Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Debian: New qt4-x11 packages fix cross-site scripting vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian ndreas Nolden discovered a bug in the UTF8 decoding routines in qt4-x11, a C++ GUI library framework, that could allow remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1292-1                               Noah Meyerhans
May 15, 2007
- ------------------------------------------------------------------------

Package        : qt4-x11
Vulnerability  : missing input validation
Problem type   : local (remote)
Debian-specific: no
CVE Id(s)      : CVE-2007-0242
BugTraq ID     : 23269
Debian Bug     : 417391

Andreas Nolden discovered a bug in the UTF8 decoding routines in
qt4-x11, a C++ GUI library framework, that could allow remote
attackers to conduct cross-site scripting (XSS) and directory
traversal attacks via long sequences that decode to dangerous

For the stable distribution (etch), this problem has been fixed in version

For the testing and unstable distribution (lenny and sid, respectively),
this problem has been fixed in version 4.2.2-2

We recommend that you upgrade your qt4-x11 package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:
    Size/MD5 checksum:     1390 4c2ac9fc65dc3d31b90473d7ec038f1f
    Size/MD5 checksum: 37069122 2ab1c88084f55b94809f025a8503bf18
    Size/MD5 checksum:    22806 26c69455f8d09fffdfb9413a18f69174

Architecture independent packages:
    Size/MD5 checksum: 21219244 450031c80fd48650103cb7dfb72ea4d3

alpha architecture (DEC Alpha)
    Size/MD5 checksum:  1275656 9881f80acbf96bd8279b1ea27bd01486
    Size/MD5 checksum:  1382940 c69e58cc57b87c77332d21f9b8325f94
    Size/MD5 checksum:   804814 bdda30be03d1c5cda09caf4c3b7e8803
    Size/MD5 checksum:   354964 14a3d2e028391002861dc94d448880b4
    Size/MD5 checksum:    99652 99eddea5a7be2cfccff4689955ebe7b4
    Size/MD5 checksum: 57674544 824c85f2ab97e6f480d60730e7244e13
    Size/MD5 checksum:  4784924 76f7f0e56ad72818a905ce5f6eaf55f0
    Size/MD5 checksum:  1105144 274482c1b490076e2f05c758ec4dc495
    Size/MD5 checksum:  4983572 1805e33b31231fea005abf49c40f3f59

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum:  1060908 d1132452139c18dd3d2ac96608a4c8f0
    Size/MD5 checksum:  4450316 a4c5af2560005fe85390c54f26118364
    Size/MD5 checksum:  1218820 98d8ef5491e28a96d4ce1e1392341819
    Size/MD5 checksum:  4289826 072954140ccc4baa4869479f52a22d54
    Size/MD5 checksum:   314114 3c4fbf8805f823cce3a19663749ce28f
    Size/MD5 checksum: 57719944 6623d3a7b981512c9ade3377d56f1293
    Size/MD5 checksum:  1149424 77f92b9998c9e72cd55be91743a98b74
    Size/MD5 checksum:   745864 777718c827eb9469d1b0d00e3c022f99
    Size/MD5 checksum:    93040 617ba9729040e8e807de83a42c5faff5

arm architecture (ARM)
    Size/MD5 checksum:  1055018 c366aa156f8e69a474c48564bc62c961
    Size/MD5 checksum:    93776 7a9f2fe985d327054315b9395d9a2302
    Size/MD5 checksum:  1298716 e310e6d3f68b3d253a127c9568659bce
    Size/MD5 checksum:  4541218 ffd64eb36975ea6966fa97ccc475e876
    Size/MD5 checksum: 56246534 31a36213f160a55ace99aae498e7365d
    Size/MD5 checksum:  1210244 bb4fac86e13a3517f2e44c86a9c27740
    Size/MD5 checksum:  4794816 6ed6b5646d239e646b5801c18b74acd2
    Size/MD5 checksum:   307298 a7b9d7864221d557ac0d5095e63dc4f8
    Size/MD5 checksum:   770368 8d6748f88f3a9351298e0e347f408a43

hppa architecture (HP PA RISC)
    Size/MD5 checksum:   809216 1fe4fc9cdfe28bfad2414b4bec85af74
    Size/MD5 checksum:  1128178 b8f54f880176fe7e12895ad9064c7c93
    Size/MD5 checksum:  1340368 255976d3ae74ca14515472d488901e64
    Size/MD5 checksum: 58312188 d2f094e801e33e16a9446fe3572ca610
    Size/MD5 checksum:   355658 a95ec7dcf56c20b954aee8ff10b0f173
    Size/MD5 checksum:  4739266 4143c9da6aa61901a3625d77c5c3c153
    Size/MD5 checksum:    96074 140da2f0044b74ad4383d25ed34fc468
    Size/MD5 checksum:  5280406 781a99fd06622a1990eaabd07d2e2712
    Size/MD5 checksum:  1465076 dbd19481eb0e288eb7feeb31166821b4

