Security update for libqt4

Announcement ID: SUSE-SU-2015:1359-1
Rating: moderate
References:
Cross-References:
CVSS scores:
Affected Products:
  • SUSE Linux Enterprise Desktop 12
  • SUSE Linux Enterprise Server 12
  • SUSE Linux Enterprise Server for SAP Applications 12
  • SUSE Linux Enterprise Software Development Kit 12
  • SUSE Linux Enterprise Workstation Extension 12

An update that solves four vulnerabilities and has two security fixes can now be installed.

Description:

The libqt4 library was updated to fix several security and non security issues.

The following vulnerabilities were fixed: - bsc#921999: CVE-2015-0295: division by zero when processing malformed BMP files - bsc#927806: CVE-2015-1858: segmentation fault in BMP Qt Image Format Handling - bsc#927807: CVE-2015-1859: segmentation fault in ICO Qt Image Format Handling - bsc#927808: CVE-2015-1860: segmentation fault in GIF Qt Image Format Handling

The following non-secuirty issues were fixed: - bsc#929688: Critical Problem in Qt Network Stack - bsc#847880: kde/qt rendering error in qemu cirrus i586 - Update use-freetype-default.diff to use same method as with libqt5-qtbase package: Qt itself already does runtime check whether subpixel rendering is available, but only when FT_CONFIG_OPTION_SUBPIXEL_RENDERING is defined. Thus it is enough to only remove that condition - The -devel subpackage requires Mesa-devel, not only at build time - Fixed compilation on SLE_11_SP3 by making it build against Mesa-devel on that system - Replace patch l-qclipboard_fix_recursive.patch with qtcore-4.8.5-qeventdispatcher-recursive.patch. The later one seems to work better and really resolves the issue in LibreOffice - Added kde4_qt_plugin_path.patch, so kde4 plugins are magically found/known outside kde4 enviroment/session - added _constraints. building took up to 7GB of disk space on s390x, and more than 6GB on x86_64 - Add 3 patches for Qt bugs to make LibreOffice KDE4 file picker work properly again: * Add glib-honor-ExcludeSocketNotifiers-flag.diff (QTBUG-37380) * Add l-qclipboard_fix_recursive.patch (QTBUG-34614) * Add l-qclipboard_delay.patch (QTBUG-38585)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Desktop 12
    zypper in -t patch SUSE-SLE-DESKTOP-12-2015-380=1
  • SUSE Linux Enterprise Software Development Kit 12
    zypper in -t patch SUSE-SLE-SDK-12-2015-380=1
  • SUSE Linux Enterprise Server 12
    zypper in -t patch SUSE-SLE-SERVER-12-2015-380=1
  • SUSE Linux Enterprise Server for SAP Applications 12
    zypper in -t patch SUSE-SLE-SERVER-12-2015-380=1
  • SUSE Linux Enterprise Workstation Extension 12
    zypper in -t patch SUSE-SLE-WE-12-2015-380=1

Package List:

