Trolltech Removes Qt Vulnerability
A moderately critical vulnerability was discovered in the QUtf8Decoder of Trolltech's Qt Framework.
The Trolltech developers have now released patch to remove the "QUtf8Decoder" security bug in Qt3 and Qt4. Attackers were able to exploit the vulnerability via a specially crafted Unicode string. Processing the string would cause applications to crash due to an off by one heap overflow and thus execute injected malicious code. According to Trolltech there is no way of exploiting the bug in Qt4.
The error is what's known as an "Off-By-One Error", which is typically caused by a logical error on the part of the programmer leading to control structures being parsed once too often, or not frequently enough. The error can cause a program to crash.
Patches for the vulnerability which is listed under CVE number CVE-2007-4137, are available from the manufacturer's website for Qt3 and Qt4. Distributions are now starting to offer updated program packages, Red Hat for example.
Tag Cloud
News
-
FSF Outs the World Wide Web Consortium over DRM Proposal
Richard Stallman calls for the W3C to remain independent of vendor interests.
-
Debian 7.0 Debuts
The new release supports nine architectures, 73 human languages, and zero non-Free components.
-
Alpha Version of Fedora 19 Released
Fedora developers release the first alpha version of Fedora 19, known as Schrödinger’s Cat, for general testing. The final release is expected in July 2013.
-
ack 2.0 Released
ack is a grep-like, command-line tool that has been optimized for programmers to search large trees of source code.
-
SUSE Studio 1.3 Released
New features in SUSE Studio 1.3 include enhanced cloud integration, VM platform support, and lifecycle management.
-
Xen To Become Linux Foundation Collaborative Project
The Linux Foundation recently announced that the Xen Project is becoming a Linux Foundation Collaborative Project.
-
RunRev Releases Open Source Version of LiveCode
Open source version of LiveCode is now available for developing apps, games, and utilities for all major platforms.
-
OpenDaylight Project Formed
OpenDaylight is an open source software-defined networking project committed to furthering adoption of SDN and accelerating innovation in a vendor-neutral and open environment.
-
Gnome 3.8 Released
The new Gnome release includes privacy and sharing settings, allowing more user control over access to personal information.
-
Mozilla and Samsung Collaborate on New Browser Engine
Mozilla is collaborating with Samsung on a new web browser engine called Servo.