Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
slackwareSlackware Linux ProjectSSA-2004-236-01
HistoryAug 23, 2004 - 10:10 p.m.

[slackware-security] Qt

2004-08-2322:10:53
Slackware Linux Project
www.slackware.com
28

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.335 Low

EPSS

Percentile

97.1%

JSON

New Qt packages are available for Slackware 9.0, 9.1, 10.0, and -current to
fix security issues. Bugs in the routines that handle PNG, BMP, GIF, and
JPEG images may allow an attacker to cause unauthorized code to execute when
a specially crafted image file is processed. These flaws may also cause
crashes that lead to a denial of service.

More details about these issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0691
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0693

Here are the details from the Slackware 10.0 ChangeLog:

Mon Aug 23 12:12:58 PDT 2004
patches/packages/qt-3.3.3-i486-1.tgz: Upgraded to qt-3.3.3.
This fixes bugs in the image loading routines which could be
used by an attacker to run unauthorized code or create a
denial-of-service.
For more details, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0691
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0693
(* Security fix *)

Where to find the new packages:

Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/kde/qt-3.1.2-i486-4.tgz

Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/qt-3.2.1-i486-2.tgz

Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/qt-3.3.3-i486-1.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/kde/qt-3.3.3-i486-1.tgz

MD5 signatures:

Slackware 9.0 package:
1c08c5c4565bc9705c77c68158b243ff qt-3.1.2-i486-4.tgz

Slackware 9.1 package:
0ac3036c617f3236d868524d7b04c9ac qt-3.2.1-i486-2.tgz

Slackware 10.0 package:
58f31da25d9e03b6d00bda1402c361ef qt-3.3.3-i486-1.tgz

Slackware -current package:
58f31da25d9e03b6d00bda1402c361ef qt-3.3.3-i486-1.tgz

Installation instructions:

Upgrade the package as root:
> upgradepkg qt-3.3.3-i486-1.tgz

Related

nessus 18
openvas 12
osv 1
freebsd 2
suse 2
debian 2
redhat 5
gentoo 1
ubuntucve 3
nvd 3
cvelist 3
cve 3
securityvulns 1
nessus
nessus
FreeBSD : qt -- image loader vulnerabilities (ebffe27a-f48c-11d8-9837-000c41e2cdad)
2004-08-23 00:00:00
RHEL 2.1 / 3 : qt (RHSA-2004:414)
2004-08-22 00:00:00
SUSE-SA:2004:027: qt3/qt3-non-mt/qt3-32bit/qt3-static
2004-08-20 00:00:00
openvas
openvas
FreeBSD Ports: qt
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200408-20 (Qt)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200408-20 (Qt)
2008-09-24 00:00:00
osv
osv
qt - unsanitised input
2004-08-30 00:00:00
freebsd
freebsd
qt -- image loader vulnerabilities
2004-08-11 00:00:00
linux_base -- vulnerabilities in Red Hat 7.1 libraries
2004-09-27 00:00:00
suse
suse
remote system compromise in qt3/qt3-non-mt/qt3-32bit/qt3-static
2004-08-19 14:27:45
remote file disclosure in samba
2004-10-05 14:57:32
debian
debian
[SECURITY] [DSA 542-1] New Qt packages fix arbitrary code execution and denial of service
2004-08-30 13:46:03
[SECURITY] [DSA 542-1] New Qt packages fix arbitrary code execution and denial of service
2004-08-30 13:46:03
redhat
redhat
(RHSA-2004:414) qt security update
2004-08-20 00:00:00
(RHSA-2004:479) XFree86 security update
2004-10-06 00:00:00
(RHSA-2004:478) XFree86 security update
2004-10-04 00:00:00
gentoo
gentoo
Qt: Image loader overflows
2004-08-22 00:00:00
ubuntucve
ubuntucve
CVE-2004-0692
2004-09-28 00:00:00
CVE-2004-0693
2004-09-28 00:00:00
CVE-2004-0691
2004-09-28 00:00:00
nvd
nvd
CVE-2004-0692
2004-09-28 04:00:00
CVE-2004-0693
2004-09-28 04:00:00
CVE-2004-0691
2004-09-28 04:00:00
cvelist
cvelist
CVE-2004-0693
2004-08-25 04:00:00
CVE-2004-0692
2004-08-25 04:00:00
CVE-2004-0691
2004-08-25 04:00:00
cve
cve
CVE-2004-0692
2004-09-28 04:00:00
CVE-2004-0693
2004-09-28 04:00:00
CVE-2004-0691
2004-09-28 04:00:00
securityvulns
securityvulns
CESA-2004-004: qt
2004-08-22 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.335 Low

EPSS

Percentile

97.1%

JSON
Related for SSA-2004-236-01
nessus18openvas12osv1freebsd2suse2debian2redhat5gentoo1ubuntucve3nvd3cvelist3cve3securityvulns1