Bug 211342 - CVE-2006-4811 qt integer overflow
CVE-2006-4811 qt integer overflow
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: qt (Show other bugs)
5
All Linux
urgent Severity urgent
: ---
: ---
Assigned To: Ngo Than
impact=critical,source=vendorsec,repo...
: Patch
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-10-18 15:08 EDT by Josh Bressers
Modified: 2007-11-30 17:11 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-10-24 05:15:50 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
upstream patch sent to kde-packagers list (4.75 KB, patch)
2006-10-23 09:38 EDT, Rex Dieter
no flags Details | Diff

  None (edit)
Description Josh Bressers 2006-10-18 15:08:16 EDT
+++ This bug was initially created as a clone of Bug #210742 +++

An interger overflow flaw was found in the way qt handles certain pixmax
requests.  This flaw can lead to arbitrary data being written onto the heap,
possibly resulting in arbitrary code execution withing applications using qt
(such as knoqueror and kmail)
Comment 1 Rex Dieter 2006-10-18 15:13:52 EDT
Isn't this a qt, not a kdelibs, bug?
Comment 2 Josh Bressers 2006-10-18 16:02:48 EDT
Yes, this is a qt bug, but we're fixing the flaw in kdelibs.  After analysis of
the issue, we determined only kdelibs was using the qt flawed method.  We plan
to fix qt once there is a suitable fix available.

The qt fix is hard, the kdelibs fix is easy, so we opted for the quick easy for
now, with plans for the bigger harder fix in the near future.
Comment 4 Josh Bressers 2006-10-23 09:33:41 EDT
I'm moving this bug over to qt since that's where we'll fix this issue.
Comment 5 Rex Dieter 2006-10-23 09:37:19 EDT
FYI, Fix is relatively simple, either upgrade to qt-3.3.7 or apply upstream
pixmap patch (forthcoming).
Comment 6 Rex Dieter 2006-10-23 09:38:41 EDT
Created attachment 139124 [details]
upstream patch sent to kde-packagers list
Comment 7 Ngo Than 2006-10-24 05:15:50 EDT
it's fixed in qt-3.3.7 and will be available for FC5/FC6 soon
Comment 8 Fedora Update System 2006-10-24 15:33:41 EDT
qt-3.3.7-0.1.fc5 has been pushed for fc5, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.