Ubuntu 10.04 LTS / 11.04 : qt4-x11 vulnerabilities (USN-1504-1)

Ubuntu Security Notice (C) 2012-2013 Canonical, Inc. / NASL script (C) 2012-2013 Tenable Network Security, Inc.

Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

It was discovered that Qt did not properly handle wildcard domain
names or IP addresses in the Common Name field of X.509 certificates.
An attacker could exploit this to perform a man in the middle attack
to view sensitive information or alter encrypted communications. This
issue only affected Ubuntu 10.04 LTS. (CVE-2010-5076)

A heap-based buffer overflow was discovered in the HarfBuzz module. If
a user were tricked into opening a crafted font file in a Qt
application, an attacker could cause a denial of service or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2011-3193)

It was discovered that Qt did not properly handle greyscale TIFF
images. If a Qt application could be made to process a crafted TIFF
file, an attacker could cause a denial of service. (CVE-2011-3194).

Solution :

Update the affected libqt4-network and / or libqtgui4 packages.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 59957 ()

Bugtraq ID: 42833

CVE ID: CVE-2010-5076