Red Hat Bugzilla – Bug 211342
CVE-2006-4811 qt integer overflow
Last modified: 2007-11-30 17:11:46 EST
+++ This bug was initially created as a clone of Bug #210742 +++
An interger overflow flaw was found in the way qt handles certain pixmax
requests. This flaw can lead to arbitrary data being written onto the heap,
possibly resulting in arbitrary code execution withing applications using qt
(such as knoqueror and kmail)
Isn't this a qt, not a kdelibs, bug?
Yes, this is a qt bug, but we're fixing the flaw in kdelibs. After analysis of
the issue, we determined only kdelibs was using the qt flawed method. We plan
to fix qt once there is a suitable fix available.
The qt fix is hard, the kdelibs fix is easy, so we opted for the quick easy for
now, with plans for the bigger harder fix in the near future.
I'm moving this bug over to qt since that's where we'll fix this issue.
FYI, Fix is relatively simple, either upgrade to qt-3.3.7 or apply upstream
pixmap patch (forthcoming).
Created attachment 139124 [details]
upstream patch sent to kde-packagers list
it's fixed in qt-3.3.7 and will be available for FC5/FC6 soon
qt-3.3.7-0.1.fc5 has been pushed for fc5, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.