[SECURITY] [DLA 210-1] qt4-x11 security update

2015-04-3011:59:25

lists.debian.org

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.033 Low

EPSS

Percentile

91.2%

JSON

Package : qt4-x11
Version : 4:4.6.3-4+squeeze3
CVE ID : CVE-2013-0254 CVE-2015-0295 CVE-2015-1858 CVE-2015-1859
CVE-2015-1860
Debian Bug : 779550 783133

This update fixes multiple security issues in the Qt library.

CVE-2013-0254

The QSharedMemory class uses weak permissions (world-readable and
world-writable) for shared memory segments, which allows local users
to read sensitive information or modify critical program data, as
demonstrated by reading a pixmap being sent to an X server.

CVE-2015-0295 / CVE-2015-1858 / CVE-2015-1859 / CVE-2015-1860

Denial of service (via segmentation faults) through crafted
images (BMP, GIF, ICO).

–
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
Attachment:
signature.asc
Description: Digital signature

OSVersionArchitecturePackageVersionFilename
Debian8s390xqtbase5-dbg< 5.3.2+dfsg-4+deb8u1qtbase5-dbg_5.3.2+dfsg-4+deb8u1_s390x.deb
Debian8s390xlibqtdbus4< 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1libqtdbus4_4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1_s390x.deb
Debian8s390xlibqt4-sql-mysql< 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1libqt4-sql-mysql_4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1_s390x.deb
Debian8ppc64ellibqt5test5< 5.3.2+dfsg-4+deb8u1libqt5test5_5.3.2+dfsg-4+deb8u1_ppc64el.deb
Debian8i386libqt4-core< 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1libqt4-core_4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1_i386.deb
Debian8arm64libqt4-declarative< 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1libqt4-declarative_4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1_arm64.deb
Debian8armhflibqt5xml5< 5.3.2+dfsg-4+deb8u1libqt5xml5_5.3.2+dfsg-4+deb8u1_armhf.deb
Debian8arm64libqt4-xml< 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1libqt4-xml_4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1_arm64.deb
Debian8allqt4-doc-html< 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1qt4-doc-html_4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1_all.deb
Debian8allqt4-doc< 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1qt4-doc_4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	s390x	qtbase5-dbg	< 5.3.2+dfsg-4+deb8u1	qtbase5-dbg_5.3.2+dfsg-4+deb8u1_s390x.deb
Debian	8	s390x	libqtdbus4	< 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1	libqtdbus4_4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1_s390x.deb
Debian	8	s390x	libqt4-sql-mysql	< 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1	libqt4-sql-mysql_4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1_s390x.deb
Debian	8	ppc64el	libqt5test5	< 5.3.2+dfsg-4+deb8u1	libqt5test5_5.3.2+dfsg-4+deb8u1_ppc64el.deb
Debian	8	i386	libqt4-core	< 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1	libqt4-core_4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1_i386.deb
Debian	8	arm64	libqt4-declarative	< 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1	libqt4-declarative_4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1_arm64.deb
Debian	8	armhf	libqt5xml5	< 5.3.2+dfsg-4+deb8u1	libqt5xml5_5.3.2+dfsg-4+deb8u1_armhf.deb
Debian	8	arm64	libqt4-xml	< 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1	libqt4-xml_4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1_arm64.deb
Debian	8	all	qt4-doc-html	< 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1	qt4-doc-html_4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1_all.deb
Debian	8	all	qt4-doc	< 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1	qt4-doc_4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1_all.deb