The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Qt: buffer overflow of QUtf8Decoder

Synthesis of the vulnerability 

An attacker can create an overflow when UTF-8 data are decoded by an application linked to Qt.
Vulnerable products: Debian, Fedora, Mandriva Linux, NLD, OES, openSUSE, RHEL, SLES, TurboLinux, Unix (platform) ~ not comprehensive.
Severity of this weakness: 2/4.
Creation date: 13/09/2007.
Références of this bulletin: 20070901-01-P, CERTA-2007-AVI-404, CVE-2007-4137, DSA-1426-1, FEDORA-2007-2216, FEDORA-2007-703, MDKSA-2007:183, RHSA-2007:0883-01, SUSE-SR:2007:019, TLSA-2007-51, VIGILANCE-VUL-7170.

Description of the vulnerability 

The Qt library provides methods to convert Unicode data:
 - Qt 3 : QUtf8Decoder::toUnicode()
 - Qt 4 : QUtf8Codec::convertToUnicode()

The source code of both methods is affected by two similar off by one overflows:
 - Qt 3 : size of result is incorrectly computed
 - Qt 4 : the result is incorrectly resized

An attacker can therefore generate a memory corruption when victim uses malicious UTF-8 data with an application linked to Qt. It can be noted that the Qt 4 overflow cannot be exploited.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This threat alert impacts software or systems such as Debian, Fedora, Mandriva Linux, NLD, OES, openSUSE, RHEL, SLES, TurboLinux, Unix (platform) ~ not comprehensive.

Our Vigil@nce team determined that the severity of this computer vulnerability bulletin is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this weakness note.

Solutions for this threat 

Qt: patch for QUtf8Decoder.
A patch is available:
  Qt 3 : http://www.trolltech.com/developer/download/175791_3.diff
  Qt 4 : http://www.trolltech.com/developer/download/175791_4.diff

Debian: new qt-x11-free packages.
New packages are available:
Debian 3.1 (oldstable)
  http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-*-_3.3.4-3sarge3_*.deb
Debian 4.0 (stable)
  http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-*-_3.3.7-4etch1_*.deb

Fedora 7: new qt packages.
New packages are available:
1a7ae185ab1271390ea19b7289007cf2925a710e qt-ODBC-3.3.8-7.fc7.ppc64.rpm
2252a2eddfa3b5e6e76ab01847a301e1d9384479 qt-devel-3.3.8-7.fc7.ppc64.rpm
f7c3988a438d2caef547093d11a551d4bba3b5a8 qt-PostgreSQL-3.3.8-7.fc7.ppc64.rpm
fc5858c19e21303275fe95f17736ecf18cb2efcc qt-3.3.8-7.fc7.ppc64.rpm
dcfa2fecc5296ad6e564b28814b723763a34b252 qt-devel-docs-3.3.8-7.fc7.ppc64.rpm
80b16255349b410017a375ddf95664c557b2a6a2 qt-MySQL-3.3.8-7.fc7.ppc64.rpm
a2a9c4254a6dd0e8ea62124546fad993f476b763 qt-debuginfo-3.3.8-7.fc7.ppc64.rpm
9d1bdbbbc669edbd7f42edf175f6dcfb9289e047 qt-sqlite-3.3.8-7.fc7.ppc64.rpm
e5eb7257953118b3c9f1a5c5a4e2f4c39a6adc77 qt-designer-3.3.8-7.fc7.ppc64.rpm
6c45bd904a88bec31dc05c2455784814dea596bc qt-config-3.3.8-7.fc7.ppc64.rpm
8c5ee3496c2019f1097c597475ce486308f54db2 qt-debuginfo-3.3.8-7.fc7.i386.rpm
cd9ade2e5a48650aadbd4aedf6ab35b550689e17 qt-devel-3.3.8-7.fc7.i386.rpm
7afdd8ac487f00e807c002acb3c829f72251660a qt-PostgreSQL-3.3.8-7.fc7.i386.rpm
24864997c6651cd884b7035a55cfa2bb0e377abb qt-designer-3.3.8-7.fc7.i386.rpm
869ee03c235871bef6c6225da08854404d9c0e2c qt-3.3.8-7.fc7.i386.rpm
f742d39e8b783286bb43ba5d164a257209ef02c1 qt-ODBC-3.3.8-7.fc7.i386.rpm
c53aa1f849f5f0bdadc63813b02f83e10678b442 qt-config-3.3.8-7.fc7.i386.rpm
073c7dd213844d473cb231ec9517e1f344bf519b qt-devel-docs-3.3.8-7.fc7.i386.rpm
b6f592e8dbcbe6e9473e3534277b05f4df4e01b6 qt-MySQL-3.3.8-7.fc7.i386.rpm
05e3bc907ca7dc3e17d227f354cb81f8d2183fd5 qt-sqlite-3.3.8-7.fc7.i386.rpm
820c166f9d69bed9f964848c612e0261adb23b93 qt-config-3.3.8-7.fc7.x86_64.rpm
6388da8a821cad3b794002345d766cd810f57c5d qt-PostgreSQL-3.3.8-7.fc7.x86_64.rpm
1230c024b1bb0facf8d17b6331c0c7049693fa47 qt-ODBC-3.3.8-7.fc7.x86_64.rpm
9a9ed250a0e88fb1f871d2395109bcacedb2fb4e qt-MySQL-3.3.8-7.fc7.x86_64.rpm
c0096d368847e72bc795113411ec7f3b14764329 qt-debuginfo-3.3.8-7.fc7.x86_64.rpm
0ca435fe5b77682b89623c7e7b0c821c97432519 qt-devel-docs-3.3.8-7.fc7.x86_64.rpm
5ea0c0850d163d48ae041a11bf6accb2da5bb2c6 qt-devel-3.3.8-7.fc7.x86_64.rpm
2fcab095bd08c441b52e16a5c7b1ba56ff7310fa qt-sqlite-3.3.8-7.fc7.x86_64.rpm
fe7ac8141b261d6accee2682386b4dacb741cbfd qt-designer-3.3.8-7.fc7.x86_64.rpm
79c7f00f5ef68def41414b5c942de4c788f76c62 qt-3.3.8-7.fc7.x86_64.rpm
0cfd8b52f1feb2aec15bd36ddf46c439ad6b1f56 qt-devel-docs-3.3.8-7.fc7.ppc.rpm
d8c0a340c035f5c19e2787b80885b9c5ff88bb52 qt-MySQL-3.3.8-7.fc7.ppc.rpm
a06b00d60176c6eec354be2db81a7bbd7184970d qt-config-3.3.8-7.fc7.ppc.rpm
136eb19e4461af1606ee871186472af02fd5df24 qt-PostgreSQL-3.3.8-7.fc7.ppc.rpm
5b9aee81907ebf5805219cc8ca8f0d124d3754da qt-designer-3.3.8-7.fc7.ppc.rpm
e8c20fce0f70659488c8a16c813f26d4a0cdd2fa qt-sqlite-3.3.8-7.fc7.ppc.rpm
e0c195cc324a332679cb5e8bf134ffb4012f2523 qt-ODBC-3.3.8-7.fc7.ppc.rpm
305187ec28d5981e4e0aa70390ca7ff0a007da66 qt-3.3.8-7.fc7.ppc.rpm
b59a25a3adf70f788f5537f506d8e316937da337 qt-devel-3.3.8-7.fc7.ppc.rpm
5c06c1e204167ec6863bc706f18b8c206b5a17cf qt-debuginfo-3.3.8-7.fc7.ppc.rpm
2dcfd953557d668f3c87bd7ebf88718436426c8a qt-3.3.8-7.fc7.src.rpm

