Fedora 19 : qt-4.8.5-15.fc19 (2013-22932)

high Nessus Plugin ID 72097

Synopsis

The remote Fedora host is missing a security update.

Description

Qt Project Security Advisory: XML Entity Expansion Denial of Service (CVE-2013-4549) See also http://lists.qt-project.org/pipermail/announce/2013-December/000036.ht ml

In addition, this update :

- adds support for the aarch64 architecture,

- fixes QTBUG-35459, a too low character limit for XML entities enforced by the fix for CVE-2013-4549 that was breaking real-world XML files (in particular, the KatePart Lilypond syntax highlighting description),

- fixes QTBUG-35460, a misspelling in the error message produced by the CVE-2013-4549 fix when the character limit for XML entities was exceeded,

- reverts the faulty 'Discover printers shared by CUPS 1.6 (#980952)' patch, which broke default printer selection and caused crash bug #1054312.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected qt package.

See Also

http://www.nessus.org/u?6cfa8350

https://bugzilla.redhat.com/show_bug.cgi?id=1054312

http://www.nessus.org/u?ed26140a

Plugin Details

Severity: High

ID: 72097

File Name: fedora_2013-22932.nasl

Version: 1.4

Type: local

Agent: unix

Published: 1/23/2014

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:qt, cpe:/o:fedoraproject:fedora:19

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 12/7/2013

Reference Information

FEDORA: 2013-22932