Security update for libqt4
| Announcement ID: | SUSE-SU-2015:1359-1 |
| Rating: | moderate |
| References: | #847880 #921999 #927806 #927807 #927808 #929688 |
| Affected Products: |
An update that solves four vulnerabilities and has two fixes is now available.
Description:
The libqt4 library was updated to fix several security and non security
issues.
The following vulnerabilities were fixed:
- bsc#921999: CVE-2015-0295: division by zero when processing malformed
BMP files
- bsc#927806: CVE-2015-1858: segmentation fault in BMP Qt Image Format
Handling
- bsc#927807: CVE-2015-1859: segmentation fault in ICO Qt Image Format
Handling
- bsc#927808: CVE-2015-1860: segmentation fault in GIF Qt Image Format
Handling
The following non-secuirty issues were fixed:
- bsc#929688: Critical Problem in Qt Network Stack
- bsc#847880: kde/qt rendering error in qemu cirrus i586
- Update use-freetype-default.diff to use same method as with
libqt5-qtbase package: Qt itself already does runtime check whether
subpixel rendering is available, but only when
FT_CONFIG_OPTION_SUBPIXEL_RENDERING is defined. Thus it is enough to
only remove that condition
- The -devel subpackage requires Mesa-devel, not only at build time
- Fixed compilation on SLE_11_SP3 by making it build against Mesa-devel on
that system
- Replace patch l-qclipboard_fix_recursive.patch with
qtcore-4.8.5-qeventdispatcher-recursive.patch. The later one seems to
work better and really resolves the issue in LibreOffice
- Added kde4_qt_plugin_path.patch, so kde4 plugins are magically
found/known outside kde4 enviroment/session
- added _constraints. building took up to 7GB of disk space on s390x, and
more than 6GB on x86_64
- Add 3 patches for Qt bugs to make LibreOffice KDE4 file picker work
properly again:
* Add glib-honor-ExcludeSocketNotifiers-flag.diff (QTBUG-37380)
* Add l-qclipboard_fix_recursive.patch (QTBUG-34614)
* Add l-qclipboard_delay.patch (QTBUG-38585)
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Workstation Extension 12:
zypper in -t patch SUSE-SLE-WE-12-2015-380=1 - SUSE Linux Enterprise Software Development Kit 12:
zypper in -t patch SUSE-SLE-SDK-12-2015-380=1 - SUSE Linux Enterprise Server 12:
zypper in -t patch SUSE-SLE-SERVER-12-2015-380=1 - SUSE Linux Enterprise Desktop 12:
zypper in -t patch SUSE-SLE-DESKTOP-12-2015-380=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Workstation Extension 12 (x86_64):
- libqt4-debuginfo-32bit-4.8.6-4.2
- libqt4-sql-mysql-32bit-4.8.6-4.1
- libqt4-sql-postgresql-32bit-4.8.6-4.1
- libqt4-sql-postgresql-4.8.6-4.1
- libqt4-sql-sqlite-32bit-4.8.6-4.2
- libqt4-sql-sqlite-debuginfo-32bit-4.8.6-4.2
- libqt4-sql-unixODBC-32bit-4.8.6-4.1
- libqt4-sql-unixODBC-4.8.6-4.1
- SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64):
- libqt4-debuginfo-4.8.6-4.2
- libqt4-debugsource-4.8.6-4.2
- libqt4-devel-4.8.6-4.2
