Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
203
security advisorycriticalsecurity fixMageia 8 MGASA-2023-0231 Critical: Qt4 Out-Of-Bounds Issues
Out-of-bounds write in QtPrivate::QCommonArrayOps ::growAppend (CVE-2021-45930) QtSvg QSvgFont m_unitsPerEm initialization is mishandled. (CVE-2023-32573) . MGASA-2023-0231 - Updated qt4/qtsvg5 packages fix security vulnerability Publication date: 19 Jul 2023 URL: https://advisories.mageia.org/MGASA-2023-0231.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-45930, CVE-2023-32573 Out-of-bounds write in QtPrivate::QCommonArrayOps ::growAppend (CVE-2021-45930) QtSvg QSvgFont m_unitsPerEm initialization is mishandled. (CVE-2023-32573) References: - https://bugs.mageia.org/show_bug.cgi?id=29913 - https://ubuntu.com/security/notices/USN-5241-1 - https://lists.fedoraproject.org/archives/list/
Jul 19, 2023
•Critical
Mageia
203
security advisorypackage updateDoSMageia 8: MGASA-2021-0510 Moderate: qt4 Library Loading Risk
CVE-2020-24741, Do not attempt to load a library relative to $PWD References: - https://bugs.mageia.org/show_bug.cgi?id=29602 - https://lists.fedoraproject.org/archives/list/
Nov 18, 2021
Mageia
203
security advisorymoderateupdateMageia 7 & 8: 2021-0262 Moderate: Qt4 and Qtsvg5 Info Disclosure
An out of bounds read in function QRadialFetchSimd from crafted svg file may lead to information disclosure or other potential consequences. This update includes the backported upstream fix and should resolve the security issue (CVE-2021-3481). . MGASA-2021-0262 - Updated qt4 and qtsvg5 packages fix a security vulnerability Publication date: 16 Jun 2021 URL: https://advisories.mageia.org/MGASA-2021-0262.html Type: security Affected Mageia releases: 7, 8 CVE: CVE-2021-3481 An out of bounds read in function QRadialFetchSimd from crafted svg file may lead to information disclosure or other potential consequences. This update includes the backported upstream fix and should resolve the security issue (CVE-2021-3481). References: - https://bugs.mageia.org/show_bug.cgi?id=29014 - https://qt-project.atlassian.net//browse/QTBUG-91507 - https://lists.fedoraproject.org/archives/list/
Jun 16, 2021
Mageia
203
security advisorysecurity issuebuffer overflowMageia: 2020-0347 Critical: qt4 and qt5base Buffer Over-read
The read_xbm_body function in gui/image/qxbmhandler.cpp has a buffer over-read (CVE-2020-17507). References: - https://bugs.mageia.org/show_bug.cgi?id=27173 . MGASA-2020-0347 - Updated qt4 and qt5base packages fix security vulnerability Publication date: 27 Aug 2020 URL: https://advisories.mageia.org/MGASA-2020-0347.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-17507 The read_xbm_body function in gui/image/qxbmhandler.cpp has a buffer over-read (CVE-2020-17507). References: - https://bugs.mageia.org/show_bug.cgi?id=27173 - https://lists.fedoraproject.org/archives/list/
Aug 27, 2020
•Critical
Mageia
203
security advisorysecurity issuedivision by zeroMageia 6: 2019-0161 Critical: Qt4 Crash From Malformed PPM Image
