Описание
ELSA-2011-1324: qt4 security update (MODERATE)
[4.2.1-1.1]
- Resolves: #737815, qt/harfbuzz buffer overflow, CVE-2011-3193
- Resolves: #234633, UTF-8 overlong sequence decoding vulnerability, CVE-2007-0242
Обновленные пакеты
Oracle Linux 5
Oracle Linux ia64
qt4
4.2.1-1.el5_7.1
qt4-devel
4.2.1-1.el5_7.1
qt4-doc
4.2.1-1.el5_7.1
qt4-mysql
4.2.1-1.el5_7.1
qt4-odbc
4.2.1-1.el5_7.1
qt4-postgresql
4.2.1-1.el5_7.1
qt4-sqlite
4.2.1-1.el5_7.1
Oracle Linux x86_64
qt4
4.2.1-1.el5_7.1
qt4-devel
4.2.1-1.el5_7.1
qt4-doc
4.2.1-1.el5_7.1
qt4-mysql
4.2.1-1.el5_7.1
qt4-odbc
4.2.1-1.el5_7.1
qt4-postgresql
4.2.1-1.el5_7.1
qt4-sqlite
4.2.1-1.el5_7.1
Oracle Linux i386
qt4
4.2.1-1.el5_7.1
qt4-devel
4.2.1-1.el5_7.1
qt4-doc
4.2.1-1.el5_7.1
qt4-mysql
4.2.1-1.el5_7.1
qt4-odbc
4.2.1-1.el5_7.1
qt4-postgresql
4.2.1-1.el5_7.1
qt4-sqlite
4.2.1-1.el5_7.1
Связанные CVE
Связанные уязвимости
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the H ...
The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.