- libqt4-devel-debuginfo-4.8.6-4.2
- libqt4-devel-doc-4.8.6-4.6
- libqt4-devel-doc-debuginfo-4.8.6-4.6
- libqt4-devel-doc-debugsource-4.8.6-4.6
- libqt4-linguist-4.8.6-4.2
- libqt4-linguist-debuginfo-4.8.6-4.2
- libqt4-private-headers-devel-4.8.6-4.2
- libqt4-sql-postgresql-4.8.6-4.1
- libqt4-sql-unixODBC-4.8.6-4.1
- SUSE Linux Enterprise Software Development Kit 12 (s390x x86_64):
- libqt4-sql-postgresql-32bit-4.8.6-4.1
- libqt4-sql-unixODBC-32bit-4.8.6-4.1
- SUSE Linux Enterprise Software Development Kit 12 (noarch):
- libqt4-devel-doc-data-4.8.6-4.6
- SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64):
- libqt4-4.8.6-4.2
- libqt4-debuginfo-4.8.6-4.2
- libqt4-debugsource-4.8.6-4.2
- libqt4-devel-doc-debuginfo-4.8.6-4.6
- libqt4-devel-doc-debugsource-4.8.6-4.6
- libqt4-qt3support-4.8.6-4.2
- libqt4-qt3support-debuginfo-4.8.6-4.2
- libqt4-sql-4.8.6-4.2
- libqt4-sql-debuginfo-4.8.6-4.2
- libqt4-sql-mysql-4.8.6-4.1
- libqt4-sql-sqlite-4.8.6-4.2
- libqt4-sql-sqlite-debuginfo-4.8.6-4.2
- libqt4-x11-4.8.6-4.2
- libqt4-x11-debuginfo-4.8.6-4.2
- qt4-x11-tools-4.8.6-4.6
- qt4-x11-tools-debuginfo-4.8.6-4.6
- SUSE Linux Enterprise Server 12 (s390x x86_64):
- libqt4-32bit-4.8.6-4.2
- libqt4-debuginfo-32bit-4.8.6-4.2
- libqt4-qt3support-32bit-4.8.6-4.2
- libqt4-qt3support-debuginfo-32bit-4.8.6-4.2
- libqt4-sql-32bit-4.8.6-4.2
- libqt4-sql-debuginfo-32bit-4.8.6-4.2
- libqt4-x11-32bit-4.8.6-4.2
- libqt4-x11-debuginfo-32bit-4.8.6-4.2
- SUSE Linux Enterprise Desktop 12 (x86_64):
- libqt4-32bit-4.8.6-4.2
- libqt4-4.8.6-4.2
- libqt4-debuginfo-32bit-4.8.6-4.2
- libqt4-debuginfo-4.8.6-4.2
- libqt4-debugsource-4.8.6-4.2
- libqt4-qt3support-32bit-4.8.6-4.2
- libqt4-qt3support-4.8.6-4.2
- libqt4-qt3support-debuginfo-32bit-4.8.6-4.2
- libqt4-qt3support-debuginfo-4.8.6-4.2
- libqt4-sql-32bit-4.8.6-4.2
- libqt4-sql-4.8.6-4.2
- libqt4-sql-debuginfo-32bit-4.8.6-4.2
- libqt4-sql-debuginfo-4.8.6-4.2
- libqt4-sql-mysql-32bit-4.8.6-4.1
- libqt4-sql-mysql-4.8.6-4.1
- libqt4-sql-postgresql-32bit-4.8.6-4.1
- libqt4-sql-postgresql-4.8.6-4.1
- libqt4-sql-sqlite-32bit-4.8.6-4.2
- libqt4-sql-sqlite-4.8.6-4.2
- libqt4-sql-sqlite-debuginfo-32bit-4.8.6-4.2
- libqt4-sql-sqlite-debuginfo-4.8.6-4.2
- libqt4-sql-unixODBC-32bit-4.8.6-4.1
- libqt4-sql-unixODBC-4.8.6-4.1
- libqt4-x11-32bit-4.8.6-4.2
- libqt4-x11-4.8.6-4.2
- libqt4-x11-debuginfo-32bit-4.8.6-4.2
- libqt4-x11-debuginfo-4.8.6-4.2
References:
- https://www.suse.com/security/cve/CVE-2015-0295.html
- https://www.suse.com/security/cve/CVE-2015-1858.html
- https://www.suse.com/security/cve/CVE-2015-1859.html
- https://www.suse.com/security/cve/CVE-2015-1860.html
- https://bugzilla.suse.com/847880
- https://bugzilla.suse.com/921999
- https://bugzilla.suse.com/927806
- https://bugzilla.suse.com/927807
- https://bugzilla.suse.com/927808
- https://bugzilla.suse.com/929688