Updated qt4 packages fix security vulnerability: A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp (CVE-2018-19872). . MGASA-2019-0161 - Updated qt4 packages fix security vulnerability Publication date: 12 May 2019 URL: https://advisories.mageia.org/MGASA-2019-0161.html Type: security Affected Mageia releases: 6 CVE: CVE-2018-19872 Updated qt4 packages fix security vulnerability: A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp (CVE-2018-19872). References: - https://bugs.mageia.org/show_bug.cgi?id=24600 - https://lists.fedoraproject.org/archives/list/
May 12, 2019
•Critical
Mageia
98
security advisorymoderateRed HatRed Hat Enterprise Linux 5 RHSA-2011:1324-01 Moderate: Qt4 Input Sanitation
Updated qt4 packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: qt4 security update Advisory ID: RHSA-2011:1324-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2011:1324.html Issue date: 2011-09-21 CVE Names: CVE-2007-0242 CVE-2011-3193 ==================================================================== 1. Summary: Updated qt4 packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: Qt 4 is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A flaw in the way Qt 4 expanded certain UTF-8 characters could be used to prevent a Qt 4 based application from properly sanitizing user input. Depending on the application, this could allow an attacker to perform directory traversal, or for web applications, a cross-site scripting (XSS) attack. (CVE-2007-0242) A buffer overflow flaw was found in the harfbuzz module in Qt 4. If a user loaded a specially-crafted font file with an application linked againstQt 4, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3193) Users of Qt 4 should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against Qt 4 libraries must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (https://bugzilla.redhat.com/): 234633 - CVE-2007-0242 QT UTF8 improper character expansion 733118 - CVE-2011-3193 qt/harfbuzz buffer overflow 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: qt4-4.2.1-1.el5_7.1.i386.rpm qt4-debuginfo-4.2.1-1.el5_7.1.i386.rpm qt4-doc-4.2.1-1.el5_7.1.i386.rpm qt4-mysql-4.2.1-1.el5_7.1.i386.rpm qt4-odbc-4.2.1-1.el5_7.1.i386.rpm qt4-postgresql-4.2.1-1.el5_7.1.i386.rpm qt4-sqlite-4.2.1-1.el5_7.1.i386.rpm x86_64: qt4-4.2.1-1.el5_7.1.i386.rpm qt4-4.2.1-1.el5_7.1.x86_64.rpm qt4-debuginfo-4.2.1-1.el5_7.1.i386.rpm qt4-debuginfo-4.2.1-1.el5_7.1.x86_64.rpm qt4-doc-4.2.1-1.el5_7.1.x86_64.rpm qt4-mysql-4.2.1-1.el5_7.1.x86_64.rpm qt4-odbc-4.2.1-1.el5_7.1.x86_64.rpm qt4-postgresql-4.2.1-1.el5_7.1.x86_64.rpm qt4-sqlite-4.2.1-1.el5_7.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: i386: qt4-debuginfo-4.2.1-1.el5_7.1.i386.rpm qt4-devel-4.2.1-1.el5_7.1.i386.rpm x86_64: qt4-debuginfo-4.2.1-1.el5_7.1.i386.rpm qt4-debuginfo-4.2.1-1.el5_7.1.x86_64.rpm qt4-devel-4.2.1-1.el5_7.1.i386.rpm qt4-devel-4.2.1-1.el5_7.1.x86_64.rpm Red Hat Enterprise Linux (v. 5server): Source: i386: qt4-4.2.1-1.el5_7.1.i386.rpm qt4-debuginfo-4.2.1-1.el5_7.1.i386.rpm qt4-devel-4.2.1-1.el5_7.1.i386.rpm qt4-doc-4.2.1-1.el5_7.1.i386.rpm qt4-mysql-4.2.1-1.el5_7.1.i386.rpm qt4-odbc-4.2.1-1.el5_7.1.i386.rpm qt4-postgresql-4.2.1-1.el5_7.1.i386.rpm qt4-sqlite-4.2.1-1.el5_7.1.i386.rpm ia64: qt4-4.2.1-1.el5_7.1.ia64.rpm qt4-debuginfo-4.2.1-1.el5_7.1.ia64.rpm qt4-devel-4.2.1-1.el5_7.1.ia64.rpm