Slackware 10.2 and 11.0 Security Advisory: Addressing Qt XSS Vulnerability
slackware
April 3, 2007
New qt packages are available for Slackware 10.2, 11.0, and -current to fix a security issue
Summary
Here are the details from the Slackware 11.0 ChangeLog: patches/packages/qt-3.3.8-i486-1_slack11.0.tgz: Patched an issue where the Qt UTF 8 decoder may in some instances fail to reject overlong sequences, possibly allowing "/../" path injection or XSS errors. For more information, see: https://www.cve.org/CVERecord?id=CVE-2007-0242 (* Security fix *)
Topics Covered
Where Find New Packages
Updated package for Slackware 10.2:
Updated package for Slackware 11.0:
Updated package for Slackware -current:
MD5 Signatures
Slackware 10.2 package:
793d29a0b2ace2baf44a3f71ac9a7879 qt-3.3.4-i486-4_slack10.2.tgz
Slackware 11.0 package:
4c1a3f1c9095156a57f5292e4cb73673 qt-3.3.8-i486-1_slack11.0.tgz
Slackware -current package:
e8be820d81d7d3486ed9e210500a5e06 qt-3.3.8-i486-3.tgz
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Installation Instructions
Installation instructions: Upgrade the package as root: # upgradepkg qt-3.3.8-i486-1_slack11.0.tgz
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!