Bug 152763

Summary: CAN-2004-0691/2/3 qt image buffer overflows
Product: [Retired] Fedora Legacy Reporter: Marc Deslauriers <marc.deslauriers>
Component: qtAssignee: Fedora Legacy Bugs <bugs>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: botsch, mschout, pekkas
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://rhn.redhat.com/errata/RHSA-2004-414.html
Whiteboard: LEGACY, QA, rh73, rh90
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-05-13 00:56:08 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description David Lawrence 2005-03-30 23:26:36 UTC 
Version of qt prior to 3.3.3 contain buffer overflows in the BMP,
GIF, XPM, and JPEG decoders.

http://rhn.redhat.com/errata/RHSA-2004-414.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0691
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0693
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=130375
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=129502
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=128720



------- Additional Comments From dwb7.edu 2004-08-30 10:02:57 ----

first attempt at applying the patch from AS3:

patch --dry-run -p0 < qt-x11-free-3.1.2-sec.patch
patching file qt-x11-free-3.0.5/src/kernel/qimage.cpp
Hunk #1 succeeded at 682 (offset -38 lines).
Hunk #2 succeeded at 4741 (offset -10 lines).
Hunk #3 succeeded at 4731 (offset -38 lines).
Hunk #4 succeeded at 4781 (offset -10 lines).
Hunk #5 succeeded at 5522 (offset -38 lines).
Hunk #6 succeeded at 5607 (offset -10 lines).
Hunk #7 succeeded at 5596 (offset -38 lines).
patching file qt-x11-free-3.0.5/src/kernel/qjpegio.cpp
Hunk #1 FAILED at 254.
Hunk #2 FAILED at 299.
Hunk #3 succeeded at 377 with fuzz 2 (offset -107 lines).
2 out of 3 hunks FAILED -- saving rejects to file
qt-x11-free-3.0.5/src/kernel/qjpegio.cpp.rej
patching file qt-x11-free-3.0.5/src/kernel/qasyncimageio.cpp
Hunk #2 FAILED at 1107.
1 out of 2 hunks FAILED -- saving rejects to file
qt-x11-free-3.0.5/src/kernel/qasyncimageio.cpp.rej




------- Additional Comments From dwb7.edu 2004-08-30 11:39:02 ----

Created an attachment (id=820)
Patch backported from AS3




------- Additional Comments From dwb7.edu 2004-08-30 11:40:02 ----

My patch in comment #2 needs to be sanity checked. The patch is for RH7.3



------- Additional Comments From marcdeslauriers 2004-09-08 17:17:16 ----

Dave, I just checked out your patch from comment 2.

It looks good, so I am building rpms now for 7.3 and 9. They will be uploaded
shortly.



------- Additional Comments From marcdeslauriers 2004-09-09 12:13:57 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here are updated qt packages to QA for 7.3 and 9:

Changelog:
* Thu Sep 09 2004 Marc Deslauriers <marcdeslauriers> 2.3.1-4.legacy 
- - Added security patch for CAN-2004-0691/0692/0693

7.3:
f48b7e020ea476d2cc17db84f01d8b8ca8fb7201  qt2-2.3.1-4.legacy.i386.rpm
d3799f3950e88e152891c0eb638f73759c3bb607  qt2-2.3.1-4.legacy.src.rpm
939c6d8366e551654c3acfe3a2b26e787daf2771  qt2-designer-2.3.1-4.legacy.i386.rpm
b17eba8b780344aaae3bd7c851bc08a20066bfdf  qt2-devel-2.3.1-4.legacy.i386.rpm
39959aa4861b1b541f2936cb79bfaa368111eb87  qt2-static-2.3.1-4.legacy.i386.rpm
c1a4a7ff2c0165392ee4addc143bb0ce618638ff  qt2-Xt-2.3.1-4.legacy.i386.rpm
62e61d04d1efd87d09ff1f90c01d24899695339f  qt-3.0.5-7.15.legacy.i386.rpm
fdbaa521c7950fcf8472a9fac94e32d6b9deb60c  qt-3.0.5-7.15.legacy.src.rpm
785ddc13d09478718eec8e91d5a884f960d33ade  qt-designer-3.0.5-7.15.legacy.i386.rpm
f160cb228d433827b14588908228360a9e180bce  qt-devel-3.0.5-7.15.legacy.i386.rpm
5c63be7b568762900c4216fa5cc4c9d6e405e7c4  qt-MySQL-3.0.5-7.15.legacy.i386.rpm
3fb2c150ea0181d5d7d6f5abe8c347bab7b15a65  qt-ODBC-3.0.5-7.15.legacy.i386.rpm
9a61a467afd8838f00167fc8a2628d2e4408ead6  qt-PostgreSQL-3.0.5-7.15.legacy.i386.rpm
6d302faab0f24fbc641c2519d702ac821320d170  qt-static-3.0.5-7.15.legacy.i386.rpm
4a74afbd73948455a66df092463c3e38b3e9593b  qt-Xt-3.0.5-7.15.legacy.i386.rpm

