USN-2057-1: Qt vulnerability

17 December 2013

qt4-x11, qtbase-opensource-src vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 13.10
  • Ubuntu 13.04
  • Ubuntu 12.10
  • Ubuntu 12.04 LTS

Summary

Qt could be made to consume resources and hang if it processed XML data.

Software Description

  • qt4-x11 - Qt 4 libraries
  • qtbase-opensource-src - Qt 5 libraries

Details

It was discovered that QXmlSimpleReader in Qt incorrectly handled XML entity expansion. An attacker could use this flaw to cause Qt applications to consume large amounts of resources, resulting in a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 13.10
libqt4-xml - 4:4.8.4+dfsg-0ubuntu18.1
libqt5xml5 - 5.0.2+dfsg1-7ubuntu11.1
Ubuntu 13.04
libqt4-xml - 4:4.8.4+dfsg-0ubuntu9.5
libqt5xml5 - 5.0.1+dfsg-0ubuntu4.1
Ubuntu 12.10
libqt4-xml - 4:4.8.3+dfsg-0ubuntu3.2
Ubuntu 12.04 LTS
libqt4-xml - 4:4.8.1-0ubuntu4.5

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart your session to make all the necessary changes.

References