Gentoo Archives: gentoo-announce

From: Raphael Marichez <falco@g.o>
To: gentoo-announce@g.o
Cc: bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] [ GLSA 200703-06 ] AMD64 x86 emulation Qt library: Integer overflow
Date: Sun, 04 Mar 2007 00:45:24
Message-Id: 20070304001127.GD3492@falco.falcal.net
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 200703-06
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: AMD64 x86 emulation Qt library: Integer overflow
9 Date: March 04, 2007
10 Bugs: #153704
11 ID: 200703-06
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 The AMD64 x86 emulation Qt library makes use of an insecure version of
19 the Qt library, potentially allowing for the remote execution of
20 arbitrary code.
21
22 Background
23 ==========
24
25 The AMD64 x86 emulation Qt library for AMD64 emulates the x86 (32-bit)
26 Qt library on the AMD64 (64-bit) architecture.
27
28 Affected packages
29 =================
30
31 -------------------------------------------------------------------
32 Package / Vulnerable / Unaffected
33 -------------------------------------------------------------------
34 1 emul-linux-x86-qtlibs < 10.0 >= 10.0
35
36 Description
37 ===========
38
39 An integer overflow flaw has been found in the pixmap handling of Qt,
40 making the AMD64 x86 emulation Qt library vulnerable as well.
41
42 Impact
43 ======
44
45 By enticing a user to open a specially crafted pixmap image in an
46 application using the AMD64 x86 emulation Qt library, a remote attacker
47 could cause an application crash or the remote execution of arbitrary
48 code with the rights of the user running the application.
49
50 Workaround
51 ==========
52
53 There is no known workaround at this time.
54
55 Resolution
56 ==========
57
58 All AMD64 x86 emulation Qt library users should upgrade to the latest
59 version:
60
61 # emerge --sync
62 # emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-qtlibs-10.0"
63
64 References
65 ==========
66
67 [ 1 ] GLSA 200611-02
68 http://www.gentoo.org/security/en/glsa/glsa-200611-02.xml
69 [ 2 ] CVE-2006-4811
70 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4811
71
72 Availability
73 ============
74
75 This GLSA and any updates to it are available for viewing at
76 the Gentoo Security Website:
77
78 http://security.gentoo.org/glsa/glsa-200703-06.xml
79
80 Concerns?
81 =========
82
83 Security is a primary focus of Gentoo Linux and ensuring the
84 confidentiality and security of our users machines is of utmost
85 importance to us. Any security concerns should be addressed to
86 security@g.o or alternatively, you may file a bug at
87 http://bugs.gentoo.org.
88
89 License
90 =======
91
92 Copyright 2007 Gentoo Foundation, Inc; referenced text
93 belongs to its owner(s).
94
95 The contents of this document are licensed under the
96 Creative Commons - Attribution / Share Alike license.
97
98 http://creativecommons.org/licenses/by-sa/2.5