[Frugalware-security] [ FSA-283 ] qt4

voroskoi noreply at frugalware.org
Mon Oct 1 09:59:58 CEST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Frugalware Security Advisory                           FSA-283

Date: 2007-10-01
Package: qt4
Vulnerable versions: <= 4.2.3-2terminus1
Unaffected versions: >= 4.2.3-2terminus2
Related bugreport: http://bugs.frugalware.org/task/2422
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4137

Description
===========

A vulnerability has been reported in Qt, which can potentially be exploited by malicious people to cause a DoS (Denial of Service) or to compromise an application using the library.
The vulnerability is caused due to an off-by-one error within the &quot;QUtf8Decoder::toUnicode()&quot; function (&quot;QUtf8Codec::convertToUnicode()&quot; in Qt 4.x) in codecs/qutfcodec.cpp. This can be exploited to cause a one-byte heap-based buffer overflow via a specially crafted unicode string.

Updated Packages
================

Check if you have qt4 installed:

	# pacman-g2 -Q qt4

If found, then you should upgrade to the latest version:

	# pacman-g2 -Sy qt4

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info

iD8DBQFHAKj+Z7NElSD1VhkRApmBAKCDzD1BouLH4fQMFaK2vZu1Pd6UlQCdFd9G
LgQdXP/3qaxJTWDX7nzSLYc=
=0bge
-----END PGP SIGNATURE-----


More information about the Frugalware-security mailing list