1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA-1988-1] New qt4-x11 packages fix several vulnerabilitie

    From Giuseppe Iuculano@1:229/2 to All on Tue Feb 2 23:50:02 2010
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - ------------------------------------------------------------------------ Debian Security Advisory DSA-1988-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano February 02, 2010 http://www.debian.org/security/faq
    - ------------------------------------------------------------------------

    Packages : qt4-x11
    Vulnerability : several vulnerabilities
    Problem type : local (remote)
    Debian-specific: no
    CVE Ids : CVE-2009-0945 CVE-2009-1687 CVE-2009-1690 CVE-2009-1698
    CVE-2009-1699 CVE-2009-1711 CVE-2009-1712 CVE-2009-1713
    CVE-2009-1725 CVE-2009-2700
    Debian Bugs : 532718 534946 538347 545793


    Several vulnerabilities have been discovered in qt4-x11, a cross-platform
    C++ application framework.
    The Common Vulnerabilities and Exposures project identifies the
    following problems:

    CVE-2009-0945

    Array index error in the insertItemBefore method in WebKit, as used in qt4-x11, allows remote attackers to execute arbitrary code.


    CVE-2009-1687

    The JavaScript garbage collector in WebKit, as used in qt4-x11 does not properly handle allocation failures, which allows remote attackers to
    execute arbitrary code or cause a denial of service (memory corruption
    and application crash) via a crafted HTML document that triggers write
    access to an "offset of a NULL pointer.


    CVE-2009-1690

    Use-after-free vulnerability in WebKit, as used in qt4-x11, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of
    an HTML tag that causes child elements to be freed and later accessed
    when an HTML error occurs.


    CVE-2009-1698

    WebKit in qt4-x11 does not initialize a pointer during handling of a
    Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or
    cause a denial of service (memory corruption and application crash) via
    a crafted HTML document.


    CVE-2009-1699

    The XSL stylesheet implementation in WebKit, as used in qt4-x11 does
    not properly handle XML external entities, which allows remote attackers to read
    arbitrary files via a crafted DTD.


    CVE-2009-1711

    WebKit in qt4-x11 does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial
    of service (application crash) via a crafted HTML document.


    CVE-2009-1712

    WebKit in qt4-x11 does not prevent remote loading of local Java applets,
    which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element.


    CVE-2009-1713

    The XSLT functionality in WebKit, as used in qt4-x11 does not properly implement the document function, which allows remote attackers to read arbitrary local files and files from different security zones.


    CVE-2009-1725

    WebKit in qt4-x11 does not properly handle numeric character references,
    which allows remote attackers to execute arbitrary code or cause a
    denial of service (memory corruption and application crash) via a
    crafted HTML document.


    CVE-2009-2700

    qt4-x11 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.



    The oldstable distribution (etch) is not affected by these problems.

    For the stable distribution (lenny), these problems have been fixed in
    version 4.4.3-1+lenny1.

    For the testing distribution (squeeze) and the unstable distribution
    (sid), these problems have been fixed in version 4.5.3-1.


    We recommend that you upgrade your qt4-x11 packages.

    Upgrade instructions
    - --------------------

    wget url
    will fetch the file for you
    dpkg -i file.deb
    will install the referenced file.

    If you are using the apt-get package manager, use the line for
    sources.list as given below:

    apt-get update
    will update the internal database
    apt-get upgrade
    will install corrected packages

    You may use an automated update by adding the resources from the
    footer to the proper configuration.


    Debian (stable)
    - ---------------

    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

    Source archives:

    http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-x11_4.4.3.orig.tar.gz
    Size/MD5 checksum: 112939803 376c003317c4417326ba2116370227d0
    http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-x11_4.4.3-1+lenny1.diff.gz
    Size/MD5 checksum: 113988 44e1d7b1418a2ea5811b2ba390c6e5e2
    http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-x11_4.4.3-1+lenny1.dsc
    Size/MD5 checksum: 2517 a643e142a0548df25f447e5147e36434

    Architecture independent packages:

    http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-doc_4.4.3-1+lenny1_all.deb
    Size/MD5 checksum: 52927996 d4f9f1f38e28b02b57f77631c80936c5
    http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-doc-html_4.4.3-1+lenny1_all.deb
    Size/MD5 checksum: 26654448 7e65171932e77223aa5b1393daec55f5

    alpha architecture (DEC Alpha)

    http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.4.3-1+lenny1_alpha.deb
    Size/MD5 checksum: 30804 242795a7b4b6b75655d0c2a1900b4f96
    http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbus_4.4.3-1+lenny1_alpha.deb
    Size/MD5 checksum: 256632 ea070e02a8243c8b73463820aa18c16c
    http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-svg_4.4.3-1+lenny1_alpha.deb
    Size/MD5 checksum: 194438 7639b8b9266a76ffa2880e10b265bfd0
    http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-psql_4.4.3-1+lenny1_alpha.deb
    Size/MD5 checksum: 64780 2e260f7f62771c80884a2a35dcb9b449
    http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.4.3-1+lenny1_alpha.deb
    Size/MD5 checksum: 1642920 05ec919d8ff16f4e5bc9a3e3b0ce6718
    http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit-dbg_4.4.3-1+lenny1_alpha.deb
    Size/MD5 checksum: 54143826 a8112a75ecbdf5bf5fba60c5ffcf6639

    [continued in next message]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)