Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.4054 qtbase-opensource-src security update 1 November 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: qtbase-opensource-src Publisher: Debian Operating System: Debian GNU/Linux 10 Linux variants Impact/Access: Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2019-18281 Original Bulletin: http://www.debian.org/security/2019/dsa-4556 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running qtbase-opensource-src check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4556-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 31, 2019 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : qtbase-opensource-src CVE ID : CVE-2019-18281 An out-of-bounds memory access was discovered in the Qt library, which could result in denial of service through a text file containing many directional characters. The oldstable distribution (stretch) is not affected. For the stable distribution (buster), this problem has been fixed in version 5.11.3+dfsg1-1+deb10u1. We recommend that you upgrade your qtbase-opensource-src packages. For the detailed security status of qtbase-opensource-src please refer to its security tracker page at: https://security-tracker.debian.org/tracker/qtbase-opensource-src Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl27VK8ACgkQEMKTtsN8 TjaIpg/8Cj2cde+soRVmPgYjFl29BH2bWl0lxscDYUbCY2/UsX+L88mk/lJT9NAa E8hoW58V9BYdc5K6I6PBOOjL7GY1QhgC+gsMq9zZNu5a/yS4TL/LpuYs1Z5O54zM kQOEchdWZWJzf8jmPJO8FBuoYrach2oAjztzEYAwATJEBccJmcEPv26SBxxzaGRg jKQL3K33FLPTnk/9vXZnh0dUO4TzcjRCPyK+MUSYSy1RIrJLvR4lx67e2Ug5AvEW SeqeAvNq0PfOKDcYNLGaXlJu3cZBwbtif+xvtlew4ELlSXieftsk2epY5wB4VqWe q/JrGtI3RLas9Dy8qywzu2UELC0+DbugODz+WBnwAQTL4PrpUYwUOuk42OL/m//N sPrac4CRBQV8KSYpxrgGOm9dIqG4GwRn8SAupmheBRGDdrbtxA1b1eqjLoXoWPcD 93agullv7+0/Xr0H4LluJ8/tWeHDoe3l5yfY8GaEgwgC2vCcwhiKxXTfhjjMll/E PItk6jxwa8MBimvI6rAfK+MOEyMfkI+TbRogvRUTgUn2hA2s3GRrC1NNS1KUguxj u+rOmCgqzHYkAFC4vNWhgNTkXBRMp/WvZeS5BjMRv27XR51VjBhjMEEvY29opicm KUiUPe01psdIUfFt5Lhq4S6wDpUxvyQks3RA0v6lSm4t6CSOl7k= =2ZKP - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXbtymGaOgq3Tt24GAQhajRAAonq0m68/wzz6EJPHoJ1c57HtKEJEkO3r 4w0viEPCWZp3usC0YLpnwQTJC2deEPeCAI3wrQjgsTDW1RN2iCAfQgi7he63Bj8S REvZZ4Sdq+dZGpAkm5L0YFhliFAGaLQLV75RvO+2/Hu2uPEfX5wg4Db/ix4aVLZR 8bZifmJiYOHTnM1BmSsl1LVZGIp6I/cdop93fG/29Gq++P9Pmu3sowR/r6JS4oF9 NHV3pjD6C2hoarlwudJ61AWrkyJntiLMaywMkdnL5aNRWOp5x63xxxmowE5Z2lV1 MI7oKiw6bRb7+Zg5wepyaME0uW88st/IQsUbKwZLEPuDnysO3xKyXCp5ncqlhEg0 C1D9ufs4BGD9NrtR9G5PWsqyn6UNUm6mMAZ9nFQu0ofOLQtdqZieKeJdbrGhU3rU fLh8/cQTWw09PEqEMl6/+lW/kxmlWnYDOPfH50DxeDeusMbPIkS2UiOds0DCZ1vh WIpG4v75lLKpOoXJH0oEjYoFxWmbXvvpYdW/2gSM9P4NODwwLYaN/RnlAB2bFUso PlE6M1UbI8lXcR8kvq3ghHarVpFwXX0QaY1kyB1zvAiaaXhzs07qZLFYRquftnNy nZ7giZ3XPYpi3lsnRRK9FMZsvlsVqwAF7CunkAUuXvowypeNHo2CoHw1zU7EpzfU vaaimwG8Jjc= =O2Nf -----END PGP SIGNATURE-----