae1353361960674df09 2007.0/i586/libqt3-devel-3.3.6-18.3mdv2007.0.i586.rpm cdb6e25c831c6a80621fd1e2786a706a 2007.0/i586/libqt3-mysql-3.3.6-18.3mdv2007.0.i586.rpm a4a03c9d3b4fb5b8bf7bbb698085b8f9 2007.0/i586/libqt3-odbc-3.3.6-18.3mdv2007.0.i586.rpm 7853e420094557482fb5258e14c8caa3 2007.0/i586/libqt3-psql-3.3.6-18.3mdv2007.0.i586.rpm 9260fc52f792e4eb3ae17edeeedad3f9 2007.0/i586/libqt3-sqlite-3.3.6-18.3mdv2007.0.i586.rpm ad12f0dc6c5b6007c0fa326b2d853930 2007.0/i586/libqt3-static-devel-3.3.6-18.3mdv2007.0.i586.rpm c109e982693cb1698287a80c493b3961 2007.0/i586/qt3-common-3.3.6-18.3mdv2007.0.i586.rpm cfad56aa1c0ee5fd67d1e6c8090d1b6d 2007.0/i586/qt3-doc-3.3.6-18.3mdv2007.0.i586.rpm 0eccadc116d3918e43eb74600d60ad4f 2007.0/i586/qt3-example-3.3.6-18.3mdv2007.0.i586.rpm 2499a2bf3f69f77a4942a18068331ec4 2007.0/i586/qt3-tutorial-3.3.6-18.3mdv2007.0.i586.rpm 91aad72a3e393be4f71eacc89a304a4b 2007.0/SRPMS/qt3-3.3.6-18.3mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 457642358c8514efdf92558fc047edef 2007.0/x86_64/lib64designercore1-3.3.6-18.3mdv2007.0.x86_64.rpm 1f6eeb9a0669e741ab3a5990edf25cc6 2007.0/x86_64/lib64editor1-3.3.6-18.3mdv2007.0.x86_64.rpm 5e29145fdca5ab04e94f3c205a8703d0 2007.0/x86_64/lib64qassistantclient1-3.3.6-18.3mdv2007.0.x86_64.rpm 3e0231d5db209fbc5d991ba52c1b915a 2007.0/x86_64/lib64qt3-3.3.6-18.3mdv2007.0.x86_64.rpm 2fd65d9bf31ccacd31c28d30a1a4f107 2007.0/x86_64/lib64qt3-devel-3.3.6-18.3mdv2007.0.x86_64.rpm aa14be509decd6fa57b367b97eb60adc 2007.0/x86_64/lib64qt3-mysql-3.3.6-18.3mdv2007.0.x86_64.rpm e6ee67759c5781ed5968c9684fd812f4 2007.0/x86_64/lib64qt3-odbc-3.3.6-18.3mdv2007.0.x86_64.rpm 7a4c368159c8ffaeb1af1b84740afaf5 2007.0/x86_64/lib64qt3-psql-3.3.6-18.3mdv2007.0.x86_64.rpm 06d81033389e0295233b5798b5cdd8cb 2007.0/x86_64/lib64qt3-sqlite-3.3.6-18.3mdv2007.0.x86_64.rpm 18ce8b51725aaf658fe01f5e4ae8ac4f 2007.0/x86_64/lib64qt3-static-devel-3.3.6-18.3mdv2007.0.x86_64.rpm 6df81bd244102ae58fb02fe82959dacc 2007.0/x86_64/qt3-common-3.3.6-18.3mdv2007.0.x86_64.rpm 640ffac5c35d861992d78c35588d307c 2007.0/x86_64/qt3-doc-3.3.6-18.3mdv2007.0.x86_64.rpm 381fe2a406bde1148e70f806eec93dc6 2007.0/x86_64/qt3-example-3.3.6-18.3mdv2007.0.x86_64.rpm a9cc3c67b4567a291c92289287d72109 2007.0/x86_64/qt3-tutorial-3.3.6-18.3mdv2007.0.x86_64.rpm 91aad72a3e393be4f71eacc89a304a4b 2007.0/SRPMS/qt3-3.3.6-18.3mdv2007.0.src.rpm Mandriva Linux 2007.1: f231e74f4430c2af2d98ceea4d8a10d6 