Rapid7 Vulnerability & Exploit Database

RHSA-2011:1324: qt4 security update

Back to Search

RHSA-2011:1324: qt4 security update

Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
04/03/2007
Created
07/25/2018
Added
09/30/2011
Modified
07/04/2017

Description

Qt 4 is a software toolkit that simplifies the task of writing andmaintaining GUI (Graphical User Interface) applications for the X WindowSystem. HarfBuzz is an OpenType text shaping engine.A flaw in the way Qt 4 expanded certain UTF-8 characters could be used toprevent a Qt 4 based application from properly sanitizing user input.Depending on the application, this could allow an attacker to performdirectory traversal, or for web applications, a cross-site scripting (XSS)attack. (CVE-2007-0242)A buffer overflow flaw was found in the harfbuzz module in Qt 4. If a userloaded a specially-crafted font file with an application linked against Qt4, it could cause the application to crash or, possibly, execute arbitrarycode with the privileges of the user running the application.(CVE-2011-3193)Users of Qt 4 should upgrade to these updated packages, which containbackported patches to correct these issues. All running applications linkedagainst Qt 4 libraries must be restarted for this update to take effect.

Solution(s)

  • redhat-upgrade-qt4
  • redhat-upgrade-qt4-devel
  • redhat-upgrade-qt4-doc
  • redhat-upgrade-qt4-mysql
  • redhat-upgrade-qt4-odbc
  • redhat-upgrade-qt4-postgresql
  • redhat-upgrade-qt4-sqlite

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;