A stack-based buffer overflow was found in the way harfbuzz rendered certain Tibetian font glyphs. This flaw affects qt4, which embeds the vulnerable version of harfbuzz. A remote attacker could use this flaw to crash an application (capable of loading remote web content) linked against qt. Reference: http://googlechromereleases.blogspot.com/2012/01/stable-channel-update.html http://code.google.com/p/chromium/issues/detail?id=108006 Patch: http://src.chromium.org/viewvc/chrome/branches/963/src/third_party/harfbuzz/src/harfbuzz-myanmar.c?r1=116201&r2=116200&pathrev=116201
Statement: This issue does not affect the version of qt as shipped with Red Hat Enterprise Linux 4 and 5. This issue does not affect the version of qt3 as shipped with Red Hat Enterprise Linux 6. This issue does not affect the version of qt4 as shipped with Red Hat Enterprise Linux 5. This issue affects the version of qt as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having moderate security impact. A future update may address this issue. This issue does not affect the version of pango as shipped with Red Hat Enterprise Linux 4, 5 and 6.
Created qt tracking bugs for this issue Affects: fedora-all [bug 772128]
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2012:0880 https://rhn.redhat.com/errata/RHSA-2012-0880.html