LinuxSecurity.com 		Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: February 6th, 2012
Linux Advisory Watch: February 3rd, 2012
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Fedora 11 Update: qt-4.5.3-9.fc11 Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Fedora A security flaw was found in the WebKit's Cross-Origin Resource Sharing (CORS) implementation. Multiple security flaws (integer underflow, invalid pointer dereference, buffer underflow and a denial of service) were found in the way WebKit's FTP parser used to process remote FTP directory listings. 
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-11491
2009-11-14 02:52:10.042225
--------------------------------------------------------------------------------

Name        : qt
Product     : Fedora 11
Version     : 4.5.3
Release     : 9.fc11
URL         : http://www.qtsoftware.com/
Summary     : Qt toolkit
Description :
Qt is a software toolkit for developing applications.

This package contains base tools, like string, xml, and network
handling.

--------------------------------------------------------------------------------
Update Information:

A security flaw was found in the WebKit's Cross-Origin Resource Sharing (CORS)
implementation.    Multiple security flaws (integer underflow, invalid pointer
dereference, buffer underflow and a denial of service) were found in the way
WebKit's FTP parser used to process remote FTP directory listings.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 12 2009 Jaroslav Reznik  - 4.5.3-9
- CVE-2009-3384 - WebKit, ftp listing handling (#525788)
- CVE-2009-2816 - WebKit, MITM Cross-Origin Resource Sharing (#525789)
* Sun Nov  8 2009 Rex Dieter  - 4.5.3-8
- -x11: Requires: %{name}-sqlite(ppc-32)
* Thu Oct 29 2009 Than Ngo  - 4.5.3-7
- fix glib-even-loop issue, regression which causes
  Password dialogs get stuck
* Fri Oct 16 2009 Than Ngo  - 4.5.3-6
- subpackage sqlite plugin, add Require on qt-sqlite in qt-x11
  for assistant
* Wed Oct 14 2009 Rex Dieter  4.5.3-5
- drop needless Prereq: /etc/ld.so.conf.d
* Sat Oct 10 2009 Than Ngo  - 4.5.3-4
- fix translation build issue
- rhel cleanup
* Tue Oct  6 2009 Jaroslav Reznik  - 4.5.3-3
- disable JavaScriptCore JIT, SE Linux crashes (#527079)
* Fri Oct  2 2009 Than Ngo  - 4.5.3-2
- cleanup patches
- if ! phonon_internal, exclude more/all phonon headers
- qt-devel must Requires: phonon-devel (#520323)
* Thu Oct  1 2009 Rex Dieter  - 4.5.3-1
- qt-4.5.3
* Tue Sep 29 2009 Rex Dieter  - 4.5.2-21
- switch to external/kde phonon
* Mon Sep 28 2009 Rex Dieter  - 4.5.2-20
- use internal Qt Assistant/Designer icons
- -devel: move designer.qch,linguist.qch here
- move ownership of %_qt4_docdir, %_qt4_docdir/qch to main pkg
* Sun Sep 20 2009 Rex Dieter  - 4.5.2-19
- Missing Qt Designer icon (#476605)
* Fri Sep 11 2009 Rex Dieter  - 4.5.2-18
- drop gcc -fno-var-tracking-assignments hack (#522576)
* Fri Sep 11 2009 Than Ngo  - 4.5.2-17
- drop useless check for ossl patch, the patch works fine with old ossl
* Wed Sep  9 2009 Than Ngo  - 4.5.2-16
- add a correct system_ca_certificates patch
* Tue Sep  8 2009 Rex Dieter  - 4.5.2-15
- use system ca-certificates (#521911)
* Tue Sep  1 2009 Than Ngo  - 4.5.2-14
- drop fedora < 9 support
- only apply ossl patch for fedora > 11
* Mon Aug 31 2009 Than Ngo  - 4.5.2-13
- fix for CVE-2009-2700
* Thu Aug 27 2009 Rex Dieter  4.5.2-12
- use platform linux-g++ everywhere (ie, drop linux-g++-64 on 64 bit),
  avoids plugin/linker weirdness (bug #478481)
* Wed Aug 26 2009 Tomas Mraz  - 1:4.5.2-11
- rebuilt with new openssl
* Thu Aug 20 2009 Than Ngo  - 4.5.2-10
- switch to kde-qt branch
* Tue Aug 18 2009 Than Ngo  - 4.5.2-9
- security fix for CVE-2009-1725 (bz#513813)
* Sun Aug 16 2009 Than Ngo  - 4.5.2-8
- fix phonon-backend-gstreamer for using pulsaudio (#513421)
* Fri Aug 14 2009 Rex Dieter  4.5.2-7
- kde-qt: 287-qmenu-respect-minwidth
