USN-2057-1: Qt vulnerability

Ubuntu Security Notice USN-2057-1

17th December, 2013

qt4-x11, qtbase-opensource-src vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 13.10
  • Ubuntu 13.04
  • Ubuntu 12.10
  • Ubuntu 12.04 LTS

Summary

Qt could be made to consume resources and hang if it processed XML data.

Software description

  • qt4-x11 - Qt 4 libraries
  • qtbase-opensource-src - Qt 5 libraries

Details

It was discovered that QXmlSimpleReader in Qt incorrectly handled XML
entity expansion. An attacker could use this flaw to cause Qt applications
to consume large amounts of resources, resulting in a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 13.10:
libqt4-xml 4:4.8.4+dfsg-0ubuntu18.1
libqt5xml5 5.0.2+dfsg1-7ubuntu11.1
Ubuntu 13.04:
libqt4-xml 4:4.8.4+dfsg-0ubuntu9.5
libqt5xml5 5.0.1+dfsg-0ubuntu4.1
Ubuntu 12.10:
libqt4-xml 4:4.8.3+dfsg-0ubuntu3.2
Ubuntu 12.04 LTS:
libqt4-xml 4:4.8.1-0ubuntu4.5

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart your session to make all
the necessary changes.

References

CVE-2013-4549