Gentoo Logo

QtCore: Denial of Service

Content:

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 201403-04 / qt-core
Release Date March 13, 2014
Latest Revision March 13, 2014: 1
Impact normal
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
dev-qt/qtcore < 4.8.5-r1 >= 4.8.5-r1 All supported architectures

Related bugreports: #494728

Synopsis

A vulnerability in QXmlSimpleReader class can be used to cause a Denial of Service condition.

2.  Impact Information

Background

The Qt toolkit is a comprehensive C++ application development framework.

Description

A vulnerability in QXmlSimpleReader’s XML entity parsing has been discovered.

Impact

A remote attacker could entice a user to open a specially crafted XML file using an application linked against QtCore, possibly resulting in Denial of Service.

3.  Resolution Information

Workaround

There is no known workaround at this time.

Resolution

All QtCore users should upgrade to the latest version:

Code Listing 3.1: Resolution

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=dev-qt/qtcore-4.8.5-r1"

Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying these packages.

4.  References



Print

Page updated March 13, 2014

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.