Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.870682
Category:Red Hat Local Security Checks
Title:RedHat Update for qt RHSA-2011:1323-01
Summary:The remote host is missing an update for the 'qt'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'qt'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Qt is a software toolkit that simplifies the task of writing and
maintaining GUI (Graphical User Interface) applications for the X Window
System. HarfBuzz is an OpenType text shaping engine.

A buffer overflow flaw was found in the harfbuzz module in Qt. If a user
loaded a specially-crafted font file with an application linked against Qt,
it could cause the application to crash or, possibly, execute arbitrary
code with the privileges of the user running the application.
(CVE-2011-3193)

A buffer overflow flaw was found in the way Qt handled certain gray-scale
image files. If a user loaded a specially-crafted gray-scale image file
with an application linked against Qt, it could cause the application to
crash or, possibly, execute arbitrary code with the privileges of the user
running the application. (CVE-2011-3194)

Users of Qt should upgrade to these updated packages, which contain
backported patches to correct these issues. All running applications linked
against Qt libraries must be restarted for this update to take effect.

Affected Software/OS:
qt on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-3193
BugTraq ID: 49723
http://www.securityfocus.com/bid/49723
http://cgit.freedesktop.org/harfbuzz/commit/src/harfbuzz-gpos.c?id=da2c52abcd75d46929b34cad55c4fb2c8892bc08
http://git.gnome.org/browse/pango/commit/pango/opentype/harfbuzz-gpos.c?id=a7a715480db66148b1f487528887508a7991dcd0
http://www.openwall.com/lists/oss-security/2011/08/22/6
http://www.openwall.com/lists/oss-security/2011/08/24/8
http://www.openwall.com/lists/oss-security/2011/08/25/1
http://www.osvdb.org/75652
RedHat Security Advisories: RHSA-2011:1323
http://rhn.redhat.com/errata/RHSA-2011-1323.html
RedHat Security Advisories: RHSA-2011:1324
http://rhn.redhat.com/errata/RHSA-2011-1324.html
RedHat Security Advisories: RHSA-2011:1325
http://rhn.redhat.com/errata/RHSA-2011-1325.html
RedHat Security Advisories: RHSA-2011:1326
http://rhn.redhat.com/errata/RHSA-2011-1326.html
RedHat Security Advisories: RHSA-2011:1327
http://rhn.redhat.com/errata/RHSA-2011-1327.html
RedHat Security Advisories: RHSA-2011:1328
http://rhn.redhat.com/errata/RHSA-2011-1328.html
http://secunia.com/advisories/41537
http://secunia.com/advisories/46117
http://secunia.com/advisories/46118
http://secunia.com/advisories/46119
http://secunia.com/advisories/46128
http://secunia.com/advisories/46371
http://secunia.com/advisories/46410
http://secunia.com/advisories/49895
SuSE Security Announcement: SUSE-SU-2011:1113 (Google Search)
https://hermes.opensuse.org/messages/12056605
SuSE Security Announcement: openSUSE-SU-2011:1119 (Google Search)
http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html
SuSE Security Announcement: openSUSE-SU-2011:1120 (Google Search)
http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html
http://www.ubuntu.com/usn/USN-1504-1
XForce ISS Database: pango-harfbuzz-bo(69991)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69991
Common Vulnerability Exposure (CVE) ID: CVE-2011-3194
BugTraq ID: 49724
http://www.securityfocus.com/bid/49724
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066209.html
http://security.gentoo.org/glsa/glsa-201206-02.xml
https://bugzilla.novell.com/show_bug.cgi?id=637275
http://www.osvdb.org/75653
http://secunia.com/advisories/46140
http://secunia.com/advisories/46187
http://secunia.com/advisories/49383
XForce ISS Database: qt-grayscale-bo(69975)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69975
CopyrightCopyright (c) 2012 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.