qt4-doc-4.2.1-1.el5_7.1.ia64.rpm qt4-mysql-4.2.1-1.el5_7.1.ia64.rpm qt4-odbc-4.2.1-1.el5_7.1.ia64.rpm qt4-postgresql-4.2.1-1.el5_7.1.ia64.rpm qt4-sqlite-4.2.1-1.el5_7.1.ia64.rpm ppc: qt4-4.2.1-1.el5_7.1.ppc.rpm qt4-4.2.1-1.el5_7.1.ppc64.rpm qt4-debuginfo-4.2.1-1.el5_7.1.ppc.rpm qt4-debuginfo-4.2.1-1.el5_7.1.ppc64.rpm qt4-devel-4.2.1-1.el5_7.1.ppc.rpm qt4-devel-4.2.1-1.el5_7.1.ppc64.rpm qt4-doc-4.2.1-1.el5_7.1.ppc.rpm qt4-mysql-4.2.1-1.el5_7.1.ppc.rpm qt4-odbc-4.2.1-1.el5_7.1.ppc.rpm qt4-postgresql-4.2.1-1.el5_7.1.ppc.rpm qt4-sqlite-4.2.1-1.el5_7.1.ppc.rpm s390x: qt4-4.2.1-1.el5_7.1.s390.rpm qt4-4.2.1-1.el5_7.1.s390x.rpm qt4-debuginfo-4.2.1-1.el5_7.1.s390.rpm qt4-debuginfo-4.2.1-1.el5_7.1.s390x.rpm qt4-devel-4.2.1-1.el5_7.1.s390.rpm qt4-devel-4.2.1-1.el5_7.1.s390x.rpm qt4-doc-4.2.1-1.el5_7.1.s390x.rpm qt4-mysql-4.2.1-1.el5_7.1.s390x.rpm qt4-odbc-4.2.1-1.el5_7.1.s390x.rpm qt4-postgresql-4.2.1-1.el5_7.1.s390x.rpm qt4-sqlite-4.2.1-1.el5_7.1.s390x.rpm x86_64: qt4-4.2.1-1.el5_7.1.i386.rpm qt4-4.2.1-1.el5_7.1.x86_64.rpm qt4-debuginfo-4.2.1-1.el5_7.1.i386.rpm qt4-debuginfo-4.2.1-1.el5_7.1.x86_64.rpm qt4-devel-4.2.1-1.el5_7.1.i386.rpm qt4-devel-4.2.1-1.el5_7.1.x86_64.rpm qt4-doc-4.2.1-1.el5_7.1.x86_64.rpm qt4-mysql-4.2.1-1.el5_7.1.x86_64.rpm qt4-odbc-4.2.1-1.el5_7.1.x86_64.rpm qt4-postgresql-4.2.1-1.el5_7.1.x86_64.rpm qt4-sqlite-4.2.1-1.el5_7.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7.References: https://access.redhat.com/security/cve/CVE-2007-0242 https://access.redhat.com/security/cve/CVE-2011-3193 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOeiiFXlSAg2UNWIIRAjjUAJ9rg/DAsKiCaBzpimfDXYtb2SeC9ACglQdk s669t10+b0vFWbTleNEVLmk=YK8A -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Sep 21, 2011
Red Hat
200
security advisorybuffer overflowdirectory traversalScientific Linux 5: CVE-2007-0242 Moderate: Qt4 XSS And Buffer Overflow
Moderate: qt4 security update. Date: Tue, 20 Sep 2011 14:19:43 -0500 Reply-To: Pat Riehecky Sender: Security Errata for Scientific Linux From: Pat Riehecky Organization: Fermilab Subject: FASTBUGS for SL 5x i386, x86_64 now available MIME-Version: 1.0 The following FASTBUGS have been uploadedto i386: autofs-5.0.1-0.rc2.156.el5_7.1.i386.rpm boost-1.33.1-10.el5_7.3.i386.rpm boost-devel-1.33.1-10.el5_7.3.i386.rpm boost-doc-1.33.1-10.el5_7.3.i386.rpm buildsys-macros-5-5.el5.noarch.rpm certmonger-0.42-1.el5_7.1.i386.rpm ghostscript-8.70-6.el5_7.3.i386.rpm ghostscript-devel-8.70-6.el5_7.3.i386.rpm ghostscript-gtk-8.70-6.el5_7.3.i386.rpm ipa-client-2.0-14.el5_7.1.i386.rpm kdeadmin-3.5.4-4.el5.i386.rpm kdebase-3.5.4-25.el5.i386.rpm kdebase-devel-3.5.4-25.el5.i386.rpm kdeutils-3.5.4-6.el5.i386.rpm kdeutils-devel-3.5.4-6.el5.i386.rpm python-2.4.3-44.el5_7.1.i386.rpm python-devel-2.4.3-44.el5_7.1.i386.rpm python-libs-2.4.3-44.el5_7.1.i386.rpm python-tools-2.4.3-44.el5_7.1.i386.rpm switchdesk-4.0.8-7.el5.noarch.rpm switchdesk-gui-4.0.8-7.el5.noarch.rpm system-config-users-1.2.51-7.el5.noarch.rpm tkinter-2.4.3-44.el5_7.1.i386.rpm yum-rhn-plugin-0.5.4-22.el5_7.2.noarch.rpm x86_64: autofs-5.0.1-0.rc2.156.el5_7.1.x86_64.rpm boost-1.33.1-10.el5_7.3.i386.rpm boost-1.33.1-10.el5_7.3.x86_64.rpm boost-devel-1.33.1-10.el5_7.3.i386.rpm