Upstream has issued an advisory on April 13: http://lists.qt-project.org/pipermail/announce/2015-April/000067.html The issues will be fixed in 4.8.7 and 5.4.2, and there are upstream patches linked from the message above. Fedora has issued an advisory for this on April 14: https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html Mageia 4 and Mageia 5 are affected. Reproducible: Steps to Reproduce:
URL: (none) => http://lwn.net/Vulnerabilities/641431/
Patches checked into Mageia 4 and Cauldron SVN. Freeze push requested.
Whiteboard: (none) => MGA5TOO, MGA4TOO
qt3 is also vulnerable to CVE-2015-1860, but not the other two issues, according to Fedora. I've checked a patch from them into Mageia 4 and Cauldron SVN to fix CVE-2015-1860. Freeze push requested.
Patched packages uploaded for Mageia 4 and Cauldron. If there's an upstream Qt bug report with PoC files this time, I haven't come across it yet. Last time (Bug 15383) we were able to test the affected functionality using gwenview (Qt4) and eyesight (built from the Cauldron SRPM, Qt5). Qt3 just check that it installs. Advisory: ======================== Updated qt3, qt4, and qtbase5 packages fix security vulnerabilities: It is possible to construct invalid BMP (CVE-2015-1858), ICO (CVE-2015-1859) and GIF (CVE-2015-1860) images that lead to buffer overflows. Qt3 is only vulnerable to the CVE-2015-1860 issue with GIF images. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1858 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1859 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1860 https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html http://lists.qt-project.org/pipermail/announce/2015-April/000067.html ======================== Updated packages in core/updates_testing: ======================== libqt3-3.3.8b-33.4 qt3-common-3.3.8b-33.4 libqt3-mysql-3.3.8b-33.4 libqt3-psql-3.3.8b-33.4 libqt3-odbc-3.3.8b-33.4 libqt3-sqlite-3.3.8b-33.4 qt4-common-4.8.6-1.3 libqtxml4-4.8.6-1.3 libqtscripttools4-4.8.6-1.3 libqtxmlpatterns4-4.8.6-1.3 libqtsql4-4.8.6-1.3 libqtnetwork4-4.8.6-1.3 libqtscript4-4.8.6-1.3 libqtgui4-4.8.6-1.3 libqtsvg4-4.8.6-1.3 libqttest4-4.8.6-1.3 libqthelp4-4.8.6-1.3 libqtclucene4-4.8.6-1.3 libqtcore4-4.8.6-1.3 libqt3support4-4.8.6-1.3 libqtopengl4-4.8.6-1.3 libqtdesigner4-4.8.6-1.3 libqtdbus4-4.8.6-1.3 libqtmultimedia4-4.8.6-1.3 qt4-qtdbus-4.8.6-1.3 libqtdeclarative4-4.8.6-1.3 qt4-qmlviewer-4.8.6-1.3 libqt4-devel-4.8.6-1.3 qt4-devel-private-4.8.6-1.3 qt4-xmlpatterns-4.8.6-1.3 qt4-qtconfig-4.8.6-1.3 qt4-doc-4.8.6-1.3 qt4-demos-4.8.6-1.3 qt4-examples-4.8.6-1.3 qt4-linguist-4.8.6-1.3 qt4-assistant-4.8.6-1.3 qt4-database-plugin-mysql-4.8.6-1.3 qt4-database-plugin-sqlite-4.8.6-1.3 qt4-database-plugin-tds-4.8.6-1.3 qt4-database-plugin-pgsql-4.8.6-1.3 