Bug 214393 - CVE-2006-4811 qt integer overflow
CVE-2006-4811 qt integer overflow
Status: CLOSED WONTFIX
Product: Fedora Legacy
Classification: Retired
Component: qt (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
LEGACY, 3, 4, publish-fc3, publish-fc4
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-11-07 08:18 EST by Jeff Sheltren
Modified: 2007-07-16 06:51 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-07-16 06:51:11 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jeff Sheltren 2006-11-07 08:18:38 EST
An integer overflow flaw was found in the way Qt handled certain pixmap
images. If an application linked against Qt created a pixmap image in a
certain way, it could lead to a denial of service or possibly allow the
execution of arbitrary code. (CVE-2006-4811)

Both FC3 and FC4 need updates.
Comment 1 Jeff Sheltren 2006-11-07 08:21:01 EST
RH announcement: http://rhn.redhat.com/errata/RHSA-2006-0725.html

RH also released updates for kdelibs referring to the same CVE.  See
http://rhn.redhat.com/errata/RHSA-2006-0720.html  Should we do the same, and if
so, I suppose we'll need to open a separate bug report.
Comment 2 Jeff Sheltren 2006-11-07 10:58:15 EST
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I've created updated packages for FC3 and FC4 using
the patch from EL4.

FC3:
http://www.cs.ucsb.edu/~jeff/legacy/qt-3.3.4-0.fc3.1.legacy.src.rpm
9da12e4a0defc57deee318ec039f66b0635b245f  qt-3.3.4-0.fc3.1.legacy.src.rpm

FC4:
http://www.cs.ucsb.edu/~jeff/legacy/qt-3.3.4-15.5.1.legacy.src.rpm
6eabcf6feb724b549d3b529e62c2fd0997ea5159  qt-3.3.4-15.5.1.legacy.src.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iD8DBQFFUKx4Ke7MLJjUbNMRAknyAKCK6b3gCgqF1Lfq6MQ5Oibwbt0CQACeLTZd
ZpOBfSCLtzm4wj2foLQiGx8=
=Dktq
-----END PGP SIGNATURE-----
Comment 3 David Eisenstein 2006-11-11 01:15:26 EST
(In reply to comment #1)
> RH also released updates for kdelibs referring to the same CVE.  See
> http://rhn.redhat.com/errata/RHSA-2006-0720.html  Should we do the same, and if
> so, I suppose we'll need to open a separate bug report?

Yes and yes.  :)

Comment 4 David Eisenstein 2006-11-11 01:17:08 EST
Thanks for submitting the packages, Jeff.

Note You need to log in before you can comment on or make changes to this bug.