- kde-qt: 0288-more-x-keycodes (#475247)
* Wed Aug  5 2009 Rex Dieter  4.5.2-6
- use linker scripts for _debug targets (#510246)
- tighten deps using %{?_isa}
- -x11: Requires(post,postun): /sbin/ldconfig
* Thu Jul 30 2009 Than Ngo  - 4.5.2-5
- apply upstream patch to fix issue in Copy and paste
* Sun Jul 26 2009 Fedora Release Engineering  - 1:4.5.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Thu Jul  2 2009 Than Ngo  - 4.5.2-3
- pregenerate PNG, drop BR on GraphicsMagick (bz#509244)
* Fri Jun 26 2009 Kevin Kofler  - 4.5.2-2
- take current qt-copy-patches snapshot (20090626)
- disable patches which are already in 4.5.2
- fix the qt-copy patch 0274-shm-native-image-fix.diff to apply against 4.5.2
* Thu Jun 25 2009 Lukáš Tinkl  - 4.5.2-1
- Qt 4.5.2
* Sun Jun  7 2009 Rex Dieter  - 4.5.1-18
- phonon-backend-gstreamer pkg, with icons
- optimize (icon-mostly) scriptlets
* Sun Jun  7 2009 Than Ngo  - 4.5.1-17
- drop the hack, apply patch to install Global header, gstreamer.desktop
  and dbus services file
* Sat Jun  6 2009 Rex Dieter  - 4.5.1-16
- install awol Phonon/Global header
* Fri Jun  5 2009 Kevin Kofler  - 4.5.1-15
- apply Phonon PulseAudio patch (needed for the xine-lib backend)
* Fri Jun  5 2009 Than Ngo  - 4.5.1-14
- enable phonon and gstreamer-backend
* Sat May 30 2009 Rex Dieter  - 4.5.1-13
- -doc: Obsoletes: qt-doc < 1:4.5.1-4 (workaround bug #502401)
* Sat May 23 2009 Rex Dieter  - 4.5.1-12
- +phonon_internal macro to toggle packaging of qt's phonon (default off)
* Fri May 22 2009 Rex Dieter  - 4.5.1-11
- qt-copy-patches-20090522
* Wed May 20 2009 Rex Dieter  - 4.5.1-10.2
- full (non-bootstrap) build
* Wed May 20 2009 Rex Dieter  - 4.5.1-10.1
- allow for minimal bootstrap build (*cough* arm *cough*)
* Wed May  6 2009 Rex Dieter  - 4.5.1-10
- improved kde4_plugins patch, skip expensive/unneeded canonicalPath
* Wed May  6 2009 Rex Dieter  - 4.5.1-9
- include kde4 plugin path by default (#498809)
* Mon May  4 2009 Rex Dieter  - 4.5.1-8
- fix invalid assumptions about mysql_config --libs (bug #440673)
- fix %files breakage from 4.5.1-5
* Wed Apr 29 2009 Rex Dieter  - 4.5.1-7
- -devel: Provides: qt4-devel%{?_isa} ...
* Mon Apr 27 2009 Than Ngo  - 4.5.1-6
- drop useless hunk of qt-x11-opensource-src-4.5.1-enable_ft_lcdfilter.patch
* Mon Apr 27 2009 Rex Dieter  - 4.5.1-5
- -devel: Provides: *-static for libQtUiTools.a
* Fri Apr 24 2009 Rex Dieter  - 4.5.1-4
- qt-doc noarch
- qt-demos, qt-examples (split from -doc)
- (cosmetic) re-order subpkgs in alphabetical order
- drop unused profile.d bits
* Fri Apr 24 2009 Rex Dieter  - 4.5.1-3
- enable FT_LCD_FILTER (uses freetype subpixel filters if available at runtime)
* Fri Apr 24 2009 Than Ngo  - 4.5.1-2
- apply upstream patch to fix the svg rendering regression
* Thu Apr 23 2009 Than Ngo  - 4.5.1-1
- 4.5.1
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #525788 - CVE-2009-3384 WebKit, qt: Multiple security issues while handling FTP directory listings
        https://bugzilla.redhat.com/show_bug.cgi?id=525788
  [ 2 ] Bug #525789 - CVE-2009-2816 WebKit, qt: MITM in the WebKit's Cross-Origin Resource Sharing (CORS) implementation
        https://bugzilla.redhat.com/show_bug.cgi?id=525789
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update qt' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce
 
< Prev   Next >
    
Partner

 
Latest Features
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Using the sec-wall Security Proxy
sec-wall: Open Source Security Proxy
Yesterday's Edition
Hackers Hit Apple Supplier Foxconn, Leak Usernames And Passwords
Hackers Mug Google's Wallet App on Rooted Android Devices
Google Chrome will no longer check for revoked SSL certificates online
Have Your Users' Passwords Already Been Hacked?
DDoS Tools Flourish, Give Attackers Many Options
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2012 Guardian Digital, Inc. All rights reserved.