Pardus: 2010-106: Qt: Multiple Vulnerabilities
Posted by Benjamin D. Thomas   
Multiple vulnerabilities have been fixed in Qt.
------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-106           security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2010-08-11
  Severity: 4
      Type: Local
------------------------------------------------------------------------

Summary
======
Multiple vulnerabilities have been fixed in Qt.


Description
==========
CVE-2009-2841:

The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp
in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4
on Mac OS X, does not perform the expected callbacks for HTML  5  media
elements that have external URLs  for  media  resources,  which  allows
remote attackers to trigger sub-resource requests to arbitrary web sites
via a crafted HTML document, as demonstrated by an HTML e-mail  message
that uses a media element for X-Confirm-Reading-To  functionality,  aka
rdar problem 7271202.



CVE-2010-1766:

Off-by-one error in the WebSocketHandshake::readServerHandshake function
in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380,
as used in Qt and other products, allows remote websockets  servers  to
cause  a denial  of  service  (memory  corruption)  or  possibly  have
unspecified other impact via an upgrade header that is long and invalid.



CVE-2010-1392:

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac
OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac  OS  X  10.4,
allows remote attackers to execute arbitrary code or cause a denial  of
service (application crash) via vectors related to HTML buttons.



CVE-2010-1396:

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac
OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac  OS  X  10.4,
allows remote attackers to execute arbitrary code or cause a denial  of
service (application crash) via vectors related to  removing  container
elements.



CVE-2010-1397:

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac
OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac  OS  X  10.4,
allows remote attackers to execute arbitrary code or cause a denial  of
service (application crash) via vectors  related  to  a  layout  change
during  selection rendering  and  the   DOCUMENT_POSITION_DISCONNECTED
attribute in a container of an unspecified type.



CVE-2010-1398:

WebKit in Apple Safari before 5.0 on Mac OS X  10.5  through  10.6  and
Windows, and before 4.1 on Mac OS X 10.4,  does  not  properly  perform
ordered list insertions,  which  allows  remote  attackers  to  execute
arbitrary code or cause a denial  of  service  (memory  corruption  and
application crash) via a crafted HTML document, related to the insertion
of an unspecified element into an editable container and the access  of
an uninitialized element.



CVE-2010-1412:

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac
OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac  OS  X  10.4,
allows remote attackers to execute arbitrary code or cause a denial  of
service (application crash) via vectors related to hover events.



CVE-2010-1770:

WebKit in Apple Safari before 5.0 on Mac OS X  10.5  through  10.6  and
Windows, Apple Safari before 4.1 on Mac OS X 10.4,  and  Google  Chrome
before 5.0.375.70 does not properly handle a transformation of  a  text
node that has the IBM1147 character set, which allows remote  attackers
to  execute arbitrary  code  or  cause  a  denial  of  service  (memory
corruption and application crash) via a crafted HTML document containing
a BR element, related to a type checking issue.



CVE-2010-1774:

WebKit in Apple Safari before 5.0 on Mac OS X  10.5  through  10.6  and
Windows, and before 4.1 on Mac OS X 10.4, accesses out-of-bounds memory
during processing of HTML tables,  which  allows  remote  attackers  to
execute arbitrary code or cause a denial of service (application crash)
via a crafted HTML document.


Affected packages:

  Pardus 2009:
    qt, all before 4.6.3-78-23


Resolution
=========
There are update(s) for qt. You can update them via Package Manager  or
with a single command from console:

    pisi up qt

References
=========
  * http://bugs.pardus.org.tr/show_bug.cgi?id765
  * http://qt.nokia.com/developer/changes/changes-4.6.3

------------------------------------------------------------------------