Note: This is an archival copy of Security Sun Alert 201610 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001209.1.
Date of Resolved Release
Due to multiple vulnerabilities in libqt, a remote unprivileged user may be able to execute arbitrary code with the privileges of a local user when that local user has loaded a Bitmap (.bmp) format image file, XPixMap (.xpm) format image file or a Graphics Interchange Format (.gif) format image file supplied by an untrusted remote user.
Note: QT is a multiplatform C++ GUI application framework. It is used in many popular Open Source projects such as KDE.
This issue is described in the following documents:
This issue can occur in the following releases:
Note: JDS for Solaris is not impacted by this issue.
This issue only occurs with QT Library versions qt3-3.1.1-117 or earlier.
To determine the release of JDS for Linux installed on a system, the following command can be run:
% cat /etc/sun-release Sun Java Desktop System, Release 2 -build 10b (GA) Assembled 30 March 2004
To determine the version of QT Library, the following command can be run:
% rpm -qf /usr/lib/libqt-mt.so.3 qt3-3.1.1-117
There are no reliable symptoms that would show the described issue has been exploited.
To work around the described issue, avoid using QT based software to load Bitmap, XPixMap, and Graphics Interchange Format image files.
This issue is addressed in the following releases:
To download and install the updated RPMs from the update servers select the following from the launch bar:
Launch >> Applications >> System Tools >> Online Update
Sun Java Desktop System Release 2
This solution has no attachment