Gentoo Logo

QtCore, QtGui: Multiple vulnerabilities

Content:

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 201311-14 / qt-core qt-gui
Release Date November 22, 2013
Latest Revision November 22, 2013: 1
Impact normal
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
dev-qt/qtcore < 4.8.4-r2 >= 4.8.4-r2 All supported architectures
dev-qt/qtgui < 4.8.4-r1 >= 4.8.4-r1 All supported architectures

Related bugreports: #361401, #382171, #384103, #455884

Synopsis

Multiple vulnerabilities have been discovered in QtCore and QtGui, possibly resulting in execution of arbitrary code, Denial of Service, or man-in-the-middle attacks.

2.  Impact Information

Background

The Qt toolkit is a comprehensive C++ application development framework.

Description

Multiple vulnerabilities have been discovered in QtCore and QtGui. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could entice a user to open a specially crafted file with an application linked against QtCore or QtGui, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker might employ a specially crafted certificate to conduct man-in-the-middle attacks on SSL connections.

3.  Resolution Information

Workaround

There is no known workaround at this time.

Resolution

All QtCore users should upgrade to the latest version:

Code Listing 3.1: Resolution

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=dev-qt/qtcore-4.8.4-r2"

All QtGui users should upgrade to the latest version:

Code Listing 3.2: Resolution

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=dev-qt/qtgui-4.8.4-r1"

Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages.

4.  References



Print

Page updated November 22, 2013

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.