Security update for libqt4

SUSE Security Update: Security update for libqt4

Announcement ID:	SUSE-SU-2013:0457-1
Rating:	moderate
References:	#784197 #797006 #802634
Affected Products:	SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2

An update that solves one vulnerability and has two fixes is now available.

Description:

libqt4 has been updated to fix several security issues.

* An information disclosure via QSharedMemory was fixed
which allowed local attackers to read information (e.g.
bitmap content) from the attacked user (CVE-2013-0254).
* openssl-incompatibility-fix.diff: Fix wrong error
reporting when using a binary incompatible version of
openSSL (bnc#797006, CVE-2012-6093)
* Various compromised SSL root certificates were
blacklisted.

Also a non-security bugfix has been applied:

* Add fix for qdbusviewer not matching args (bnc#784197)

Security Issue reference:

* CVE-2013-0254
>

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

SUSE Linux Enterprise Software Development Kit 11 SP2:
zypper in -t patch sdksp2-libQtWebKit-devel-7441
SUSE Linux Enterprise Server 11 SP2 for VMware:
zypper in -t patch slessp2-libQtWebKit-devel-7441
SUSE Linux Enterprise Server 11 SP2:
zypper in -t patch slessp2-libQtWebKit-devel-7441
SUSE Linux Enterprise Desktop 11 SP2:
zypper in -t patch sledsp2-libQtWebKit-devel-7441

To bring your system up-to-date, use "zypper patch".

Package List:

SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64):

libQtWebKit-devel-4.6.3-5.20.23.1

libqt4-devel-4.6.3-5.20.23.1

libqt4-devel-doc-4.6.3-5.20.23.1

libqt4-sql-postgresql-4.6.3-5.20.23.1

libqt4-sql-unixODBC-4.6.3-5.20.23.1
SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64):

libQtWebKit4-32bit-4.6.3-5.20.23.1

libqt4-sql-mysql-32bit-4.6.3-5.20.23.1

libqt4-sql-postgresql-32bit-4.6.3-5.20.23.1

libqt4-sql-sqlite-32bit-4.6.3-5.20.23.1

libqt4-sql-unixODBC-32bit-4.6.3-5.20.23.1
SUSE Linux Enterprise Software Development Kit 11 SP2 (noarch):

libqt4-devel-doc-data-4.6.3-5.20.23.1
SUSE Linux Enterprise Software Development Kit 11 SP2 (ia64):

libQtWebKit4-x86-4.6.3-5.20.23.1

libqt4-sql-mysql-x86-4.6.3-5.20.23.1

libqt4-sql-postgresql-x86-4.6.3-5.20.23.1

libqt4-sql-sqlite-x86-4.6.3-5.20.23.1

libqt4-sql-unixODBC-x86-4.6.3-5.20.23.1
SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64):

libQtWebKit4-4.6.3-5.20.23.1

libqt4-4.6.3-5.20.23.1

libqt4-qt3support-4.6.3-5.20.23.1

libqt4-sql-4.6.3-5.20.23.1

libqt4-sql-mysql-4.6.3-5.20.23.1

libqt4-sql-sqlite-4.6.3-5.20.23.1

libqt4-x11-4.6.3-5.20.23.1

qt4-x11-tools-4.6.3-5.20.23.1
SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64):

libQtWebKit4-32bit-4.6.3-5.20.23.1

libqt4-32bit-4.6.3-5.20.23.1

libqt4-qt3support-32bit-4.6.3-5.20.23.1

libqt4-sql-32bit-4.6.3-5.20.23.1

libqt4-x11-32bit-4.6.3-5.20.23.1
SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64):

libQtWebKit4-4.6.3-5.20.23.1

libqt4-4.6.3-5.20.23.1

libqt4-qt3support-4.6.3-5.20.23.1

libqt4-sql-4.6.3-5.20.23.1

libqt4-sql-mysql-4.6.3-5.20.23.1

libqt4-sql-sqlite-4.6.3-5.20.23.1

libqt4-x11-4.6.3-5.20.23.1

qt4-x11-tools-4.6.3-5.20.23.1
SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64):

libQtWebKit4-32bit-4.6.3-5.20.23.1

libqt4-32bit-4.6.3-5.20.23.1

libqt4-qt3support-32bit-4.6.3-5.20.23.1

libqt4-sql-32bit-4.6.3-5.20.23.1

libqt4-x11-32bit-4.6.3-5.20.23.1
SUSE Linux Enterprise Server 11 SP2 (ia64):

libQtWebKit4-x86-4.6.3-5.20.23.1

libqt4-qt3support-x86-4.6.3-5.20.23.1

libqt4-sql-x86-4.6.3-5.20.23.1

libqt4-x11-x86-4.6.3-5.20.23.1

libqt4-x86-4.6.3-5.20.23.1
SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64):

libQtWebKit4-4.6.3-5.20.23.1

libqt4-4.6.3-5.20.23.1

libqt4-qt3support-4.6.3-5.20.23.1

libqt4-sql-4.6.3-5.20.23.1

libqt4-sql-mysql-4.6.3-5.20.23.1

libqt4-sql-postgresql-4.6.3-5.20.23.1

libqt4-sql-sqlite-4.6.3-5.20.23.1

libqt4-sql-unixODBC-4.6.3-5.20.23.1

libqt4-x11-4.6.3-5.20.23.1
SUSE Linux Enterprise Desktop 11 SP2 (x86_64):

libQtWebKit4-32bit-4.6.3-5.20.23.1

libqt4-32bit-4.6.3-5.20.23.1

libqt4-qt3support-32bit-4.6.3-5.20.23.1

libqt4-sql-32bit-4.6.3-5.20.23.1

libqt4-sql-mysql-32bit-4.6.3-5.20.23.1

libqt4-sql-postgresql-32bit-4.6.3-5.20.23.1

libqt4-sql-sqlite-32bit-4.6.3-5.20.23.1

libqt4-sql-unixODBC-32bit-4.6.3-5.20.23.1

libqt4-x11-32bit-4.6.3-5.20.23.1

References:

http://support.novell.com/security/cve/CVE-2013-0254.html
https://bugzilla.novell.com/784197
https://bugzilla.novell.com/797006
https://bugzilla.novell.com/802634
http://download.suse.com/patch/finder/?keywords=319695c0369c1600598cb3ff3f78d73a