i386 architecture (Intel ia32)
    Size/MD5 checksum:    94586 eb2c6657681088447e0a585adf983138
    Size/MD5 checksum:  1066694 0c65ef16a35d69e972071299e1d3a13e
    Size/MD5 checksum:  4550080 81753f24013af9c577c7eb771434afbc
    Size/MD5 checksum:  4199428 bbf899840ae7286865a92c9e17940291
    Size/MD5 checksum:   312216 48fc45a20df755a11f06e17b34800fa6
    Size/MD5 checksum: 57201286 b3050cfaf7da40499b893a10d34303f0
    Size/MD5 checksum:  1251866 754eca55b5ff761ac5bcaf210561dd72
    Size/MD5 checksum:   746044 b488d7f7346dabef14ca25337efc5b94
    Size/MD5 checksum:  1166868 5c6e7224ac092a5d662c21348bab2faf

ia64 architecture (Intel ia64)
    Size/MD5 checksum: 60656170 7b72a4b2d98515ee515a7f10c9de1054
    Size/MD5 checksum:  1157546 51a41ba4dbacde924848a945a1f81b21
    Size/MD5 checksum:  5375122 f5650dc28f8d1904477f84fa002a53ff
    Size/MD5 checksum:  1740530 5203ed92c63ece02d823fa33bba90f19
    Size/MD5 checksum:  6199458 d80d3c0c99eedff63b6232e19c5251fa
    Size/MD5 checksum:   462094 4dbedf485d1ec9b8f58da266dc8d401c
    Size/MD5 checksum:   905070 433ea41ca28261e92f47f743963f1468
    Size/MD5 checksum:  1546870 a689b021b507768cd7d0baeb2754934a
    Size/MD5 checksum:   108218 fa39a4c25e8bda9df57226b85922ac14

mips architecture (MIPS (Big Endian))
    Size/MD5 checksum:   775224 97d4a39c282ca5a44ba10d74c6e1074d
    Size/MD5 checksum:  1267642 52a55aac3703510174eff514946e4621
    Size/MD5 checksum:  4575350 ee7acf7cc6cebaf05ddd3a31a1fadf27
    Size/MD5 checksum:  4509728 db94a4a237eaefa2bf447f94bc888ec9
    Size/MD5 checksum:  1093532 d0aa4bcf536d5d7989cd8071af33217c
    Size/MD5 checksum: 60613590 1b0d386bcca8a00db87ca5a4e23e402a
    Size/MD5 checksum:  1180824 54c2a87fd8d67361ebf5c78270f6a66b
    Size/MD5 checksum:   320206 7789c807a1fe31b4864c0c7807d4726f
    Size/MD5 checksum:    89790 7d8dc360830c9e26886997b7d936f865

mipsel architecture (MIPS (Little Endian))
    Size/MD5 checksum: 58682414 6ccf415d98066de8c88740f333650e75
    Size/MD5 checksum:    88984 f0d917896869a60c73d04143da8eb9ed
    Size/MD5 checksum:  4501958 e639d6d42ebcf1740d89aab3d0bb2349
    Size/MD5 checksum:  1244648 a61de73073314a993b1c496269f2386b
    Size/MD5 checksum:  1165558 56cdfe56228f4997fdb4d55de9fe69c7
    Size/MD5 checksum:   767872 12efd46d666b5bba92988f8978d9de2f
    Size/MD5 checksum:  1084962 c84ae262e8e990b023b983398c2fa264
    Size/MD5 checksum:   317962 86654f4e48815b73433cc490552bac34
    Size/MD5 checksum:  4458462 b7da275811d0876147c89679719e6bda

powerpc architecture (PowerPC)
    Size/MD5 checksum:  1260698 434fe2dea53091d065a051ebdfd185df
    Size/MD5 checksum:   314962 62d1fc646a8c3bfb4088de4cf8eefd0c
    Size/MD5 checksum:   745092 1e2dbc6fcf92f9d7dd4dab742801b2b5
    Size/MD5 checksum:    92554 b8b238fa9a91213c282d6acb4a36c01a
    Size/MD5 checksum:  4305914 ec352d9fa9ba15e7ad8d3208a1f4e88f
    Size/MD5 checksum:  1091118 3adfc9ee772f23aa0d0d86be3ae7b701
    Size/MD5 checksum:  4613226 3d8e6ecb9ff861f444b04e5c0032f6d5
    Size/MD5 checksum: 59534372 abe612c0bd5106df037b8d13773474b1
    Size/MD5 checksum:  1208706 80591ac1f934fc4586cf75c3f18a2ef9

s390 architecture (IBM S/390)
    Size/MD5 checksum:  1293112 98d87330afadfceeb02a9485ae462f09
    Size/MD5 checksum:   755026 9f57b048c549abf1d5afbce1254c0866
    Size/MD5 checksum:  1234676 e0ebb9c25313368b191a1787abf45068
    Size/MD5 checksum:   334764 0c2bc32d9b9b556c36afd728ca611dd8
    Size/MD5 checksum: 60276010 62f1448ae21529981eaf5c951e88934c
    Size/MD5 checksum:    84988 59d44e33d426d4c0cd33cc73d2408bfb
    Size/MD5 checksum:  4187694 c96e42864ad741ce3937df5b3d6a4859
    Size/MD5 checksum:  1055562 c7991163a1460813235e40bedb1a09de
    Size/MD5 checksum:  4604590 fb787e541f7e908a2de260a59c4273a3

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.