Lucene search

K

GoogleOSV:DSA-1426-1

HistoryDec 08, 2007 - 12:00 a.m.

qt-x11-free - several vulnerabilities

2007-12-0800:00:00

Google

osv.dev

10

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

Several local/remote vulnerabilities have been discovered in the Qt GUI
library. The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2007-3388
Tim Brown and Dirk MĂźller discovered several format string
vulnerabilities in the handling of error messages, which might lead
to the execution of arbitrary code.
CVE-2007-4137
Dirk MĂźller discovered an off-by-one buffer overflow in the Unicode
handling, which might lead to the execution of arbitrary code.

For the old stable distribution (sarge), these problems have been fixed
in version 3:3.3.4-3sarge3. Packages for m68k will be provided later.

For the stable distribution (etch), these problems have been fixed in
version 3:3.3.7-4etch1.

For the unstable distribution (sid), these problems have been fixed in
version 3:3.3.7-8.

We recommend that you upgrade your qt-x11-free packages.

CPENameOperatorVersion
qt-x11-freeeq3:3.3.7-4

References

www.debian.org/security/2007/dsa-1426

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

Related for OSV:DSA-1426-1

nessus23 openvas27 debian1 fedora2 prion2 ubuntucve2 cvelist2 securityvulns5 cve2 veracode2 ubuntu2 debiancve2 gentoo2 suse1 oraclelinux2 centos3 redhat2 slackware1 altlinux1