-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2007-51 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp -------------------------------------------------------------------------- Original released date: 15 Oct 2007 Last revised: 15 Oct 2007 Package: qt3 Summary: Multiple format string vulnerabilities More information: Qt is a complete and well-designed multi-platform object-oriented framework for developing graphical user interface (GUI) applications using C++. Remote attackers to execute arbitrary code via format string specifiers in text used to compose an error message. Impact: These vulnerabilities may allow remote attackers to execute arbitrary code . Affected Products: - wizpy - Turbolinux FUJI - Turbolinux 10 Server x64 Edition - Turbolinux 10 Server - Turbolinux Home - Turbolinux 10 F... - Turbolinux 10 Desktop - Turbolinux Multimedia - Turbolinux Personal Source Packages Size: MD5 qt3-3.3.4-17.src.rpm 14669346 ddebe970cacc32afab785d267ab2403c Binary Packages Size: MD5 qt3-3.3.4-17.i386.rpm 5484453 983f20fbce3b80a40cbd6340ceb62e3a Source Packages Size: MD5 qt3-3.3.4-17.src.rpm 14669346 cbe5a35b4aa22b06f0b8817862443d32 Binary Packages Size: MD5 qt3-3.3.4-17.i686.rpm 6467181 0388a33fd26cb5c85e8f54eee88bc823 qt3-devel-3.3.4-17.i686.rpm 3730896 f6e22573ce444827367564a6db04282a qt3-doc-3.3.4-17.i686.rpm 8072628 174aca0a75390eb2747ec21a75d87b25 qt3-examples-3.3.4-17.i686.rpm 4005990 a8914d510bede1ce79dcebc8be717e94 qt3-sql-ODBC-3.3.4-17.i686.rpm 51433 7dae79ee0378df8face0f1c7c7d2f844 qt3-sql-MySQL-3.3.4-17.i686.rpm 32498 cbc85ed7df80cdb5b9b45695217251ae qt3-sql-postgresql-3.3.4-17.i686.rpm 40144 289504f51cf7ea45e360ce078a13efa7 qt3-tools-3.3.4-17.i686.rpm 2120682 e5e93bc5689340dac806fde7eda6fed6 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/qt3-3.2.3-18.src.rpm 14032474 64a63e1b52a4ed36dfed4c32db7f2384 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/qt3-3.2.3-18.x86_64.rpm 5805315 3098d0134a622d0fec0eeb002369c360 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/qt3-devel-3.2.3-18.x86_64.rpm 3088189 2b0424447fbde1e59eb12fb09edff3fd ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/qt3-tools-3.2.3-18.x86_64.rpm 2048360 93ba7098f267ece9e2a98f0448f1f20b Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/qt3-3.2.3-18.src.rpm 14032474 7b0d0862485b38cb69059559ff3457a6 Binary Packages Size: MD5 qt3-3.2.3-18.i586.rpm 5482313 edea39c910925faa1a64e76eaf164ea9 qt3-devel-3.2.3-18.i586.rpm 3022405 758cc01512a2b49cae16f657c0706aae qt3-tools-3.2.3-18.i586.rpm 1966476 222e5910394e7a917d830c145a2b092b Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/qt3-3.2.3-18.src.rpm 14109409 147c53bfd0ac4087f23382c476a45c00 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/qt3-3.2.3-18.i586.rpm 5452603 b691bd185be48de26b9d2f8d52089954 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/qt3-devel-3.2.3-18.i586.rpm 3017666 3d48d8db8e7c3d173391ddbfcc7ed345 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/qt3-tools-3.2.3-18.i586.rpm 1957141 dc215210a7826b7431e4eff598a242dc References: CVE [CVE-2007-3388] http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3388 [CVE-2007-4137] http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4137 -------------------------------------------------------------------------- Revision History 15 Oct 2007 Initial release -------------------------------------------------------------------------- Copyright(C) 2007 Turbolinux, Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHE0lhK0LzjOqIJMwRAqTOAJ9N5guAF1rA5EMYVmieRoTC2iCghwCeNOV0 dkG5/nyO06TM09Z0cKJElEs= =JfNx -----END PGP SIGNATURE-----