Tuesday, December 17, 2013

[USN-2057-1] Qt vulnerability

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCgAGBQJSsNqhAAoJEGVp2FWnRL6TIE8QAKSg3Kfnoynv02AgQQ8x/9Fr
cTj0O+jeFpkCPdqsJ4ulrTiz824N0ed21EHYSvyhFnol0sG567eLJXNDsf0vODki
sonxjrS2cpLrf/ZA48eUqn+GwVluQDeGB+INS31gkZJjYWCq4S0eSHiTTJxApYvw
iR5A47W50u1Q6AFS+QMd+vtdboiUzbVtLwqG7AcdqBsssgIv/mLBoCbdvs24023I
l+grQ2AQB6krSMUVE3BKWlXc+KK+ypv4v8LzRqw4Rkpz0c7KF+MxMnZGZJEnnbAq
rgUARLWsCtANHK7Vg806vIOl/HX+IbdjrmwOJJi8369gxLCsmxKnE+FG0rnr6kQl
4f16d2qF/HkAjoSYa4r1FPfQj2Cj20XESTgoXJxXFZ4phufyppLT7xfJkK+uvZE3
kKh/wfbNw4NCX4iY1KPHLR3ylNF+jSiICA5R3paLMMoP74JL02jZR3xJQQ3bDumP
hkxuGnCfRzj3em+zzFCxQa0roM2VQxE68VeJ5KPbN6ohyYFZvpYSGRwmKd6QT0dL
d0tzyk49cJflZaCD7/MYusX4vtbQpIO+STDanadOoEEyJ3n7gzv/FYCNPOs1pDLX
6HdghXdVklS5OhvZmO5oa6sxPZDB/9+8ghCtH7oiJ7RR9Y9vqQ6I87jOivzD6kvf
hEMjiWZzAn6GotYViUF5
=QUSP
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2057-1
December 17, 2013

qt4-x11, qtbase-opensource-src vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.10
- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS

Summary:

Qt could be made to consume resources and hang if it processed XML data.

Software Description:
- qt4-x11: Qt 4 libraries
- qtbase-opensource-src: Qt 5 libraries

Details:

It was discovered that QXmlSimpleReader in Qt incorrectly handled XML
entity expansion. An attacker could use this flaw to cause Qt applications
to consume large amounts of resources, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.10:
libqt4-xml 4:4.8.4+dfsg-0ubuntu18.1
libqt5xml5 5.0.2+dfsg1-7ubuntu11.1

Ubuntu 13.04:
libqt4-xml 4:4.8.4+dfsg-0ubuntu9.5
libqt5xml5 5.0.1+dfsg-0ubuntu4.1

Ubuntu 12.10:
libqt4-xml 4:4.8.3+dfsg-0ubuntu3.2

Ubuntu 12.04 LTS:
libqt4-xml 4:4.8.1-0ubuntu4.5

After a standard system update you need to restart your session to make all
the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2057-1
CVE-2013-4549

Package Information:
https://launchpad.net/ubuntu/+source/qt4-x11/4:4.8.4+dfsg-0ubuntu18.1
https://launchpad.net/ubuntu/+source/qtbase-opensource-src/5.0.2+dfsg1-7ubuntu11.1
https://launchpad.net/ubuntu/+source/qt4-x11/4:4.8.4+dfsg-0ubuntu9.5
https://launchpad.net/ubuntu/+source/qtbase-opensource-src/5.0.1+dfsg-0ubuntu4.1
https://launchpad.net/ubuntu/+source/qt4-x11/4:4.8.3+dfsg-0ubuntu3.2
https://launchpad.net/ubuntu/+source/qt4-x11/4:4.8.1-0ubuntu4.5

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)