2007.1/i586/libdesignercore1-3.3.8-4.1mdv2007.1.i586.rpm a4ef440b08c6bdd01c623d45ef8bab58 2007.1/i586/libeditor1-3.3.8-4.1mdv2007.1.i586.rpm eaa9762ebeef32cac2c05e98322e7ac4 2007.1/i586/libqassistantclient1-3.3.8-4.1mdv2007.1.i586.rpm 1daa2c536a539407c5d223365402609f 2007.1/i586/libqt3-3.3.8-4.1mdv2007.1.i586.rpm a9e19c1bba726c8bfe292f794c037857 2007.1/i586/libqt3-devel-3.3.8-4.1mdv2007.1.i586.rpm 1a8907d6fd1b748bed29e14d968296fb 2007.1/i586/libqt3-mysql-3.3.8-4.1mdv2007.1.i586.rpm a8cd79d1d0da5dd44720c37c305fd38d 2007.1/i586/libqt3-odbc-3.3.8-4.1mdv2007.1.i586.rpm 3728a43c435707c1cddc5d36da39ec40 2007.1/i586/libqt3-psql-3.3.8-4.1mdv2007.1.i586.rpm 7d6804a498f307e21a3c16de14733451 2007.1/i586/libqt3-sqlite-3.3.8-4.1mdv2007.1.i586.rpm 3c60a4e503adec67a80ad3b85a94f28c 2007.1/i586/libqt3-static-devel-3.3.8-4.1mdv2007.1.i586.rpm b0cbefd80eb6ad6491455b5890fbd15d 2007.1/i586/qt3-common-3.3.8-4.1mdv2007.1.i586.rpm e4151b1dd7fef834fe9ddfbf261a8663 2007.1/i586/qt3-doc-3.3.8-4.1mdv2007.1.i586.rpm 745512805d0b5d9dac89fdae8809c69e 2007.1/i586/qt3-example-3.3.8-4.1mdv2007.1.i586.rpm 04b08ed74120fba9407c776cdefd43ef 2007.1/i586/qt3-tutorial-3.3.8-4.1mdv2007.1.i586.rpm 35b2281563c76e4702848971a8eb6adf 2007.1/SRPMS/qt3-3.3.8-4.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 0f5eccb73f8d9ccd8ee2e15299500339 2007.1/x86_64/lib64designercore1-3.3.8-4.1mdv2007.1.x86_64.rpm 8b615c6a4dc8bf00ba5e501384d62497 2007.1/x86_64/lib64editor1-3.3.8-4.1mdv2007.1.x86_64.rpm 5fbb343226162f67558eac9681a1d3a7 2007.1/x86_64/lib64qassistantclient1-3.3.8-4.1mdv2007.1.x86_64.rpm 05658b8692701ff40fee19038823970f 2007.1/x86_64/lib64qt3-3.3.8-4.1mdv2007.1.x86_64.rpm 2a500d7589d2cb2a7339bdc85e309bfd 2007.1/x86_64/lib64qt3-devel-3.3.8-4.1mdv2007.1.x86_64.rpm b8090f42b7224877ba1acdcc84438c7c 2007.1/x86_64/lib64qt3-mysql-3.3.8-4.1mdv2007.1.x86_64.rpm 5ee78ae3040a4a8820384cf719ecf671 2007.1/x86_64/lib64qt3-odbc-3.3.8-4.1mdv2007.1.x86_64.rpm 14241ab4fe05e87665820740ceb0fe7c 2007.1/x86_64/lib64qt3-psql-3.3.8-4.1mdv2007.1.x86_64.rpm fa57b309216faa3e74b22461c11d7bb4 2007.1/x86_64/lib64qt3-sqlite-3.3.8-4.1mdv2007.1.x86_64.rpm b4879b2f4f9ba825d3c0e03300f5770a 2007.1/x86_64/lib64qt3-static-devel-3.3.8-4.1mdv2007.1.x86_64.rpm 2567048cc93c595e9ba92831ab50f236 2007.1/x86_64/qt3-common-3.3.8-4.1mdv2007.1.x86_64.rpm bc4dde47830027874ceed09a612f3b60 2007.1/x86_64/qt3-doc-3.3.8-4.1mdv2007.1.x86_64.rpm 00963b8232ad87bf525a44999b3b5fc8 