Updated qt3 qt4 & qtbase5 packages fix security vulnerabilities
Publication date: 06 May 2015Modification date: 06 May 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-1858 , CVE-2015-1859 , CVE-2015-1860
Description
Updated qt3, qt4, and qtbase5 packages fix security vulnerabilities:
It is possible to construct invalid BMP (CVE-2015-1858), ICO (CVE-2015-1859)
and GIF (CVE-2015-1860) images that lead to buffer overflows.
Qt3 is only vulnerable to the CVE-2015-1860 issue with GIF images.
References
- https://bugs.mageia.org/show_bug.cgi?id=15750
- https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html
- https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html
- http://lists.qt-project.org/pipermail/announce/2015-April/000067.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1858
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1859
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1860
SRPMS
4/core
- qt3-3.3.8b-33.4.mga4
- qt4-4.8.6-1.3.mga4
- qtbase5-5.2.0-2.5.mga4