Bugzilla – Bug 927806
VUL-0: CVE-2015-1858: libqt5-qtbase,libqt4,qt,qt3: segmentation fault in BMP Qt Image Format Handling
Last modified: 2022-08-10 14:42:20 UTC
From http://lists.qt-project.org/pipermail/announce/2015-April/000067.html Qt Project Security Advisory ---------------------------- Title: Multiple Vulnerabilities in Qt Image Format Handling Risk Rating: High CVE: CVE-2015-1858, CVE-2015-1859, CVE-2015-1860 Platforms: All Modules: QtBase Versions: Qt 4.8.6 and earlier, Qt 5.4.1 and earlier Author: Richard J. Moore <rich at kde.org> Date: 12th April 2015 Overview -------- Due to two recent vulnerabilities identified in the built-in image format handling code, it was decided that this area required further testing to determine if further issues remained. Fuzzing using afl-fuzz located a number of issues in the handling of BMP, ICO and GIF files. The issues exposed included denial of service and buffer overflows leading to heap corruption. It is possible the latter could be used to perform remote code execution. CVE-2015-1858 BMP vulnerability Impact ------ Denial of service and potentially remote code execution. Workaround ---------- None Solution -------- Upgrade to Qt 5.5 once released or apply the patches below: For Qt 5.0 to 5.4: https://codereview.qt-project.org/#/c/108312/ https://codereview.qt-project.org/#/c/108248/ For Qt 4.8: https://codereview.qt-project.org/#/c/108474/ https://codereview.qt-project.org/#/c/108475/ The fixes will also be included in Qt 4.8.7 and 5.4.2. References: http://lists.qt-project.org/pipermail/announce/2015-April/000067.html https://bugzilla.redhat.com/show_bug.cgi?id=1210673 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1858 http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1858.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1858
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2015-05-04. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/61570
bugbot adjusting priority
Thanks, submitted this as an update to openSUSE Factory!
This is an autogenerated message for OBS integration: This bug (927806) was mentioned in https://build.opensuse.org/request/show/305786 Factory / libqt4
SLE12 libqt5-qtbase is affected: libqt5-qtbase/qtbase-opensource-src-5.3.1.tar.xz.contents/qtbase-opensource-src-5.3.1/src/gui/image/qgifhandler.cpp libqt5-qtbase/qtbase-opensource-src-5.3.1.tar.xz.contents/qtbase-opensource-src-5.3.1/src/plugins/imageformats/ico/qicohandler.cpp Please proceed to also fix this package SLE 12 in addition to libqt4. Thanks!
bug 921999, bug 927806, bug 927807, bug 927808 affect libqt5-qtbase on SLE 12. Assigning to maintainer for submission.
SUSE-SU-2015:0977-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 921999,927806,927807,927808 CVE References: CVE-2015-0295,CVE-2015-1858,CVE-2015-1859,CVE-2015-1860 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): libqt4-4.6.3-5.34.2, libqt4-devel-doc-4.6.3-5.34.2, libqt4-devel-doc-data-4.6.3-5.34.2, libqt4-sql-plugins-4.6.3-5.34.2 SUSE Linux Enterprise Server 11 SP3 for VMware (src): libqt4-4.6.3-5.34.2, libqt4-devel-doc-4.6.3-5.34.2, libqt4-sql-plugins-4.6.3-5.34.2 SUSE Linux Enterprise Server 11 SP3 (src): libqt4-4.6.3-5.34.2, libqt4-devel-doc-4.6.3-5.34.2, libqt4-sql-plugins-4.6.3-5.34.2 SUSE Linux Enterprise Desktop 11 SP3 (src): libqt4-4.6.3-5.34.2, libqt4-sql-plugins-4.6.3-5.34.2
SUSE-SU-2015:1359-1: An update that solves four vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 847880,921999,927806,927807,927808,929688 CVE References: CVE-2015-0295,CVE-2015-1858,CVE-2015-1859,CVE-2015-1860 Sources used: SUSE Linux Enterprise Workstation Extension 12 (src): libqt4-4.8.6-4.2, libqt4-sql-plugins-4.8.6-4.1 SUSE Linux Enterprise Software Development Kit 12 (src): libqt4-4.8.6-4.2, libqt4-devel-doc-4.8.6-4.6, libqt4-sql-plugins-4.8.6-4.1 SUSE Linux Enterprise Server 12 (src): libqt4-4.8.6-4.2, libqt4-devel-doc-4.8.6-4.6, libqt4-sql-plugins-4.8.6-4.1 SUSE Linux Enterprise Desktop 12 (src): libqt4-4.8.6-4.2, libqt4-sql-plugins-4.8.6-4.1
SUSE-SU-2015:1383-1: An update that solves four vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 870151,921999,927806,927807,927808 CVE References: CVE-2015-0295,CVE-2015-1858,CVE-2015-1859,CVE-2015-1860 Sources used: SUSE Linux Enterprise Software Development Kit 12 (src): libqt5-qtbase-5.3.1-4.4.2 SUSE Linux Enterprise Server 12 (src): libqt5-qtbase-5.3.1-4.4.2 SUSE Linux Enterprise Desktop 12 (src): libqt5-qtbase-5.3.1-4.4.2
think we got all
Done.