LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

MeeGo alert MeeGo-SA-10:22 (qt)



From:
    	      "Ware, Ryan R" <ryan.r.ware@intel.com> 


To:
    	      "meego-security@meego.com" <meego-security@meego.com> 


Subject:
    	      [MeeGo-security] [MeeGo-SA-10:22.qt] Off By 1 Error in QT Causes
	Denial of Service 


Date:
    	      Tue, 18 Jan 2011 20:53:02 -0700


Message-ID:
    	      <286058C3-C037-465D-B205-4939CCC76A14@intel.com>


Archive-link:
    	      Article, Thread
              


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=============================================================================
MeeGo-SA-10:22.qt				            Security Advisory
                                                                MeeGo Project

Topic:          Off By 1 Error in QT Causes Denial of Service

Category:       Graphics
Module:         qt
Announced:      September 3, 2010
Affects:        MeeGo 1.0
Corrected:      September 3, 2010
MeeGo BID:	3999
CVE:		CVE-2010-1766

For general information regarding MeeGo Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://www.MeeGo.com/>.

I.   Background

Qt is a cross-platform application and UI framework. Using Qt, you can write
web-enabled applications once and deploy them across desktop, mobile and
embedded operating systems without rewriting the source code.

II.  Problem Description

CVE-2010-1766: ff-by-one error in the
WebSocketHandshake::readServerHandshake function in
websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380,
as used in Qt and other products, allows remote websockets servers to
cause a denial of service (memory corruption) or possibly have
unspecified other impact via an upgrade header that is long and
invalid.
CVSS v2 Base: 7.5 (HIGH)
Access Vector: Network exploitable

III. Impact

CVE-2010-1766: Denial of service or arbitrary code execution via
numeric errors (CWE-189)

IV.  Workaround

None

V.   Solution

Update to package qt-4.6.2-4.2 or later.

VI. References

http://bugs.meego.com/show_bug.cgi?id=3999
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-...
http://cwe.mitre.org/data/definitions/189.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (Darwin)

iQEcBAEBAgAGBQJNNlq+AAoJEEsJm1wYvCMbegIH/3n8MIIU6yNzSpfPDuRrAdtE
1D6gciiyxOzJiXZ5h+Lnk8svG8BLWWDUV9G6YrtuQYO/YWap3J9sy2SMqghl9Qx5
v4VzrANHxUYKCkc3m2Y47MtxTH70HF7zCdVBTUs/E5N2eLXijnsDyq207wrQ7nXS
jbicn9FclujQnzxLpKTkkO54xZR8zvZzC4Nq4o4Q/1rrOpzET8JWagJXfy0OqpJZ
VZIYpK+lxuVDwR5AnswoLf6GqFEOBSBKDlGfCy8shroCX8cQmR7fCFXnAYBSn+vb
4cjJWhm6Gm2JtVgeLQa6mW/UfOsYn5KEc6nfzgTrNOrLShYIYQV9T0SCLBmO1mw=
=JerF
-----END PGP SIGNATURE-----
_______________________________________________
MeeGo-security mailing list
MeeGo-security@meego.com
http://lists.meego.com/listinfo/meego-security
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds