Mandriva Update For Qt MDKSA-2007:183 (qt) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A buffer overflow was found in how Qt expanded malformed Unicode strings. If an application linked against Qt parsed a malicious Unicode string, it could lead to a denial of service or potentially allow for the execution of arbitrary code. Updated packages have been patched to prevent this issue. Although the problem is not exploitable in Qt4, patched packages have been issued regardless.

Affected

qt on Mandriva Linux 2007.0, Mandriva Linux 2007.0/X86_64, Mandriva Linux 2007.1, Mandriva Linux 2007.1/X86_64

Severity

Classification

CVE CVE-2007-4137
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:062 (shadow-utils)
Mandrake Security Advisory MDVSA-2009:085 (gstreamer0.10-plugins-base)
Mandrake Security Advisory MDVSA-2009:149 (apache)
Mandrake Security Advisory MDVSA-2009:093 (mpg123)
Mandrake Security Advisory MDVSA-2009:086 (gstreamer-plugins)

Mandriva Update for qt MDKSA-2007:183 (qt)

Take action and discover your vulnerabilities