boost-devel-1.33.1-10.el5_7.3.x86_64.rpm boost-doc-1.33.1-10.el5_7.3.x86_64.rpm buildsys-macros-5-5.el5.noarch.rpm certmonger-0.42-1.el5_7.1.x86_64.rpm ghostscript-8.70-6.el5_7.3.i386.rpm ghostscript-8.70-6.el5_7.3.x86_64.rpm ghostscript-devel-8.70-6.el5_7.3.i386.rpm ghostscript-devel-8.70-6.el5_7.3.x86_64.rpm ghostscript-gtk-8.70-6.el5_7.3.x86_64.rpm ipa-client-2.0-14.el5_7.1.x86_64.rpm kdeadmin-3.5.4-4.el5.x86_64.rpm kdebase-3.5.4-25.el5.i386.rpm kdebase-3.5.4-25.el5.x86_64.rpm kdebase-devel-3.5.4-25.el5.i386.rpm kdebase-devel-3.5.4-25.el5.x86_64.rpm kdeutils-3.5.4-6.el5.x86_64.rpm kdeutils-devel-3.5.4-6.el5.x86_64.rpm python-2.4.3-44.el5_7.1.x86_64.rpm python-devel-2.4.3-44.el5_7.1.i386.rpm python-devel-2.4.3-44.el5_7.1.x86_64.rpm python-libs-2.4.3-44.el5_7.1.x86_64.rpm python-tools-2.4.3-44.el5_7.1.x86_64.rpm switchdesk-4.0.8-7.el5.noarch.rpm switchdesk-gui-4.0.8-7.el5.noarch.rpm system-config-users-1.2.51-7.el5.noarch.rpm tkinter-2.4.3-44.el5_7.1.x86_64.rpm yum-rhn-plugin-0.5.4-22.el5_7.2.noarch.rpm Date: Wed, 21 Sep 2011 14:45:29 -0500 Reply-To: Pat Riehecky Sender: Security Errata for Scientific Linux From: Pat Riehecky Organization: Fermilab Subject: Security ERRATA Moderate: qt4 on SL5.x i386/x86_64 MIME-Version: 1.0 Synopsis: Moderate: qt4 security update Issue Date: 2011-09-21 CVE Numbers: CVE-2007-0242 CVE-2011-3193 Qt 4 is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A flaw in the way Qt 4 expanded certain UTF-8 characters could be used to prevent a Qt 4 based application from properly sanitizing user input. Depending on the application, this could allow an attacker to perform directory traversal, or for web applications, a cross-site scripting (XSS) attack. (CVE-2007-0242) A buffer overflow flaw was found in the harfbuzz module in Qt 4. If a user loaded a specially-crafted font file with an application linked against Qt 4, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3193) Users of Qt 4 should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against Qt 4 libraries must be restarted for this update to take effect. SL5: i386 qt4-4.2.1-1.el5_7.1.i386.rpm qt4-sqlite-4.2.1-1.el5_7.1.i386.rpm qt4-postgresql-4.2.1-1.el5_7.1.i386.rpm qt4-odbc-4.2.1-1.el5_7.1.i386.rpm qt4-mysql-4.2.1-1.el5_7.1.i386.rpm qt4-doc-4.2.1-1.el5_7.1.i386.rpm qt4-devel-4.2.1-1.el5_7.1.i386.rpm qt4-debuginfo-4.2.1-1.el5_7.1.i386.rpm x86_64 qt4-postgresql-4.2.1-1.el5_7.1.x86_64.rpm qt4-odbc-4.2.1-1.el5_7.1.x86_64.rpm qt4-mysql-4.2.1-1.el5_7.1.x86_64.rpm qt4-doc-4.2.1-1.el5_7.1.x86_64.rpm qt4-devel-4.2.1-1.el5_7.1.x86_64.rpm qt4-devel-4.2.1-1.el5_7.1.i386.rpm qt4-debuginfo-4.2.1-1.el5_7.1.x86_64.rpm qt4-debuginfo-4.2.1-1.el5_7.1.i386.rpm qt4-4.2.1-1.el5_7.1.x86_64.rpm qt4-4.2.1-1.el5_7.1.i386.rpm qt4-sqlite-4.2.1-1.el5_7.1.x86_64.rpm - Scientific Linux Development Team . A crucial security patch for qt4 has been issued, targeting vulnerabilities in Scientific Linux. Users should update their packages and follow the guidelines to improve system security. qt4 Security Update, Scientific Linux Advisory, Buffer Overflow Issue, Directory Traversal Risk. . LinuxSecurity.com Team
Sep 21, 2011
Scientific Linux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!