Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2007:0883
HistorySep 13, 2007 - 6:50 p.m.

qt security update

2007-09-1318:50:19
CentOS Project
lists.centos.org
44

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.027 Low

EPSS

Percentile

90.4%

JSON

CentOS Errata and Security Advisory CESA-2007:0883

Qt is a software toolkit that simplifies the task of writing and
maintaining GUI (Graphical User Interface) applications for the X Window
System.

A flaw was found in the way Qt expanded certain UTF8 characters. It was
possible to prevent a Qt-based application from properly sanitizing user
supplied input. This could, for example, result in a cross-site scripting
attack against the Konqueror web browser. (CVE-2007-0242)

A buffer overflow flaw was found in the way Qt expanded malformed Unicode
strings. If an application linked against Qt parsed a malicious Unicode
string, it could lead to a denial of service or possibly allow the
execution of arbitrary code. (CVE-2007-4137)

Users of Qt should upgrade to these updated packages, which contain a
backported patch to correct these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2007-September/076352.html
https://lists.centos.org/pipermail/centos-announce/2007-September/076353.html
https://lists.centos.org/pipermail/centos-announce/2007-September/076354.html
https://lists.centos.org/pipermail/centos-announce/2007-September/076355.html
https://lists.centos.org/pipermail/centos-announce/2007-September/076356.html
https://lists.centos.org/pipermail/centos-announce/2007-September/076357.html
https://lists.centos.org/pipermail/centos-announce/2007-September/076361.html
https://lists.centos.org/pipermail/centos-announce/2007-September/076362.html
https://lists.centos.org/pipermail/centos-announce/2007-September/076397.html
https://lists.centos.org/pipermail/centos-announce/2007-September/076398.html

Affected packages:
qt
qt-MySQL
qt-ODBC
qt-PostgreSQL
qt-config
qt-designer
qt-devel
qt-devel-docs

Upstream details at:
https://access.redhat.com/errata/RHSA-2007:0883

Related

nessus 32
oraclelinux 3
openvas 38
redhat 3
centos 3
fedora 2
prion 2
ubuntucve 2
veracode 2
debiancve 2
ubuntu 2
securityvulns 3
gentoo 1
cve 2
debian 3
slackware 1
osv 1
nessus
nessus
RHEL 2.1 / 3 / 4 / 5 : qt (RHSA-2007:0883)
2007-09-14 00:00:00
Scientific Linux Security Update : qt on SL5.x, SL4.x, SL3.x i386/x86_64
2012-08-01 00:00:00
CentOS 3 / 4 / 5 : qt (CESA-2007:0883)
2007-09-14 00:00:00
oraclelinux
oraclelinux
Important: qt security update
2007-09-13 00:00:00
qt4 security update
2011-09-21 00:00:00
Moderate: kdelibs security update
2007-10-08 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2007-0883)
2015-10-08 00:00:00
Fedora Update for qt FEDORA-2007-703
2009-02-27 00:00:00
Fedora Update for qt FEDORA-2007-703
2009-02-27 00:00:00
redhat
redhat
(RHSA-2007:0883) Important: qt security update
2007-09-13 00:00:00
(RHSA-2011:1324) Moderate: qt4 security update
2011-09-21 00:00:00
(RHSA-2007:0909) Moderate: kdelibs security update
2007-10-08 00:00:00
centos
centos
qt security update
2007-09-14 01:30:43
qt4 security update
2011-09-22 03:19:27
kdelibs security update
2007-10-08 18:49:50
fedora
fedora
[SECURITY] Fedora Core 6 Update: qt-3.3.8-2.fc6
2007-09-18 22:38:37
[SECURITY] Fedora 7 Update: qt-3.3.8-7.fc7
2007-09-19 02:53:35
prion
prion
Heap overflow
2007-09-18 19:17:00
Cross site scripting
2007-04-03 16:19:00
ubuntucve
ubuntucve
CVE-2007-4137
2007-09-18 00:00:00
CVE-2007-0242
2007-04-03 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:17:41
Cross-site Scripting (XSS)
2020-04-10 00:17:41
debiancve
debiancve
CVE-2007-4137
2007-09-18 19:17:00
CVE-2007-0242
2007-04-03 16:19:00
ubuntu
ubuntu
Qt vulnerability
2007-09-18 00:00:00
KDE library vulnerability
2007-04-11 00:00:00
securityvulns
securityvulns
[Full-disclosure] [ MDKSA-2007:183 ] - Updated qt3/qt4 packages fix vulnerability
2007-09-14 00:00:00
Qt library buffer overflow
2007-09-14 00:00:00
QT / KJS UTF-8 decoding security vulnerability
2007-04-05 00:00:00
gentoo
gentoo
Qt: Buffer overflow
2007-10-25 00:00:00
cve
cve
CVE-2007-4137
2007-09-18 19:17:00
CVE-2007-0242
2007-04-03 16:19:00
debian
debian
[SECURITY] [DSA 1292-1] New qt4-x11 packages fix cross-site scripting vulnerability
2007-05-15 22:22:07
[SECURITY] [DSA 1292-1] New qt4-x11 packages fix cross-site scripting vulnerability
2007-05-15 22:22:07
[SECURITY] [DSA 1426-1] New qt-x11-free packages fix several vulnerabilities
2007-12-08 11:54:32
slackware
slackware
[slackware-security] qt
2007-04-03 23:23:35
osv
osv
qt-x11-free - several vulnerabilities
2007-12-08 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.027 Low

EPSS

Percentile

90.4%

JSON
Related for CESA-2007:0883
nessus32oraclelinux3openvas38redhat3centos3fedora2prion2ubuntucve2veracode2debiancve2ubuntu2securityvulns3gentoo1cve2debian3slackware1osv1