Security update for libqt4
Announcement ID: | SUSE-SU-2015:1359-1 |
---|---|
Rating: | moderate |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves four vulnerabilities and has two security fixes can now be installed.
Description:
The libqt4 library was updated to fix several security and non security issues.
The following vulnerabilities were fixed: - bsc#921999: CVE-2015-0295: division by zero when processing malformed BMP files - bsc#927806: CVE-2015-1858: segmentation fault in BMP Qt Image Format Handling - bsc#927807: CVE-2015-1859: segmentation fault in ICO Qt Image Format Handling - bsc#927808: CVE-2015-1860: segmentation fault in GIF Qt Image Format Handling
The following non-secuirty issues were fixed: - bsc#929688: Critical Problem in Qt Network Stack - bsc#847880: kde/qt rendering error in qemu cirrus i586 - Update use-freetype-default.diff to use same method as with libqt5-qtbase package: Qt itself already does runtime check whether subpixel rendering is available, but only when FT_CONFIG_OPTION_SUBPIXEL_RENDERING is defined. Thus it is enough to only remove that condition - The -devel subpackage requires Mesa-devel, not only at build time - Fixed compilation on SLE_11_SP3 by making it build against Mesa-devel on that system - Replace patch l-qclipboard_fix_recursive.patch with qtcore-4.8.5-qeventdispatcher-recursive.patch. The later one seems to work better and really resolves the issue in LibreOffice - Added kde4_qt_plugin_path.patch, so kde4 plugins are magically found/known outside kde4 enviroment/session - added _constraints. building took up to 7GB of disk space on s390x, and more than 6GB on x86_64 - Add 3 patches for Qt bugs to make LibreOffice KDE4 file picker work properly again: * Add glib-honor-ExcludeSocketNotifiers-flag.diff (QTBUG-37380) * Add l-qclipboard_fix_recursive.patch (QTBUG-34614) * Add l-qclipboard_delay.patch (QTBUG-38585)
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Desktop 12
zypper in -t patch SUSE-SLE-DESKTOP-12-2015-380=1
-
SUSE Linux Enterprise Software Development Kit 12
zypper in -t patch SUSE-SLE-SDK-12-2015-380=1
-
SUSE Linux Enterprise Server 12
zypper in -t patch SUSE-SLE-SERVER-12-2015-380=1
-
SUSE Linux Enterprise Server for SAP Applications 12
zypper in -t patch SUSE-SLE-SERVER-12-2015-380=1
-
SUSE Linux Enterprise Workstation Extension 12
zypper in -t patch SUSE-SLE-WE-12-2015-380=1
Package List:
-
SUSE Linux Enterprise Desktop 12 (x86_64)
- libqt4-x11-debuginfo-4.8.6-4.2
- libqt4-sql-4.8.6-4.2
- libqt4-sql-unixODBC-4.8.6-4.1
- libqt4-debugsource-4.8.6-4.2
- libqt4-sql-sqlite-4.8.6-4.2
- libqt4-qt3support-debuginfo-32bit-4.8.6-4.2
- libqt4-sql-unixODBC-32bit-4.8.6-4.1
- libqt4-x11-32bit-4.8.6-4.2
- libqt4-sql-debuginfo-4.8.6-4.2
- libqt4-sql-postgresql-32bit-4.8.6-4.1
- libqt4-debuginfo-4.8.6-4.2
- libqt4-sql-sqlite-debuginfo-32bit-4.8.6-4.2
- libqt4-sql-sqlite-debuginfo-4.8.6-4.2
- libqt4-x11-4.8.6-4.2
- libqt4-debuginfo-32bit-4.8.6-4.2
- libqt4-sql-postgresql-4.8.6-4.1
- libqt4-sql-debuginfo-32bit-4.8.6-4.2
- libqt4-sql-mysql-32bit-4.8.6-4.1
- libqt4-sql-mysql-4.8.6-4.1
- libqt4-sql-32bit-4.8.6-4.2
- libqt4-sql-sqlite-32bit-4.8.6-4.2
- libqt4-qt3support-4.8.6-4.2
- libqt4-qt3support-32bit-4.8.6-4.2
- libqt4-x11-debuginfo-32bit-4.8.6-4.2
- libqt4-32bit-4.8.6-4.2
- libqt4-qt3support-debuginfo-4.8.6-4.2
