-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.3773
qtsvg-opensource-src security update
2 November 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: qtsvg-opensource-src
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Denial of Service -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2018-19869
Reference: ESB-2020.1509
ESB-2019.1700
Original Bulletin:
https://lists.debian.org/debian-lts-announce/2020/10/msg00035.html
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2422-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
October 31, 2020 https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------
Package : qtsvg-opensource-src
Version : 5.7.1~20161021-2.1
CVE ID : CVE-2018-19869
Debian Bug :
Malformed SVG images were able to cause a segmentation fault
in qtsvg-opensource-src, the QtSvg module for displaying the
contents of SVG files in Qt.
For Debian 9 stretch, this problem has been fixed in version
5.7.1~20161021-2.1.
We recommend that you upgrade your qtsvg-opensource-src packages.
For the detailed security status of qtsvg-opensource-src please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/qtsvg-opensource-src
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl+dxcsACgkQiNJCh6LY
mLG5chAAhttxchFhyPpQZaAnamgdSsXwNgfpMWQG0nz/YBuOiOceo24PpJImrMLq
j6r507IcfqZeX28AtwuiMSMoW1hUvW53BCK5C7GArJXe2iHtDKeb36S8uf4+kskR
12rj3yHnkAFmc+4JadaYyosxwxj1ciCHtikAcNrCbC4jbKS2txotou7Rjht/NCL5
WmmGamsZ6RQbZrqzL0rGpk9jNsuSigA2QEpi2hOpHbNtbJjlyv1vcc2dKIXDPJjq
06wB2XQKKBmQT1zoEERHHBt/2hRnAEiYtxvFkk6B+Vwfpmhnn4MYWroEkltYNE6K
YeHMTlpUOXFCsHCyrPqa5u8YlKjDPLs+UBuwdzcFCri1D46Bhh7Hq3GVlqDIrYRQ
ICfliKULhFqUbNDPZYG5GSa7OO6swr/ZU7FYJM2MfNUimebtvGMv/dKi0BdGm+zF
MZMoWsn0cu6xsSFZ1q7UrYaIkfM+2Wvzpy/rAPG3KxowLRMEMq5N5MU5VLKvQnnv
I6aX+6FSh3B1tyEZqenYI6JSCCpg1/qY2aoTTOPwKgVoR4c0CWMzRDxsrMD4oXJE
KnYqipercdlKJfGWVsQq0shWaejwarhcXCEtl8IOaHI/dTsDOXKv38hYtR7RUSqM
mPXaysECmB9UWjjbSAuMx0aIiR5l70Iccaf1wq1ixvEJrMJb5ic=
=HLXE
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBX5+JRuNLKJtyKPYoAQgb9xAAhOQEC4IKoYNTYGQahPA638Ri5Uz5GTLp
1qO7y0jxs2SGyLn3L4aoq7M+G+n3EB6M1DrBYKO8MjEZeNvJ2ct+NprOjyzc842a
hB078LpYVu4TcejgMa8SuHcs2F3FbmXlcBs5MRHVbD8i8bfCF3HnsP7oiSAw6Yke
9ainFOcZzHoM9bEPYI2+9XIljvIXqYMFqgMCyqa3/bUPWhIZO0gVfC38pqDHKk1t
FuxP0/dgunCj5qbN7TyRF1AuLBtg4kZbjIKZ2lwF9KLDlHDhb1T6a6n954+puTUr
MnqRKaAwDPhe4Vu7SLYBFW7aBIOZ7Qfenqx/p3/MubUYsN+fuLV+3ojLY1gtDcwx
gN4JKiohrHi/5Ubc2JYx3C2O28zbN7+yIIKNZDmAbVs6UQF2XwIVma0FynJHHqVa
cUv1GJxclTZpHATdO2KMZhgbFTgVNl/GUDeitFrqxjMy4c7mr7r2AfdL5Vfu3Xus
YQfpC/9CVS49ymg0qr4bmIwM4khKNiiV9pIy766mQpy76ROeuaj6BlxCndktH+XP
FSLPKAag9guQKfl9W9ORB/NdaRA4QDOP03iOn3ufczlHZL5Yg0G341eI190krevl
46lu4537XfqZNIM1+pftvt6pK9v3Igz4/yq4haZTiC5FPh2eNel8HEcTleEErBnI
QnNY1zP8m+M=
=XQ4S
-----END PGP SIGNATURE-----
The post ESB-2020.3773 – [Debian] qtsvg-opensource-src: Denial of service – Remote with user interaction appeared first on Malware Devil.
https://malwaredevil.com/2020/11/02/esb-2020-3773-debian-qtsvg-opensource-src-denial-of-service-remote-with-user-interaction/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3773-debian-qtsvg-opensource-src-denial-of-service-remote-with-user-interaction
No comments:
Post a Comment