2007.1/x86_64/qt3-example-3.3.8-4.1mdv2007.1.x86_64.rpm 95f6570b6d8f8c65c100b1967cc77e75 2007.1/x86_64/qt3-tutorial-3.3.8-4.1mdv2007.1.x86_64.rpm 35b2281563c76e4702848971a8eb6adf 2007.1/SRPMS/qt3-3.3.8-4.1mdv2007.1.src.rpm Corporate 3.0: 1f7758f27c9c137754c3c8215e84c25a corporate/3.0/i586/libqt3-3.2.3-19.10.C30mdk.i586.rpm 6a903a7962492bd6c6e1bc257ab63660 corporate/3.0/i586/libqt3-devel-3.2.3-19.10.C30mdk.i586.rpm bf1d05273e423e3d212aa56433c05a59 corporate/3.0/i586/libqt3-mysql-3.2.3-19.10.C30mdk.i586.rpm 47611eaf3ffcce4646b02da86194085a corporate/3.0/i586/libqt3-odbc-3.2.3-19.10.C30mdk.i586.rpm b5aefe3cca08c409409e6856afc81cc9 corporate/3.0/i586/libqt3-psql-3.2.3-19.10.C30mdk.i586.rpm d45e4a0f29a78e2438f9e35f2b20aff1 corporate/3.0/i586/qt3-common-3.2.3-19.10.C30mdk.i586.rpm e8fb9ce91f15584b68f5e0595eb9eb2d corporate/3.0/i586/qt3-example-3.2.3-19.10.C30mdk.i586.rpm 066138bdd08ddacb04e374d0f0e2b629 corporate/3.0/SRPMS/qt3-3.2.3-19.10.C30mdk.src.rpm Corporate 3.0/X86_64: 3dbe8ab3bcf717dc8c26d1866cbaf910 corporate/3.0/x86_64/lib64qt3-3.2.3-19.10.C30mdk.x86_64.rpm 1007fd1df9c8da4540dcd8f9a4a7c242 corporate/3.0/x86_64/lib64qt3-devel-3.2.3-19.10.C30mdk.x86_64.rpm c5b948b0d327cb8e425c17e32a53cef7 corporate/3.0/x86_64/lib64qt3-mysql-3.2.3-19.10.C30mdk.x86_64.rpm 94606657665adcf18caf209154723b5a corporate/3.0/x86_64/lib64qt3-odbc-3.2.3-19.10.C30mdk.x86_64.rpm 2afa63aafcd40d2fb7407332d8c4f740 corporate/3.0/x86_64/lib64qt3-psql-3.2.3-19.10.C30mdk.x86_64.rpm a5c11a462da1cc91950ee516c5d12c8e corporate/3.0/x86_64/qt3-common-3.2.3-19.10.C30mdk.x86_64.rpm cf250128fcb3b2fd479a7d93a06ef4ef corporate/3.0/x86_64/qt3-example-3.2.3-19.10.C30mdk.x86_64.rpm 066138bdd08ddacb04e374d0f0e2b629 corporate/3.0/SRPMS/qt3-3.2.3-19.10.C30mdk.src.rpm Corporate 4.0: 5785e1d82182fe9cd58cc6fa2a1bed9f corporate/4.0/i586/libdesignercore1-3.3.6-1.4.20060mlcs4.i586.rpm 0b362e1e68c178ec9724d23161b944d1 corporate/4.0/i586/libeditor1-3.3.6-1.4.20060mlcs4.i586.rpm 491b686f4260d6bc0a01dbaf0993dadf corporate/4.0/i586/libqassistantclient1-3.3.6-1.4.20060mlcs4.i586.rpm 52d1f4ed88e76298dc2fed78f5ae369f corporate/4.0/i586/libqt3-3.3.6-1.4.20060mlcs4.i586.rpm 6f064b92df7038c3808c8aee32e54e8b corporate/4.0/i586/libqt3-devel-3.3.6-1.4.20060mlcs4.i586.rpm 63b08845ca757bd283955aad38ba263d corporate/4.0/i586/libqt3-mysql-3.3.6-1.4.20060mlcs4.i586.rpm 19ae9f75833a9dac2aba655e5d341ae7 corporate/4.0/i586/libqt3-odbc-3.3.6-1.4.20060mlcs4.i586.rpm 8e245edddf113347e2ede4663f3369e6 corporate/4.0/i586/libqt3-psql-3.3.6-1.4.20060mlcs4.i586.rpm e4b61a1a6cd1bcf5a230d1f86b7fc431 corporate/4.0/i586/libqt3-sqlite-3.3.6-1.4.20060mlcs4.i586.rpm 409ea3057318a5ab1cb180631df49807 corporate/4.0/i586/libqt3-static-devel-3.3.6-1.4.20060mlcs4.i586.rpm b58a7ea2af37c318bd131ca981e03fec corporate/4.0/i586/qt3-common-3.3.6-1.4.20060mlcs4.i586.rpm 1f318bd8e121220c80b7a1d5bc37c6de corporate/4.0/i586/qt3-doc-3.3.6-1.4.20060mlcs4.i586.rpm 5c7134a448ed342756e1c7a31ec9d16a corporate/4.0/i586/qt3-example-3.3.6-1.4.20060mlcs4.i586.rpm ede113df279e7f30256c1884d0e7a045 corporate/4.0/i586/qt3-tutorial-3.3.6-1.4.20060mlcs4.i586.rpm 1c624f6ef074be3be0ef1809f980b672 corporate/4.0/SRPMS/qt3-3.3.6-1.4.20060mlcs4.src.rpm Corporate 4.0/X86_64: 085733e867577d48884ba41eb55d992d corporate/4.0/x86_64/lib64designercore1-3.3.6-1.4.20060mlcs4.x86_64.rpm 57d03fc3d53110b64a19b0093c5cc6bb corporate/4.0/x86_64/lib64editor1-3.3.6-1.4.20060mlcs4.x86_64.rpm b6662f742d74a63a91afbd69dd6f0ad3 corporate/4.0/x86_64/lib64qassistantclient1-3.3.6-1.4.20060mlcs4.x86_64.rpm 7bb37136dae3066d8e9c3a0cbe9a5061 corporate/4.0/x86_64/lib64qt3-3.3.6-1.4.20060mlcs4.x86_64.rpm adb51caf14d5447741d4fc2a0632c722 corporate/4.0/x86_64/lib64qt3-devel-3.3.6-1.4.20060mlcs4.x86_64.rpm 2bd0c78e38250190a985abacc71406a8 corporate/4.0/x86_64/lib64qt3-mysql-3.3.6-1.4.20060mlcs4.x86_64.rpm 33ea7ac074afee9fe41d598b1d97e37c corporate/4.0/x86_64/lib64qt3-odbc-3.3.6-1.4.20060mlcs4.x86_64.rpm 659324555edd0e0bf30a4ca3bbd9ed14 corporate/4.0/x86_64/lib64qt3-psql-3.3.6-1.4.20060mlcs4.x86_64.rpm 55e4fa13fc3dc171f3d57d120ed5ca17 corporate/4.0/x86_64/lib64qt3-sqlite-3.3.6-1.4.20060mlcs4.x86_64.rpm 0fc343147af499022f61f2fbab5f7d03 corporate/4.0/x86_64/lib64qt3-static-devel-3.3.6-1.4.20060mlcs4.x86_64.rpm 1e3892f62ba3b6d69def7ef9e3bbbe24 corporate/4.0/x86_64/qt3-common-3.3.6-1.4.20060mlcs4.x86_64.rpm 7afeabcc5424b2f30fbff0e57e384421 corporate/4.0/x86_64/qt3-doc-3.3.6-1.4.20060mlcs4.x86_64.rpm c91eccce209509a7dc5155866a9d63cb corporate/4.0/x86_64/qt3-example-3.3.6-1.4.20060mlcs4.x86_64.rpm f6d6744eb8ac82c728458bca0b22834f corporate/4.0/x86_64/qt3-tutorial-3.3.6-1.4.20060mlcs4.x86_64.rpm 1c624f6ef074be3be0ef1809f980b672 corporate/4.0/SRPMS/qt3-3.3.6-1.4.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGsNXWmqjQ0CJFipgRAlFoAJ415aGJHr7UsILJ30TbecAKVm0OyACfSwf9 x6TncnS8p9nwC+bj83S1GRI= =nYwu -----END PGP SIGNATURE-----