Malware Devil

Loading...

Tuesday, September 29, 2020

ESB-2020.3339 – [Debian] qtbase-opensource-src: Denial of service – Remote/unauthenticated 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3339
                   qtbase-opensource-src security update
                             29 September 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           qtbase-opensource-src
Publisher:         Debian
Operating System:  Debian GNU/Linux 9
Impact/Access:     Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-17507 CVE-2018-19872 

Reference:         ESB-2020.1509
                   ESB-2020.0473
                   ESB-2019.1247

Original Bulletin: 
   https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2376-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
September 21, 2020                            https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------

Package        : qtbase-opensource-src
Version        : 5.7.1+dfsg-3+deb9u3
CVE ID         : CVE-2018-19872 CVE-2020-17507
Debian Bug     : 968444

Several vulnerabilities were fixed in the Qt toolkit.

CVE-2018-19872

    A malformed PPM image causes a crash.

CVE-2020-17507

    Buffer over-read in the XBM parser.

For Debian 9 stretch, these problems have been fixed in version
5.7.1+dfsg-3+deb9u3.

We recommend that you upgrade your qtbase-opensource-src packages.

For the detailed security status of qtbase-opensource-src please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/qtbase-opensource-src

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl9xifwACgkQiNJCh6LY
mLHjqQ//Yw57PcZCXFppNUunjWufa4aiYUDGAwKY2TFknhkobY4APaKO3X3KV5E7
M3rsS82MSzLmf0qNYHuS+7o/6XFGK20zhx/pc8Y4Hy/yIQfEAm+8ac/m6+zFFq0m
V9C+HIt51DWSutMvmnZ3EObOTm4NUjJAcSXKUNx0Zod7nhSEmBAlUy22IqwqCUoj
+d4HRnA1DcV8Rk5WJpuM7Pv4X+Llc1PjeG8pw3w8yQijIBwY8NHEDjOnh7h0La1P
PsiyMIoMsSr9EM2Pu6bPqTdhDOtLH0eE+L7g+stg3EgflFC56qi/Q/9Ji/vxVwIR
WIplL32Rl5AF9Axp+LkL4We5QpTapW+JU+qbnNYdblr7NPPM5a6bQXr86sokHypk
Us8btDZq/ZkwCZM5a90QZUPy3fc2bdOFNnZMU+Hpq2dEnbFm0WEbIMOhnenLS+9H
ubtyRLkUkXfOvezjqx4V2CfHKHWc/FXUdF3amLE/PzLdmA9YI6zUVNHdVh+MqU6T
GhKRERupSRywYP2ayxqM/sNlcnI8IODc8JG7PdRBrBqhTWHlm+Ik5BvE1oQCWLXE
BPofZSR09VmoV7V6ptjFJmGPYWj5eBz/qLQtCIiihy/HIppruTz5nt2a8eOvS6k4
JR/EW+szcpEHG4CQdoaWo9Y5JHRXfpvly4b950NwA5rhJw+q2W0=
=9YVf
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX3KXQuNLKJtyKPYoAQjQdRAAomM9tRzAJwDB+YSvPuMFwG2niGIdH5vP
6lL8YESxUGniCfTg5nLvuE6c6h0U6Y0JTbe7pe0wx3oAzC6yQIynGH5GoqC4jnEL
yT9jS6ekLfAobKYd9wSknvIgZO63OMGaOYMXXczVFSCRhCQoM+2UckyHa3bTQLSf
2Hd48Fcsevxj1KpRiCrAXaO/lOTfTNbggqXeofZ46+udpwGSPTBOfYttdZLwOyAo
IWGKmLvrRlRXuMLr/wndJCa902cZsl6t2vwA7GFxKbzauxacCGTe3Tw9EbQEmgL3
Agb36GT812ljaMHtjUpeM32h2mI82z2CTwbx3ZOK1703qVv/cr82w/4/1NFsnLIA
pCZG6YQxYyXBjD/5bQNJsPSQaB4fx5YuuIo9tHFRm//bYx2il3L1HktJqdWk1vX6
zU/kfWrRMmENACIS7VKhfpUbvW3LVhlFPmF7EDkP8gLJ7NV4owXWXxpURK380QXl
gBURL5lxPGWwCC/PcgUyRSfghQ32aFf5TfWJI1dTM4tuBL6bN7VuEA3QSpPknMgK
2AVXvcjmnh7GuzTt40KfX82r+uCOv0Hl3mWV+92wCWZimQpzRV9mrWQ+A5qEtrgo
04U0kyLoZmydEqumdOZuONgoCUEasuwq2OGAlqCTc/m23hCTcTPfsZiaAX8HzaqN
DnkRv8q2NHk=
=Rs2y
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.3339 – [Debian] qtbase-opensource-src: Denial of service – Remote/unauthenticated appeared first on Malware Devil.



https://malwaredevil.com/2020/09/29/esb-2020-3339-debian-qtbase-opensource-src-denial-of-service-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3339-debian-qtbase-opensource-src-denial-of-service-remote-unauthenticated
at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Barbary Pirates and Russian Cybercrime

In 1801, the United States had a small Navy. Thomas Jefferson deployed almost half that Navy—three frigates and a schooner—to the Barbary C...