What Are You Looking For?

Sign Up
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-6573
2015-04-22 16:51:38
--------------------------------------------------------------------------------

Name        : qt3
Product     : Fedora 20
Version     : 3.3.8b
Release     : 63.fc20
URL         : http://www.troll.no
Summary     : The shared library for the Qt 3 GUI toolkit
Description :
Qt is a GUI software toolkit which simplifies the task of writing and
maintaining GUI (Graphical User Interface) applications
for the X Window System.

Qt is written in C++ and is fully object-oriented.

This package contains the shared library needed to run Qt 3
applications, as well as the README files for Qt 3.

--------------------------------------------------------------------------------
Update Information:

This update fixes CVE-2015-1860, a buffer overflow when loading some specific invalid GIF image files, which could be exploited for denial of service (application crash) and possibly even arbitrary code execution attacks. The security patch is backported from Qt 4.

(Please note that Qt 3 is NOT vulnerable to the simultaneously published issues CVE-2015-1858 and CVE-2015-1859.)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 21 2015 Kevin Kofler  - 3.3.8b-63
- backport CVE-2015-1860 (GIF handler buffer overflow, #1210675) fix from Qt 4
* Sat Feb 28 2015 Kevin Kofler  - 3.3.8b-62
- backport CVE-2015-0295 (BMP image handler DoS, #1197275) fix from Qt 4
* Fri Feb 27 2015 Rex Dieter  3.3.8b-61
- rebuild (gcc5)
* Sun Aug 17 2014 Fedora Release Engineering  - 3.3.8b-60
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sun Jun  8 2014 Fedora Release Engineering  - 3.3.8b-59
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Thu May 29 2014 Kevin Kofler  - 3.3.8b-58
- backport CVE-2014-0190 (GIF image handler DoS, QTBUG-38367) fix from Qt 4
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1210675 - CVE-2015-1860 qt: segmentation fault in qgifhandler.cpp
        https://bugzilla.redhat.com/show_bug.cgi?id=1210675
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update qt3' at the command line.
For more information, refer to "Managing Software with yum",
available at .

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Fedora 20: qt3 Security Update

May 1, 2015
This update fixes CVE-2015-1860, a buffer overflow when loading some specific invalid GIF image files, which could be exploited for denial of service (application crash) and possib...

Summary

Qt is a GUI software toolkit which simplifies the task of writing and

maintaining GUI (Graphical User Interface) applications

for the X Window System.

Qt is written in C++ and is fully object-oriented.

This package contains the shared library needed to run Qt 3

applications, as well as the README files for Qt 3.

Update Information:

This update fixes CVE-2015-1860, a buffer overflow when loading some specific invalid GIF image files, which could be exploited for denial of service (application crash) and possibly even arbitrary code execution attacks. The security patch is backported from Qt 4.

(Please note that Qt 3 is NOT vulnerable to the simultaneously published issues CVE-2015-1858 and CVE-2015-1859.)

Change Log

* Tue Apr 21 2015 Kevin Kofler - 3.3.8b-63 - backport CVE-2015-1860 (GIF handler buffer overflow, #1210675) fix from Qt 4 * Sat Feb 28 2015 Kevin Kofler - 3.3.8b-62 - backport CVE-2015-0295 (BMP image handler DoS, #1197275) fix from Qt 4 * Fri Feb 27 2015 Rex Dieter 3.3.8b-61 - rebuild (gcc5) * Sun Aug 17 2014 Fedora Release Engineering - 3.3.8b-60 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sun Jun 8 2014 Fedora Release Engineering - 3.3.8b-59 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Thu May 29 2014 Kevin Kofler - 3.3.8b-58 - backport CVE-2014-0190 (GIF image handler DoS, QTBUG-38367) fix from Qt 4

References

[ 1 ] Bug #1210675 - CVE-2015-1860 qt: segmentation fault in qgifhandler.cpp https://bugzilla.redhat.com/show_bug.cgi?id=1210675

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update qt3' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
Name : qt3
Product : Fedora 20
Version : 3.3.8b
Release : 63.fc20
URL : http://www.troll.no
Summary : The shared library for the Qt 3 GUI toolkit

Related News

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Linux 6.7 Introduces "make hardening.config" To Help Build A Hardened Kernel

Nov 5, 2023

Linux 6.6 Brings New Scheduler, File Sharing and Security

Nov 2, 2023

CVE-2023-4911: Looney Tunables – Local Privilege Escalation in the glibc’s ld.so

Oct 19, 2023

News

Advisories

HOWTOs

Features

Password Guessing as an Attack Vector
Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management

About Us

Powered By

Footer Logo