qt: multiple vulnerabilities
| Package(s): | qt | CVE #(s): | CVE-2009-3384 CVE-2009-2816 | ||||||||||||||||||||
| Created: | November 16, 2009 | Updated: | January 25, 2011 | ||||||||||||||||||||
| Description: | From the Red Hat bugzilla [1, 2]: CVE-2009-3384: Multiple security flaws (integer underflow, invalid pointer dereference, buffer underflow and a denial of service) were found in the way WebKit's FTP parser used to process remote FTP directory listings. If a remote FTP server issued a specially-crafted FTP command, it could lead to disclosure of sensitive information, denial of service (application crash) or, potentially to execution of arbitrary code, once the command was parsed. CVE-2009-2816: A security flaw was found in the WebKit's Cross-Origin Resource Sharing (CORS) implementation. Quoting exact details from the WebKit advisory: Before allowing a page from one origin to access a resource in another origin, WebKit sends a preflight request, to determine if the origin server for the resource being accessed will allow the resource to be shared. WebKit includes custom HTTP headers specified by the requesting page in the preflight request. This can result in unexpected actions being initiated on the cross-origin site without user consent. This issue is addressed by dropping custom HTTP headers from preflight requests. | ||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||