Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 151972 - kde-base/kdelibs integer overflow
Summary: kde-base/kdelibs integer overflow
Status: RESOLVED DUPLICATE of bug 151838
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High critical (vote)
Assignee: Gentoo Security
Depends on:
Reported: 2006-10-19 09:21 UTC by Sebastian
Modified: 2006-10-19 10:35 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian 2006-10-19 09:21:37 UTC

I looked for reports regarding this one but couldn't find any, so here we go.

Red Hat says:

"Updated kdelibs packages that correct an integer overflow flaw are now 
This update has been rated as having critical security impact by the Red 
Hat Security Response Team.
The kdelibs package provides libraries for the K Desktop Environment (KDE). 
 Qt is a GUI software toolkit for the X Window System. 
An integer overflow flaw was found in the way Qt handled pixmap images. 
The KDE khtml library uses Qt in such a way that untrusted parameters could 
be passed to Qt, triggering the overflow. An attacker could for example 
create a malicious web page that when viewed by a victim in the Konqueror 
browser would cause Konqueror to crash or possibly execute arbitrary code 
with the privileges of the victim. (CVE-2006-4811) 
Users of KDE should upgrade to these updated packages, which contain a 
backported patch to correct this issue."

Comment 1 Matt Drew (RETIRED) gentoo-dev 2006-10-19 10:17:23 UTC
Dupe of bug #151838 - that one could use a better name, perhaps.
Comment 2 Jakub Moc (RETIRED) gentoo-dev 2006-10-19 10:35:02 UTC

*** This bug has been marked as a duplicate of 151838 ***