|
|
Subscribe / Log in / New account

Ubuntu alert USN-1504-1 (qt4-x11)



From:
    	      Jamie Strandboge <jamie@canonical.com> 


To:
    	      ubuntu-security-announce@lists.ubuntu.com 


Subject:
    	      [USN-1504-1] Qt vulnerabilities 


Date:
    	      Wed, 11 Jul 2012 18:10:36 -0500


Message-ID:
    	      <1342048236.4750.0.camel@localhost>



==========================================================================
Ubuntu Security Notice USN-1504-1
July 11, 2012

qt4-x11 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.04
- Ubuntu 10.04 LTS

Summary:

Qt Applications could be made to crash or run programs as your login if
they opened specially crafted files.

Software Description:
- qt4-x11: transitional package for Qt 4 assistant module

Details:

It was discovered that Qt did not properly handle wildcard domain names or
IP addresses in the Common Name field of X.509 certificates. An attacker
could exploit this to perform a man in the middle attack to view sensitive
information or alter encrypted communications. This issue only affected
Ubuntu 10.04 LTS. (CVE-2010-5076)

A heap-based buffer overflow was discovered in the HarfBuzz module. If a
user were tricked into opening a crafted font file in a Qt application,
an attacker could cause a denial of service or possibly execute arbitrary
code with the privileges of the user invoking the program. (CVE-2011-3193)

It was discovered that Qt did not properly handle greyscale TIFF images.
If a Qt application could be made to process a crafted TIFF file, an
attacker could cause a denial of service. (CVE-2011-3194)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.04:
  libqt4-network                  4:4.7.2-0ubuntu6.4
  libqtgui4                       4:4.7.2-0ubuntu6.4

Ubuntu 10.04 LTS:
  libqt4-network                  4:4.6.2-0ubuntu5.4
  libqtgui4                       4:4.6.2-0ubuntu5.4

After a standard system update you need to restart your session to make all
the necessary changes.

References:
  http://www.ubuntu.com/usn/usn-1504-1

  CVE-2010-5076, CVE-2011-3193, CVE-2011-3194

Package Information:
  https://launchpad.net/ubuntu/+source/qt4-x11/4:4.7.2-0ubu...
  https://launchpad.net/ubuntu/+source/qt4-x11/4:4.6.2-0ubu...


-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security...
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds