Mageia alert MGASA-2015-0198 (qt3, qt4, and qtbase5)

From:
    	     
 
Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	     
 
updates-announce@ml.mageia.org 
Subject:
    	     
 
[updates-announce] MGASA-2015-0198: Updated qt3 qt4 & qtbase5 packages fix security vulnerabilities 
Date:
    	     
 
Wed, 6 May 2015 18:44:33 +0200
Message-ID:
    	     
 
<20150506164433.EBE8B41DFC@valstar.mageia.org>
MGASA-2015-0198 - Updated qt3 qt4 & qtbase5 packages fix security vulnerabilities

Publication date: 06 May 2015
URL: http://advisories.mageia.org/MGASA-2015-0198.html
Type: security
Affected Mageia releases: 4
CVE: CVE-2015-1858,
     CVE-2015-1859,
     CVE-2015-1860

Description:
Updated qt3, qt4, and qtbase5 packages fix security vulnerabilities:

It is possible to construct invalid BMP (CVE-2015-1858), ICO (CVE-2015-1859)
and GIF (CVE-2015-1860) images that lead to buffer overflows.

Qt3 is only vulnerable to the CVE-2015-1860 issue with GIF images.

References:
- https://bugs.mageia.org/show_bug.cgi?id=15750
- https://lists.fedoraproject.org/pipermail/package-announc...
- https://lists.fedoraproject.org/pipermail/package-announc...
- http://lists.qt-project.org/pipermail/announce/2015-April...
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1858
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1859
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1860

SRPMS:
- 4/core/qt3-3.3.8b-33.4.mga4
- 4/core/qt4-4.8.6-1.3.mga4
- 4/core/qtbase5-5.2.0-2.5.mga4