GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Thu Mar 13, 2014 6:26 pm Post subject: [ GLSA 201403-04 ] QtCore: Denial of Service |
 |
|
Gentoo Linux Security Advisory
Title: QtCore: Denial of Service (GLSA 201403-04)
Severity: normal
Exploitable: remote
Date: March 13, 2014
Bug(s): #494728
ID: 201403-04
Synopsis
A vulnerability in QXmlSimpleReader class can be used to cause a
Denial of Service condition.
Background
The Qt toolkit is a comprehensive C++ application development framework.
Affected Packages
Package: dev-qt/qtcore
Vulnerable: < 4.8.5-r1
Unaffected: >= 4.8.5-r1
Architectures: All supported architectures
Description
A vulnerability in QXmlSimpleReader’s XML entity parsing has been
discovered.
Impact
A remote attacker could entice a user to open a specially crafted XML
file using an application linked against QtCore, possibly resulting in
Denial of Service.
Workaround
There is no known workaround at this time.
Resolution
All QtCore users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-qt/qtcore-4.8.5-r1"
|
Packages which depend on this library may need to be recompiled. Tools
such as revdep-rebuild may assist in identifying these packages.
References
CVE-2013-4549 |
|
News & Announcements
