Advisories » MGASA-2014-0009

Updated qt4 package fixes security vulnerability

Publication date: 17 Jan 2014
Modification date: 17 Jan 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-4549

Description

It was discovered that QXmlSimpleReader in Qt incorrectly handled XML
entity expansion. An attacker could use this flaw to cause Qt applications
to consume large amounts of resources, resulting in a denial of service
(CVE-2013-4549).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=12043
• http://lists.qt-project.org/pipermail/announce/2013-December/000036.html
• http://www.ubuntu.com/usn/usn-2057-1/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4549

SRPMS

3/core

• qt4-4.8.5-1.3.mga3