9:
6c4dc0bd3a6f94abb352282abb5d65386812f645  qt2-2.3.1-14.legacy.i386.rpm
c5f0ee9ce68a5177e0525828d5ec4cb2657c49e9  qt2-2.3.1-14.legacy.src.rpm
9c6c188aa956a6e6798161de1308801e361ecda5  qt2-designer-2.3.1-14.legacy.i386.rpm
c6f169bfa78f501d7fa2e06efc6193919a75e1b5  qt2-devel-2.3.1-14.legacy.i386.rpm
7e0f04025c48842057dcd700349cfd88438ecb9e  qt2-static-2.3.1-14.legacy.i386.rpm
ef8076a2e3532e38cf58b82fe4491a737a7686ce  qt2-Xt-2.3.1-14.legacy.i386.rpm
f445c7bebf9500f4f61bd48e01b0a2a3c3f42d39  qt-3.1.1-7.legacy.i386.rpm
825c0e5f7afa645773d2f000c633b1ed233b71b0  qt-3.1.1-7.legacy.src.rpm
cf4d9423b801639a6c358afc99dedfa0309149d9  qt-designer-3.1.1-7.legacy.i386.rpm
adfdd8ed8f76e80a701e96f5ed842c6e64e91b96  qt-devel-3.1.1-7.legacy.i386.rpm
b11b14da647de52ecc404f0675e5bde327af19e3  qt-MySQL-3.1.1-7.legacy.i386.rpm
7804f3d180070f56517e484d836076cfc4d31148  qt-ODBC-3.1.1-7.legacy.i386.rpm
b809c2307f63ebe4794e91499130643ab500a89d  qt-PostgreSQL-3.1.1-7.legacy.i386.rpm
80d68b8c06f92097e8adb95491d51532b946cdb9  qt-Xt-3.1.1-7.legacy.i386.rpm

7.3 downloads:
http://www.infostrategique.com/linuxrpms/legacy/7.3/

9 downloads:
http://www.infostrategique.com/linuxrpms/legacy/9/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBQNWzLMAs/0C4zNoRAiUmAJ9342GyfVQGtcr/JGf7LoXmREwXmgCeLjY9
JoaoN4XhhjyOZiVcrRhgT8U=
=StAE
-----END PGP SIGNATURE-----




------- Additional Comments From ckelley 2004-10-21 10:54:04 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
fdbaa521c7950fcf8472a9fac94e32d6b9deb60c  qt-3.0.5-7.15.legacy.src.rpm
 
 - source builds fine
 - matches qt-3.0.5-7.14 from redhat-updates
 - KDE / Konqueror work just fine after installing
 - designer/designer3 work fine
 - patch looks good
 
PUBLISH
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
 
iD8DBQFBeCHXyQ+yTHz+jJkRAoZJAKC53AYq3ldc7VyhHEbllSN0+gnS8ACgta2l
jmwuE/xHuafX0uUkb4PrPl4=
=dcKl
-----END PGP SIGNATURE-----




------- Additional Comments From pekkas 2004-12-21 04:07:57 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
As RHL73 appears to be done already, here's for RHL9:
 - original sources OK
 - patch verified to be identical to RHEL3
 - spec file changes minimal
 - patch applies
 - complete compilation or installation not tested
 
825c0e5f7afa645773d2f000c633b1ed233b71b0  qt-3.1.1-7.legacy.src.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
 
iD8DBQFByC4mGHbTkzxSL7QRAjyGAJoDQvh+xn9H36lhqyMQWaVYU4fGaQCgrc6g
AMVdQxmuGZwMLdEq8f3m2pw=
=RLcx
-----END PGP SIGNATURE-----




------- Additional Comments From deisenst 2005-02-18 14:33:00 ----

Pushed to updates-testing.



------- Additional Comments From pekkas 2005-02-21 23:56:43 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
QA for RHL9:
 - GPG signatures OK
 - installs nicely
 - a couple of applications (kdeartwork, kdegames through kdelibs)
   seem to work nicely
 
+VERIFY RHL9
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
 
iD8DBQFCGwGiGHbTkzxSL7QRAtZbAKCiK0RiLu751AXe6hx46y5ophNMugCeLnMF
ttAqavIyXaQR36LpxkT9mFQ=
=A9IV
-----END PGP SIGNATURE-----




------- Bug moved to this database by dkl 2005-03-30 18:26 -------

This bug previously known as bug 2002 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=2002
Originally filed under the Fedora Legacy product and Package request component.

Attachments:
Patch backported from AS3
https://bugzilla.fedora.us/attachment.cgi?action=view&id=820

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Unknown severity major. Setting to default severity "normal".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.
Comment 1 mschout 2005-05-10 20:26:34 UTC 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

7.3 Verify:

sha1:
45de88207a2ed8fcc9f6b9e25e38b7ecd2c3c543  qt-3.0.5-7.16.legacy.i386.rpm
f93cc80d6ef57b73c6be11cd055e5f7158b102fa  qt-designer-3.0.5-7.16.legacy.i386.rpm
b8301c059ecb90c497812f082e226cb504505ff2  qt-devel-3.0.5-7.16.legacy.i386.rpm
31dd5bcfd8477e31b15e0cdc52830a23024ada53  qt2-2.3.1-4.legacy.i386.rpm
9c9876dc717734169f27e0eaa4daeb2ab70ff61f  qt2-Xt-2.3.1-4.legacy.i386.rpm

signatures:
qt2-2.3.1-4.legacy.i386.rpm: md5 gpg OK
qt2-Xt-2.3.1-4.legacy.i386.rpm: md5 gpg OK
qt-3.0.5-7.16.legacy.i386.rpm: md5 gpg OK
qt-designer-3.0.5-7.16.legacy.i386.rpm: md5 gpg OK
qt-devel-3.0.5-7.16.legacy.i386.rpm: md5 gpg OK

packages installed without any warnings or errors

I have been using these packages for about 1 month on one 7.3 workstation using
KDE as my primary desktop.  I have not noticed any problems.

+VERIFY RHL7.3
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (FreeBSD)

iD8DBQFCgRiX+CqvSzp9LOwRAiCnAKCwWP/La44ARbCXodMuC1zKLemwHgCfX18u
a0j1EFaZxOUBCqB8o0vdybA=
=xuK9
-----END PGP SIGNATURE-----
Comment 2 Marc Deslauriers 2005-05-13 00:56:08 UTC 
Released to updates