Sicherheit: Denial of Service in Qt

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============0087867996464504022==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="p6RbktkuHcCThUSfQUJoavBt8BRAA1qfs"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--p6RbktkuHcCThUSfQUJoavBt8BRAA1qfs
Content-Type: text/plain; charset=UTF-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-2057-1
December 17, 2013

qt4-x11, qtbase-opensource-src vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.10
- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS

Summary:

Qt could be made to consume resources and hang if it processed XML data.

Software Description:
- qt4-x11: Qt 4 libraries
- qtbase-opensource-src: Qt 5 libraries

Details:

It was discovered that QXmlSimpleReader in Qt incorrectly handled XML
entity expansion. An attacker could use this flaw to cause Qt applications
to consume large amounts of resources, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.10:
libqt4-xml 4:4.8.4+dfsg-0ubuntu18.1
libqt5xml5 5.0.2+dfsg1-7ubuntu11.1

Ubuntu 13.04:
libqt4-xml 4:4.8.4+dfsg-0ubuntu9.5
libqt5xml5 5.0.1+dfsg-0ubuntu4.1

Ubuntu 12.10:
libqt4-xml 4:4.8.3+dfsg-0ubuntu3.2

Ubuntu 12.04 LTS:
libqt4-xml 4:4.8.1-0ubuntu4.5

After a standard system update you need to restart your session to make all
the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2057-1
CVE-2013-4549

Package Information:
https://launchpad.net/ubuntu/+source/qt4-x11/4:4.8.4+dfsg-0ubuntu18.1
https://launchpad.net/ubuntu/+source/qtbase-opensource-src/5.0.2+dfsg1-7ubuntu11.1
https://launchpad.net/ubuntu/+source/qt4-x11/4:4.8.4+dfsg-0ubuntu9.5
https://launchpad.net/ubuntu/+source/qtbase-opensource-src/5.0.1+dfsg-0ubuntu4.1
https://launchpad.net/ubuntu/+source/qt4-x11/4:4.8.3+dfsg-0ubuntu3.2
https://launchpad.net/ubuntu/+source/qt4-x11/4:4.8.1-0ubuntu4.5

--p6RbktkuHcCThUSfQUJoavBt8BRAA1qfs
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCgAGBQJSsNqhAAoJEGVp2FWnRL6TIE8QAKSg3Kfnoynv02AgQQ8x/9Fr
cTj0O+jeFpkCPdqsJ4ulrTiz824N0ed21EHYSvyhFnol0sG567eLJXNDsf0vODki
sonxjrS2cpLrf/ZA48eUqn+GwVluQDeGB+INS31gkZJjYWCq4S0eSHiTTJxApYvw
iR5A47W50u1Q6AFS+QMd+vtdboiUzbVtLwqG7AcdqBsssgIv/mLBoCbdvs24023I
l+grQ2AQB6krSMUVE3BKWlXc+KK+ypv4v8LzRqw4Rkpz0c7KF+MxMnZGZJEnnbAq
rgUARLWsCtANHK7Vg806vIOl/HX+IbdjrmwOJJi8369gxLCsmxKnE+FG0rnr6kQl
4f16d2qF/HkAjoSYa4r1FPfQj2Cj20XESTgoXJxXFZ4phufyppLT7xfJkK+uvZE3
kKh/wfbNw4NCX4iY1KPHLR3ylNF+jSiICA5R3paLMMoP74JL02jZR3xJQQ3bDumP
hkxuGnCfRzj3em+zzFCxQa0roM2VQxE68VeJ5KPbN6ohyYFZvpYSGRwmKd6QT0dL
d0tzyk49cJflZaCD7/MYusX4vtbQpIO+STDanadOoEEyJ3n7gzv/FYCNPOs1pDLX
6HdghXdVklS5OhvZmO5oa6sxPZDB/9+8ghCtH7oiJ7RR9Y9vqQ6I87jOivzD6kvf
hEMjiWZzAn6GotYViUF5
=QUSP
-----END PGP SIGNATURE-----

--p6RbktkuHcCThUSfQUJoavBt8BRAA1qfs--

--===============0087867996464504022==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============0087867996464504022==--