  • SUSE Linux Enterprise Desktop 12 (x86_64)
    • libqt4-x11-debuginfo-4.8.6-4.2
    • libqt4-sql-4.8.6-4.2
    • libqt4-sql-unixODBC-4.8.6-4.1
    • libqt4-debugsource-4.8.6-4.2
    • libqt4-sql-sqlite-4.8.6-4.2
    • libqt4-qt3support-debuginfo-32bit-4.8.6-4.2
    • libqt4-sql-unixODBC-32bit-4.8.6-4.1
    • libqt4-x11-32bit-4.8.6-4.2
    • libqt4-sql-debuginfo-4.8.6-4.2
    • libqt4-sql-postgresql-32bit-4.8.6-4.1
    • libqt4-debuginfo-4.8.6-4.2
    • libqt4-sql-sqlite-debuginfo-32bit-4.8.6-4.2
    • libqt4-sql-sqlite-debuginfo-4.8.6-4.2
    • libqt4-x11-4.8.6-4.2
    • libqt4-debuginfo-32bit-4.8.6-4.2
    • libqt4-sql-postgresql-4.8.6-4.1
    • libqt4-sql-debuginfo-32bit-4.8.6-4.2
    • libqt4-sql-mysql-32bit-4.8.6-4.1
    • libqt4-sql-mysql-4.8.6-4.1
    • libqt4-sql-32bit-4.8.6-4.2
    • libqt4-sql-sqlite-32bit-4.8.6-4.2
    • libqt4-qt3support-4.8.6-4.2
    • libqt4-qt3support-32bit-4.8.6-4.2
    • libqt4-x11-debuginfo-32bit-4.8.6-4.2
    • libqt4-32bit-4.8.6-4.2
    • libqt4-qt3support-debuginfo-4.8.6-4.2
    • libqt4-4.8.6-4.2
  • SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64)
    • libqt4-sql-postgresql-4.8.6-4.1
    • libqt4-devel-debuginfo-4.8.6-4.2
    • libqt4-sql-unixODBC-4.8.6-4.1
    • libqt4-devel-doc-4.8.6-4.6
    • libqt4-devel-doc-debuginfo-4.8.6-4.6
    • libqt4-private-headers-devel-4.8.6-4.2
    • libqt4-devel-doc-debugsource-4.8.6-4.6
    • libqt4-debuginfo-4.8.6-4.2
    • libqt4-linguist-4.8.6-4.2
    • libqt4-debugsource-4.8.6-4.2
    • libqt4-devel-4.8.6-4.2
    • libqt4-linguist-debuginfo-4.8.6-4.2
  • SUSE Linux Enterprise Software Development Kit 12 (noarch)
    • libqt4-devel-doc-data-4.8.6-4.6
  • SUSE Linux Enterprise Software Development Kit 12 (s390x x86_64)
    • libqt4-sql-postgresql-32bit-4.8.6-4.1
    • libqt4-sql-unixODBC-32bit-4.8.6-4.1
  • SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64)
    • libqt4-sql-sqlite-debuginfo-4.8.6-4.2
    • libqt4-x11-4.8.6-4.2
    • libqt4-qt3support-debuginfo-4.8.6-4.2
    • libqt4-sql-mysql-4.8.6-4.1
    • qt4-x11-tools-4.8.6-4.6
    • libqt4-sql-debuginfo-4.8.6-4.2
    • libqt4-x11-debuginfo-4.8.6-4.2
    • libqt4-sql-4.8.6-4.2
    • libqt4-devel-doc-debuginfo-4.8.6-4.6
    • qt4-x11-tools-debuginfo-4.8.6-4.6
    • libqt4-devel-doc-debugsource-4.8.6-4.6
    • libqt4-debuginfo-4.8.6-4.2
    • libqt4-4.8.6-4.2
    • libqt4-debugsource-4.8.6-4.2
    • libqt4-sql-sqlite-4.8.6-4.2
    • libqt4-qt3support-4.8.6-4.2
  • SUSE Linux Enterprise Server 12 (s390x x86_64)
    • libqt4-qt3support-32bit-4.8.6-4.2
    • libqt4-x11-debuginfo-32bit-4.8.6-4.2
    • libqt4-32bit-4.8.6-4.2
    • libqt4-sql-debuginfo-32bit-4.8.6-4.2
    • libqt4-sql-32bit-4.8.6-4.2
    • libqt4-debuginfo-32bit-4.8.6-4.2
    • libqt4-qt3support-debuginfo-32bit-4.8.6-4.2
    • libqt4-x11-32bit-4.8.6-4.2
  • SUSE Linux Enterprise Server for SAP Applications 12 (x86_64)
    • libqt4-x11-debuginfo-4.8.6-4.2
    • libqt4-sql-4.8.6-4.2
    • libqt4-devel-doc-debugsource-4.8.6-4.6
    • libqt4-debugsource-4.8.6-4.2
    • libqt4-sql-sqlite-4.8.6-4.2
    • libqt4-qt3support-debuginfo-32bit-4.8.6-4.2
    • libqt4-x11-32bit-4.8.6-4.2
    • qt4-x11-tools-4.8.6-4.6
    • libqt4-sql-debuginfo-4.8.6-4.2
    • libqt4-debuginfo-4.8.6-4.2
    • libqt4-sql-sqlite-debuginfo-4.8.6-4.2
    • libqt4-x11-4.8.6-4.2
    • libqt4-debuginfo-32bit-4.8.6-4.2
    • libqt4-sql-debuginfo-32bit-4.8.6-4.2
    • libqt4-sql-mysql-4.8.6-4.1
    • libqt4-sql-32bit-4.8.6-4.2
    • libqt4-devel-doc-debuginfo-4.8.6-4.6
    • libqt4-qt3support-4.8.6-4.2
    • libqt4-qt3support-32bit-4.8.6-4.2
    • libqt4-x11-debuginfo-32bit-4.8.6-4.2
    • libqt4-32bit-4.8.6-4.2
    • libqt4-qt3support-debuginfo-4.8.6-4.2
    • qt4-x11-tools-debuginfo-4.8.6-4.6
    • libqt4-4.8.6-4.2
  • SUSE Linux Enterprise Workstation Extension 12 (x86_64)
    • libqt4-sql-postgresql-4.8.6-4.1
    • libqt4-sql-mysql-32bit-4.8.6-4.1
    • libqt4-sql-unixODBC-4.8.6-4.1
    • libqt4-sql-postgresql-32bit-4.8.6-4.1
    • libqt4-sql-sqlite-debuginfo-32bit-4.8.6-4.2
    • libqt4-sql-sqlite-32bit-4.8.6-4.2
    • libqt4-debuginfo-32bit-4.8.6-4.2
    • libqt4-sql-unixODBC-32bit-4.8.6-4.1

References: