Qt Flaw That Could Have Been Used in Denial of Service Attacks Closed by Canonical

All the other supported Ubuntu distros have been affected by this problem

  Ubuntu 13.10 desktop
Canonical published in a security notice details about a Qt vulnerability in its Ubuntu 13.10, Ubuntu 13.04, Ubuntu 12.10, and Ubuntu 12.04 LTS operating systems.

Canonical published in a security notice details about a Qt vulnerability in its Ubuntu 13.10, Ubuntu 13.04, Ubuntu 12.10, and Ubuntu 12.04 LTS operating systems.

According to the company, Qt could have been made to consume resources and hang if it processed XML data.

It has been discovered that QXmlSimpleReader in Qt incorrectly handled XML entity expansion. An attacker could have used this flaw to cause Qt applications to consume large amounts of resources, resulting in a denial of service.

For a more detailed description of the problems, you can see Canonical's security notification.

The flaws can be fixed if you upgrade your system(s) to the latest libqt4-xml and libqt5xml5 packages specific to each distribution. To apply the update, run the Update Manager application.

In general, a standard system update will make all the necessary changes. A system restart will be needed.

Comments