Ubuntu Security Notice USN-2057-1
17th December, 2013
qt4-x11, qtbase-opensource-src vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.10
- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS
Qt could be made to consume resources and hang if it processed XML data.
- qt4-x11 - Qt 4 libraries
- qtbase-opensource-src - Qt 5 libraries
It was discovered that QXmlSimpleReader in Qt incorrectly handled XML
entity expansion. An attacker could use this flaw to cause Qt applications
to consume large amounts of resources, resulting in a denial of service.
The problem can be corrected by updating your system to the following package version:
- Ubuntu 13.10:
- libqt4-xml 4:4.8.4+dfsg-0ubuntu18.1
- libqt5xml5 5.0.2+dfsg1-7ubuntu11.1
- Ubuntu 13.04:
- libqt4-xml 4:4.8.4+dfsg-0ubuntu9.5
- libqt5xml5 5.0.1+dfsg-0ubuntu4.1
- Ubuntu 12.10:
- libqt4-xml 4:4.8.3+dfsg-0ubuntu3.2
- Ubuntu 12.04 LTS:
- libqt4-xml 4:4.8.1-0ubuntu4.5
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart your session to make all
the necessary changes.