Note: This is an archival copy of Security Sun Alert 201610 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001209.1. |
Category Security Release Phase Resolved 5090119 Date of Resolved Release 03-SEP-2004 Impact Due to multiple vulnerabilities in libqt, a remote unprivileged user may be able to execute arbitrary code with the privileges of a local user when that local user has loaded a Bitmap (.bmp) format image file, XPixMap (.xpm) format image file or a Graphics Interchange Format (.gif) format image file supplied by an untrusted remote user. Note: QT is a multiplatform C++ GUI application framework. It is used in many popular Open Source projects such as KDE. This issue is described in the following documents:
Contributing Factors This issue can occur in the following releases: Linux
Note: JDS for Solaris is not impacted by this issue. This issue only occurs with QT Library versions qt3-3.1.1-117 or earlier. To determine the release of JDS for Linux installed on a system, the following command can be run: % cat /etc/sun-release Sun Java Desktop System, Release 2 -build 10b (GA) Assembled 30 March 2004 To determine the version of QT Library, the following command can be run: % rpm -qf /usr/lib/libqt-mt.so.3 qt3-3.1.1-117 Symptoms There are no reliable symptoms that would show the described issue has been exploited. Workaround To work around the described issue, avoid using QT based software to load Bitmap, XPixMap, and Graphics Interchange Format image files. Resolution This issue is addressed in the following releases: Linux
To download and install the updated RPMs from the update servers select the following from the launch bar: Launch >> Applications >> System Tools >> Online Update Modification History Product Sun Java Desktop System Release 2 Attachments This solution has no attachment |
|