Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.4054
qtbase-opensource-src security update
1 November 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: qtbase-opensource-src
Publisher: Debian
Operating System: Debian GNU/Linux 10
Linux variants
Impact/Access: Denial of Service -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2019-18281
Original Bulletin:
http://www.debian.org/security/2019/dsa-4556
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running qtbase-opensource-src check for an updated version of the
software for their operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4556-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
October 31, 2019 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : qtbase-opensource-src
CVE ID : CVE-2019-18281
An out-of-bounds memory access was discovered in the Qt library, which
could result in denial of service through a text file containing many
directional characters.
The oldstable distribution (stretch) is not affected.
For the stable distribution (buster), this problem has been fixed in
version 5.11.3+dfsg1-1+deb10u1.
We recommend that you upgrade your qtbase-opensource-src packages.
For the detailed security status of qtbase-opensource-src please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/qtbase-opensource-src
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl27VK8ACgkQEMKTtsN8
TjaIpg/8Cj2cde+soRVmPgYjFl29BH2bWl0lxscDYUbCY2/UsX+L88mk/lJT9NAa
E8hoW58V9BYdc5K6I6PBOOjL7GY1QhgC+gsMq9zZNu5a/yS4TL/LpuYs1Z5O54zM
kQOEchdWZWJzf8jmPJO8FBuoYrach2oAjztzEYAwATJEBccJmcEPv26SBxxzaGRg
jKQL3K33FLPTnk/9vXZnh0dUO4TzcjRCPyK+MUSYSy1RIrJLvR4lx67e2Ug5AvEW
SeqeAvNq0PfOKDcYNLGaXlJu3cZBwbtif+xvtlew4ELlSXieftsk2epY5wB4VqWe
q/JrGtI3RLas9Dy8qywzu2UELC0+DbugODz+WBnwAQTL4PrpUYwUOuk42OL/m//N
sPrac4CRBQV8KSYpxrgGOm9dIqG4GwRn8SAupmheBRGDdrbtxA1b1eqjLoXoWPcD
93agullv7+0/Xr0H4LluJ8/tWeHDoe3l5yfY8GaEgwgC2vCcwhiKxXTfhjjMll/E
PItk6jxwa8MBimvI6rAfK+MOEyMfkI+TbRogvRUTgUn2hA2s3GRrC1NNS1KUguxj
u+rOmCgqzHYkAFC4vNWhgNTkXBRMp/WvZeS5BjMRv27XR51VjBhjMEEvY29opicm
KUiUPe01psdIUfFt5Lhq4S6wDpUxvyQks3RA0v6lSm4t6CSOl7k=
=2ZKP
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXbtymGaOgq3Tt24GAQhajRAAonq0m68/wzz6EJPHoJ1c57HtKEJEkO3r
4w0viEPCWZp3usC0YLpnwQTJC2deEPeCAI3wrQjgsTDW1RN2iCAfQgi7he63Bj8S
REvZZ4Sdq+dZGpAkm5L0YFhliFAGaLQLV75RvO+2/Hu2uPEfX5wg4Db/ix4aVLZR
8bZifmJiYOHTnM1BmSsl1LVZGIp6I/cdop93fG/29Gq++P9Pmu3sowR/r6JS4oF9
NHV3pjD6C2hoarlwudJ61AWrkyJntiLMaywMkdnL5aNRWOp5x63xxxmowE5Z2lV1
MI7oKiw6bRb7+Zg5wepyaME0uW88st/IQsUbKwZLEPuDnysO3xKyXCp5ncqlhEg0
C1D9ufs4BGD9NrtR9G5PWsqyn6UNUm6mMAZ9nFQu0ofOLQtdqZieKeJdbrGhU3rU
fLh8/cQTWw09PEqEMl6/+lW/kxmlWnYDOPfH50DxeDeusMbPIkS2UiOds0DCZ1vh
WIpG4v75lLKpOoXJH0oEjYoFxWmbXvvpYdW/2gSM9P4NODwwLYaN/RnlAB2bFUso
PlE6M1UbI8lXcR8kvq3ghHarVpFwXX0QaY1kyB1zvAiaaXhzs07qZLFYRquftnNy
nZ7giZ3XPYpi3lsnRRK9FMZsvlsVqwAF7CunkAUuXvowypeNHo2CoHw1zU7EpzfU
vaaimwG8Jjc=
=O2Nf
-----END PGP SIGNATURE-----