qt4-graphicssystems-plugin-4.8.6-1.3 qt4-accessibility-plugin-4.8.6-1.3 qt4-designer-4.8.6-1.3 qt4-designer-plugin-webkit-4.8.6-1.3 qt4-designer-plugin-qt3support-4.8.6-1.3 qt4-qvfb-4.8.6-1.3 qt4-qdoc3-4.8.6-1.3 qtbase5-common-5.2.0-2.5 qtbase5-examples-5.2.0-2.5 qtbase5-database-plugin-odbc-5.2.0-2.5 qtbase5-database-plugin-mysql-5.2.0-2.5 qtbase5-database-plugin-sqlite-5.2.0-2.5 qtbase5-database-plugin-tds-5.2.0-2.5 qtbase5-database-plugin-pgsql-5.2.0-2.5 libqt5core5-5.2.0-2.5 libqt5core-devel-5.2.0-2.5 libqt5core-private-devel-5.2.0-2.5 libqt5sql5-5.2.0-2.5 libqt5sql-devel-5.2.0-2.5 libqt5sql-private-devel-5.2.0-2.5 libqt5dbus5-5.2.0-2.5 libqt5dbus-devel-5.2.0-2.5 libqt5dbus-private-devel-5.2.0-2.5 libqt5concurrent5-5.2.0-2.5 libqt5concurrent-devel-5.2.0-2.5 libqt5gui5-5.2.0-2.5 libqt5gui-devel-5.2.0-2.5 libqt5gui-private-devel-5.2.0-2.5 libqt5network5-5.2.0-2.5 libqt5network-devel-5.2.0-2.5 libqt5network-private-devel-5.2.0-2.5 libqt5opengl5-5.2.0-2.5 libqt5opengl-devel-5.2.0-2.5 libqt5opengl-private-devel-5.2.0-2.5 libqt5printsupport5-5.2.0-2.5 libqt5printsupport-devel-5.2.0-2.5 libqt5printsupport-private-devel-5.2.0-2.5 libqt5test5-5.2.0-2.5 libqt5test-devel-5.2.0-2.5 libqt5test-private-devel-5.2.0-2.5 libqt5widgets5-5.2.0-2.5 libqt5widgets-devel-5.2.0-2.5 libqt5widgets-private-devel-5.2.0-2.5 libqt5xml5-5.2.0-2.5 libqt5xml-devel-5.2.0-2.5 libqt5platformsupport-devel-5.2.0-2.5 libqt5platformsupport-private-devel-5.2.0-2.5 libqt5bootstrap-devel-5.2.0-2.5 libqt5base5-devel-5.2.0-2.5 qtbase5-common-devel-5.2.0-2.5 from SRPMS: qt3-3.3.8b-33.4.mga4.src.rpm qt4-4.8.6-1.3.mga4.src.rpm qtbase5-5.2.0-2.5.mga4.src.rpm
Version: Cauldron => 4Assignee: mageia => qa-bugsSummary: qt4, qtbase5 new security issues CVE-2015-1858, CVE-2015-1859, and CVE-2015-1860 => qt3, qt4, qtbase5 new security issues CVE-2015-1858, CVE-2015-1859, and CVE-2015-1860Source RPM: qt4-4.8.6-8.mga5.src.rpm, qtbase5-5.4.0-6.mga5.src.rpm => qt3, qt4-4.8.6-8.mga5.src.rpm, qtbase5-5.4.0-6.mga5.src.rpmWhiteboard: MGA5TOO, MGA4TOO => (none)
I can't find any PoC's, maybe they aren't public. I tested Qt3 by upgrading the packages. I tested Qt4 with gwenview. I tested Qt5 with eyesight (built from Cauldron SVN). Opened GIF, BMP, and ICO files. All OK, Mageia 4 i586.
Whiteboard: (none) => has_procedure MGA4-32-OK
Testing complete mga4 64 Similar to comment 4 except used transmission-qt5 and yaflight for qt5 which are two of only a few which require lib64qt5core5 Validating. Advisory uploaded. Please push to 4 updates Thanks!
Keywords: (none) => validated_updateWhiteboard: has_procedure MGA4-32-OK => has_procedure advisory MGA4-32-OK mga4-64-okCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0198.html
Status: NEW => RESOLVEDResolution: (none) => FIXED