- libqt4-4.8.6-4.2
-
SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64)
- libqt4-sql-postgresql-4.8.6-4.1
- libqt4-devel-debuginfo-4.8.6-4.2
- libqt4-sql-unixODBC-4.8.6-4.1
- libqt4-devel-doc-4.8.6-4.6
- libqt4-devel-doc-debuginfo-4.8.6-4.6
- libqt4-private-headers-devel-4.8.6-4.2
- libqt4-devel-doc-debugsource-4.8.6-4.6
- libqt4-debuginfo-4.8.6-4.2
- libqt4-linguist-4.8.6-4.2
- libqt4-debugsource-4.8.6-4.2
- libqt4-devel-4.8.6-4.2
- libqt4-linguist-debuginfo-4.8.6-4.2
-
SUSE Linux Enterprise Software Development Kit 12 (noarch)
- libqt4-devel-doc-data-4.8.6-4.6
-
SUSE Linux Enterprise Software Development Kit 12 (s390x x86_64)
- libqt4-sql-postgresql-32bit-4.8.6-4.1
- libqt4-sql-unixODBC-32bit-4.8.6-4.1
-
SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64)
- libqt4-sql-sqlite-debuginfo-4.8.6-4.2
- libqt4-x11-4.8.6-4.2
- libqt4-qt3support-debuginfo-4.8.6-4.2
- libqt4-sql-mysql-4.8.6-4.1
- qt4-x11-tools-4.8.6-4.6
- libqt4-sql-debuginfo-4.8.6-4.2
- libqt4-x11-debuginfo-4.8.6-4.2
- libqt4-sql-4.8.6-4.2
- libqt4-devel-doc-debuginfo-4.8.6-4.6
- qt4-x11-tools-debuginfo-4.8.6-4.6
- libqt4-devel-doc-debugsource-4.8.6-4.6
- libqt4-debuginfo-4.8.6-4.2
- libqt4-4.8.6-4.2
- libqt4-debugsource-4.8.6-4.2
- libqt4-sql-sqlite-4.8.6-4.2
- libqt4-qt3support-4.8.6-4.2
-
SUSE Linux Enterprise Server 12 (s390x x86_64)
- libqt4-qt3support-32bit-4.8.6-4.2
- libqt4-x11-debuginfo-32bit-4.8.6-4.2
- libqt4-32bit-4.8.6-4.2
- libqt4-sql-debuginfo-32bit-4.8.6-4.2
- libqt4-sql-32bit-4.8.6-4.2
- libqt4-debuginfo-32bit-4.8.6-4.2
- libqt4-qt3support-debuginfo-32bit-4.8.6-4.2
- libqt4-x11-32bit-4.8.6-4.2
-
SUSE Linux Enterprise Server for SAP Applications 12 (x86_64)
- libqt4-x11-debuginfo-4.8.6-4.2
- libqt4-sql-4.8.6-4.2
- libqt4-devel-doc-debugsource-4.8.6-4.6
- libqt4-debugsource-4.8.6-4.2
- libqt4-sql-sqlite-4.8.6-4.2
- libqt4-qt3support-debuginfo-32bit-4.8.6-4.2
- libqt4-x11-32bit-4.8.6-4.2
- qt4-x11-tools-4.8.6-4.6
- libqt4-sql-debuginfo-4.8.6-4.2
- libqt4-debuginfo-4.8.6-4.2
- libqt4-sql-sqlite-debuginfo-4.8.6-4.2
- libqt4-x11-4.8.6-4.2
- libqt4-debuginfo-32bit-4.8.6-4.2
- libqt4-sql-debuginfo-32bit-4.8.6-4.2
- libqt4-sql-mysql-4.8.6-4.1
- libqt4-sql-32bit-4.8.6-4.2
- libqt4-devel-doc-debuginfo-4.8.6-4.6
- libqt4-qt3support-4.8.6-4.2
- libqt4-qt3support-32bit-4.8.6-4.2
- libqt4-x11-debuginfo-32bit-4.8.6-4.2
- libqt4-32bit-4.8.6-4.2
- libqt4-qt3support-debuginfo-4.8.6-4.2
- qt4-x11-tools-debuginfo-4.8.6-4.6
- libqt4-4.8.6-4.2
-
SUSE Linux Enterprise Workstation Extension 12 (x86_64)
- libqt4-sql-postgresql-4.8.6-4.1
- libqt4-sql-mysql-32bit-4.8.6-4.1
- libqt4-sql-unixODBC-4.8.6-4.1
- libqt4-sql-postgresql-32bit-4.8.6-4.1
- libqt4-sql-sqlite-debuginfo-32bit-4.8.6-4.2
- libqt4-sql-sqlite-32bit-4.8.6-4.2
- libqt4-debuginfo-32bit-4.8.6-4.2
- libqt4-sql-unixODBC-32bit-4.8.6-4.1
References:
- https://www.suse.com/security/cve/CVE-2015-0295.html
- https://www.suse.com/security/cve/CVE-2015-1858.html
- https://www.suse.com/security/cve/CVE-2015-1859.html
- https://www.suse.com/security/cve/CVE-2015-1860.html
- https://bugzilla.suse.com/show_bug.cgi?id=847880
- https://bugzilla.suse.com/show_bug.cgi?id=921999
- https://bugzilla.suse.com/show_bug.cgi?id=927806
- https://bugzilla.suse.com/show_bug.cgi?id=927807
- https://bugzilla.suse.com/show_bug.cgi?id=927808
- https://bugzilla.suse.com/show_bug.cgi?id=929688