Fedora Core 6: new qt packages.
New packages are available:
    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/
76970c68b16b6c00059f35086c795a7f8b4610f9 SRPMS/qt-3.3.8-2.fc6.src.rpm
76970c68b16b6c00059f35086c795a7f8b4610f9 noarch/qt-3.3.8-2.fc6.src.rpm
ffef0e0cd3037e966a24a31a6d7fd6d21c249ef4 ppc/qt-devel-3.3.8-2.fc6.ppc.rpm
464cccdbcefd0e2fac4bba37bff80f905536bb90 ppc/qt-designer-3.3.8-2.fc6.ppc.rpm
63aff4462ca25e1664a44ac0e5d3ed458c67052d ppc/qt-3.3.8-2.fc6.ppc.rpm
e050cc4429cb7af63914bf1d4ee8304ad37c88be ppc/qt-MySQL-3.3.8-2.fc6.ppc.rpm
9cf958572a5927f513d8b0259628670f4987d899 ppc/debug/qt-debuginfo-3.3.8-2.fc6.ppc.rpm
688c1b551690671361a1c0ef908703e4da210122 ppc/qt-PostgreSQL-3.3.8-2.fc6.ppc.rpm
31863e1c8c70502c50db6f1cbbb250a643aae5c8 ppc/qt-ODBC-3.3.8-2.fc6.ppc.rpm
db934e21fa9320401468b7d5ff90a826c028f9f7 ppc/qt-config-3.3.8-2.fc6.ppc.rpm
b7dbe18b99edacafe3c4fed712049300c7d96567 ppc/qt-devel-docs-3.3.8-2.fc6.ppc.rpm
91a92a61b1648286b14848202f424ddc5fc87573 x86_64/qt-ODBC-3.3.8-2.fc6.x86_64.rpm
8bd1cd32af233344dd201693c85ded11580812d3 x86_64/qt-devel-3.3.8-2.fc6.x86_64.rpm
34165d8ad8e8787e589b87c63f392a7bdd339990 x86_64/qt-3.3.8-2.fc6.x86_64.rpm
5fc9ca3eaf855ef7dca1a4c5a8fb388715639c57 x86_64/qt-designer-3.3.8-2.fc6.x86_64.rpm
38dbdc12112dbee190486ba1dc833f57d61a7d27 x86_64/qt-devel-docs-3.3.8-2.fc6.x86_64.rpm
0415558e5a793038f5905614ce364f8cbd2a3a28 x86_64/qt-PostgreSQL-3.3.8-2.fc6.x86_64.rpm
2a8335573256bd1b5f0cc300377ee9597e4dd64f x86_64/qt-config-3.3.8-2.fc6.x86_64.rpm
a2ac89ffa30d0d0f63f764bd98b7d529f71cd7e5 x86_64/debug/qt-debuginfo-3.3.8-2.fc6.x86_64.rpm
919a5544cb9a5c6a5145c0a0f07c0a8580eb9d31 x86_64/qt-MySQL-3.3.8-2.fc6.x86_64.rpm
064fb5c05aa8accf8901bae3401c22093d980411 i386/qt-designer-3.3.8-2.fc6.i386.rpm
773fee2ddcdb0d50ce0e411b2667acd078d4d5e9 i386/debug/qt-debuginfo-3.3.8-2.fc6.i386.rpm
4fab0d12cd6954691ebe0d512412f289ee5e1ea9 i386/qt-config-3.3.8-2.fc6.i386.rpm
2142e080ba47b0b273993d123e74ce0f86142a5a i386/qt-MySQL-3.3.8-2.fc6.i386.rpm
d68bc0b2684663e1e83eea3c00d3f2532b351382 i386/qt-devel-3.3.8-2.fc6.i386.rpm
3222fc4c8e95b34a75b2ece768aa948d7d2c4473 i386/qt-3.3.8-2.fc6.i386.rpm
f1bdef3ebfc28a2cf451ecb33db6ac781d650673 i386/qt-PostgreSQL-3.3.8-2.fc6.i386.rpm
28b867f2498eee93f9c21d71f05478baccbef3b6 i386/qt-ODBC-3.3.8-2.fc6.i386.rpm
8f8a39d8b030443d7216889e12478cc289ebd3b6 i386/qt-devel-docs-3.3.8-2.fc6.i386.rpm

Mandriva: new qt3/qt4 packages.
New packages are available:
 Mandriva Linux 2007.0:
   qt3*-3.3.6-18.4mdv2007.0
   qt4*-4.1.4-12.3mdv2007.0
 Mandriva Linux 2007.1:
   qt3*-3.3.8-4.2mdv2007.1
   qt4*-4.2.3-3.2mdv2007.1
 Corporate 3.0:
   qt3*-3.2.3-19.11.C30mdk
 Corporate 4.0:
   qt3*-3.3.6-1.5.20060mlcs4

RHEL: new qt packages.
New packages are available:
Red Hat Enterprise Linux version 2.1: qt-2.3.1-14.EL2
Red Hat Enterprise Linux version 3: qt-3.1.2-17.RHEL3
Red Hat Enterprise Linux version 4: qt-3.3.3-13.RHEL4
Red Hat Enterprise Linux version 5: qt-3.3.6-23.el5

SGI ProPack 3: new cyrus-sasl, q, star packages.
Patch 10448 is corrected:
  http://support.sgi.com/
New packages are available:
  ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS
  ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS

SUSE: new star, cpio, emacs, krb5, pptpd, mysql, qt3, balsa, id3lib packages.
New packages are available via FTP or YaST.

Turbolinux: new qt packages.
New packages are available:
Turbolinux FUJI: qt3-3.3.4-17
Turbolinux 10 Server x64 Edition: qt3-3.2.3-18
Turbolinux 10 Server: qt3-3.2.3-18
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides network vulnerability alerts. The technology watch team tracks security threats targeting the computer system.