Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 151972

Summary: kde-base/kdelibs integer overflow
Product: Gentoo Security Reporter: Sebastian <sebastian_ml>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: critical    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://rhn.redhat.com/errata/RHSA-2006-0720.html
Whiteboard:
Package list:
Runtime testing required: ---

Description Sebastian 2006-10-19 09:21:37 UTC 
Hi,

I looked for reports regarding this one but couldn't find any, so here we go.

Red Hat says:

"Updated kdelibs packages that correct an integer overflow flaw are now 
available. 
 
This update has been rated as having critical security impact by the Red 
Hat Security Response Team.
The kdelibs package provides libraries for the K Desktop Environment (KDE). 
 Qt is a GUI software toolkit for the X Window System. 
 
An integer overflow flaw was found in the way Qt handled pixmap images. 
The KDE khtml library uses Qt in such a way that untrusted parameters could 
be passed to Qt, triggering the overflow. An attacker could for example 
create a malicious web page that when viewed by a victim in the Konqueror 
browser would cause Konqueror to crash or possibly execute arbitrary code 
with the privileges of the victim. (CVE-2006-4811) 
 
Users of KDE should upgrade to these updated packages, which contain a 
backported patch to correct this issue."

Regards
Sebastian
Comment 1 Matt Drew (RETIRED) gentoo-dev 2006-10-19 10:17:23 UTC 
Dupe of bug #151838 - that one could use a better name, perhaps.
Comment 2 Jakub Moc (RETIRED) gentoo-dev 2006-10-19 10:35:02 UTC 

*** This bug has been marked as a duplicate of 151838 ***