Test Kennung:	1.3.6.1.4.1.25623.1.0.70294
Kategorie:	Red Hat Local Security Checks
Titel:	RedHat Security Advisory RHSA-2011:1324
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory RHSA-2011:1324. Qt 4 is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A flaw in the way Qt 4 expanded certain UTF-8 characters could be used to prevent a Qt 4 based application from properly sanitizing user input. Depending on the application, this could allow an attacker to perform directory traversal, or for web applications, a cross-site scripting (XSS) attack. (CVE-2007-0242) A buffer overflow flaw was found in the harfbuzz module in Qt 4. If a user loaded a specially-crafted font file with an application linked against Qt 4, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3193) Users of Qt 4 should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against Qt 4 libraries must be restarted for this update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2011-1324.html Risk factor : Medium
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2007-0242 BugTraq ID: 23269 http://www.securityfocus.com/bid/23269 Debian Security Information: DSA-1292 (Google Search) http://www.debian.org/security/2007/dsa-1292 http://fedoranews.org/updates/FEDORA-2007-703.shtml http://www.mandriva.com/security/advisories?name=MDKSA-2007:074 http://www.mandriva.com/security/advisories?name=MDKSA-2007:075 http://www.mandriva.com/security/advisories?name=MDKSA-2007:076 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11510 http://www.redhat.com/support/errata/RHSA-2007-0883.html http://www.redhat.com/support/errata/RHSA-2007-0909.html RedHat Security Advisories: RHSA-2011:1324 http://rhn.redhat.com/errata/RHSA-2011-1324.html http://secunia.com/advisories/24699 http://secunia.com/advisories/24705 http://secunia.com/advisories/24726 http://secunia.com/advisories/24727 http://secunia.com/advisories/24759 http://secunia.com/advisories/24797 http://secunia.com/advisories/24847 http://secunia.com/advisories/24889 http://secunia.com/advisories/25263 http://secunia.com/advisories/26804 http://secunia.com/advisories/26857 http://secunia.com/advisories/27108 http://secunia.com/advisories/27275 http://secunia.com/advisories/46117 SGI Security Advisory: 20070901-01-P ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.348591 SuSE Security Announcement: SUSE-SR:2007:006 (Google Search) http://www.novell.com/linux/security/advisories/2007_6_sr.html http://www.ubuntu.com/usn/usn-452-1 http://www.vupen.com/english/advisories/2007/1212 XForce ISS Database: qt-utf8-xss(33397) https://exchange.xforce.ibmcloud.com/vulnerabilities/33397 Common Vulnerability Exposure (CVE) ID: CVE-2011-3193 BugTraq ID: 49723 http://www.securityfocus.com/bid/49723 http://cgit.freedesktop.org/harfbuzz/commit/src/harfbuzz-gpos.c?id=da2c52abcd75d46929b34cad55c4fb2c8892bc08 http://git.gnome.org/browse/pango/commit/pango/opentype/harfbuzz-gpos.c?id=a7a715480db66148b1f487528887508a7991dcd0 http://www.openwall.com/lists/oss-security/2011/08/22/6 http://www.openwall.com/lists/oss-security/2011/08/24/8 http://www.openwall.com/lists/oss-security/2011/08/25/1 http://www.osvdb.org/75652 RedHat Security Advisories: RHSA-2011:1323 http://rhn.redhat.com/errata/RHSA-2011-1323.html RedHat Security Advisories: RHSA-2011:1325 http://rhn.redhat.com/errata/RHSA-2011-1325.html RedHat Security Advisories: RHSA-2011:1326 http://rhn.redhat.com/errata/RHSA-2011-1326.html RedHat Security Advisories: RHSA-2011:1327 http://rhn.redhat.com/errata/RHSA-2011-1327.html RedHat Security Advisories: RHSA-2011:1328 http://rhn.redhat.com/errata/RHSA-2011-1328.html http://secunia.com/advisories/41537 http://secunia.com/advisories/46118 http://secunia.com/advisories/46119 http://secunia.com/advisories/46128 http://secunia.com/advisories/46371 http://secunia.com/advisories/46410 http://secunia.com/advisories/49895 SuSE Security Announcement: SUSE-SU-2011:1113 (Google Search) https://hermes.opensuse.org/messages/12056605 SuSE Security Announcement: openSUSE-SU-2011:1119 (Google Search) http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html SuSE Security Announcement: openSUSE-SU-2011:1120 (Google Search) http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html http://www.ubuntu.com/usn/USN-1504-1 XForce ISS Database: pango-harfbuzz-bo(69991) https://exchange.xforce.ibmcloud.com/vulnerabilities/69991
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.