Package: libqt4-core Version: all Severity: critical Tags: security, fixed-upstream
CVE-2006-4811 A critical integer overflow was found in QT, possibly allowing remote code execution, for example via manipulated images loaded by apps like Konqueror See Red Hat Advisory: https://rhn.redhat.com/errata/RHSA-2006-0720.html " An integer overflow flaw was found in the way Qt handled pixmap images. The KDE khtml library uses Qt in such a way that untrusted parameters could be passed to Qt, triggering the overflow. An attacker could for example create a malicious web page that when viewed by a victim in the Konqueror browser would cause Konqueror to crash or possibly execute arbitrary code with the privileges of the victim. (CVE-2006-4811) " A demo exploit, leading to a crash at an up-to-date sid box, is provided at http://bugzilla.redhat.com/bugzilla/attachment.cgi?id=138488 Patch http://bugzilla.redhat.com/bugzilla/attachment.cgi?id=138489 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
