USN-513-1: Qt vulnerability

18 September 2007

qt-x11-free vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 7.04
  • Ubuntu 6.10
  • Ubuntu 6.06 LTS

Software Description

  • qt-x11-free

Details

Dirk Mueller discovered that UTF8 strings could be made to cause a small buffer overflow. A remote attacker could exploit this by sending specially crafted strings to applications that use the Qt3 library for UTF8 processing, potentially leading to arbitrary code execution with user privileges, or a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 7.04
libqt3-mt - 3:3.3.8really3.3.7-0ubuntu5.2
Ubuntu 6.10
libqt3-mt - 3:3.3.6-3ubuntu3.3
Ubuntu 6.06 LTS
libqt3-mt - 3:3.3.6-1ubuntu6.4

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system upgrade you need to restart your session to effect the necessary changes.

References