Debian 3.0: DSA 542-1 Critical: Qt Arbitrary Execution and DoS
debian
August 30, 2004
Several vulnerabilities were discovered in recent versions of Qt, acommonly used graphic widget set.
Topics Covered
Summary
Several vulnerabilities were discovered in recent versions of Qt, a
commonly used graphic widget set, used in KDE for example. The first
problem allows an attacker to execute arbitrary code, while the other
two only seem to pose a denial of service danger. The Common
Vulnerabilities and Exposures project identifies the following
vulnerabilities:
CAN-2004-0691:
Chris Evans has discovered a heap-based overflow when handling
8-bit RLE encoded BMP files.
CAN-2004-0692:
Marcus Meissner has discovered a crash condition in the XPM
handling code, which is not yet fixed in Qt 3.3.
CAN-2004-0693:
Marcus Meissner has discovered a crash condition in the GIF
handling code, which is not yet fixed in Qt 3.3.
For the stable distribution (woody) this problem has been fixed in
version 3.0.3-20020329-1woody2.
For the unstable distribution (sid) this problem has been fixed in
version 3.3.3-4 of qt-x11-free.
We recommend that you upgrade your qt packages.
Upgrade Instructions
--------------------
wg...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: qt-copy
CVE ID: CAN-2004-0691 CAN-2004-0692 CAN-2004-0693
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!