New Qt packages are available for Slack/390 9.0, 9.1, and -current to fix security issues. Bugs in the routines that handle PNG, BMP, GIF, and JPEG images may allow an attacker to cause unauthorized code to execute when a specially crafted image file is processed. These flaws may also cause crashes that lead to a denial of service.
More details about these issues may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0691 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0693 Here are the details from the Slack/390 -current ChangeLog: +--------------------------+ Tue Aug 24 17:01:29 EDT 2004 patches/packages/qt-3.3.3-s390-1.tgz: Upgraded to qt-3.3.3. This fixes bugs in the image loading routines which could be used by an attacker to run unauthorized code or create a denial-of-service. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0691 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0693 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Updated package for Slack/390 9.0: ftp://ftp.ibiblio.org/pub/linux/distributions/slack390/slack390-9.0/slackwar e/kde/qt-3.1.2-s390-2.tgz Updated package for Slack/390 9.1: ftp://ftp.ibiblio.org/pub/linux/distributions/slack390/slack390-9.1/patches/ packages/qt-3.2.1-s390-2.tgz Updated package for Slack/390 -current: ftp://ftp.ibiblio.org/pub/linux/distributions/slack390/slack390-current/patc hes/packages/qt-3.3.3-s390-1.tgz MD5 signatures: +-------------+ Slack/390 9.0 package: 0002e68fab0454cdc659e426ec2d1cd0 qt-3.1.2-s390-2.tgz Slack/390 9.1 package: 9909d6b2641f3a2f85ebe6436fccd210 qt-3.2.1-s390-2.tgz Slack/390 -current package: c8a3c5f74979115a64949f7b8a8d1b9a qt-3.3.3-s390-1.tgz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg qt-3.3.3-s390-1.tgz +-----+ Mark Post ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
