An integer overflow flaw was found in the way Qt handled certain pixmap images. If an application linked against Qt created a pixmap image in a certain way, it could lead to a denial of service or possibly allow the execution of arbitrary code. (CVE-2006-4811) Both FC3 and FC4 need updates.
RH announcement: http://rhn.redhat.com/errata/RHSA-2006-0725.html RH also released updates for kdelibs referring to the same CVE. See http://rhn.redhat.com/errata/RHSA-2006-0720.html Should we do the same, and if so, I suppose we'll need to open a separate bug report.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've created updated packages for FC3 and FC4 using the patch from EL4. FC3: http://www.cs.ucsb.edu/~jeff/legacy/qt-3.3.4-0.fc3.1.legacy.src.rpm 9da12e4a0defc57deee318ec039f66b0635b245f qt-3.3.4-0.fc3.1.legacy.src.rpm FC4: http://www.cs.ucsb.edu/~jeff/legacy/qt-3.3.4-15.5.1.legacy.src.rpm 6eabcf6feb724b549d3b529e62c2fd0997ea5159 qt-3.3.4-15.5.1.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iD8DBQFFUKx4Ke7MLJjUbNMRAknyAKCK6b3gCgqF1Lfq6MQ5Oibwbt0CQACeLTZd ZpOBfSCLtzm4wj2foLQiGx8= =Dktq -----END PGP SIGNATURE-----
(In reply to comment #1) > RH also released updates for kdelibs referring to the same CVE. See > http://rhn.redhat.com/errata/RHSA-2006-0720.html Should we do the same, and if > so, I suppose we'll need to open a separate bug report? Yes and yes. :)
Thanks for submitting the packages, Jeff.