+++ This bug was initially created as a clone of Bug #12043 +++ Ubuntu has issued an advisory on December 17: http://www.ubuntu.com/usn/usn-2057-1/ qt5 in Cauldron is new enough as to not be affected. Reproducible: Steps to Reproduce:
Advisory: ======================== QXmlSimpleReader in Qt versions prior to 5.2 supports expansion of internal entities in XML documents without placing restrictions to ensure the document does not cause excessive memory usage. If an application using this API processes untrusted data then the application may use unexpected amounts of memory if a malicious document is processed. Details ------- It is possible to construct XML documents using internal entities that consume large amounts of memory and other resources to process, this is known as the 'Billion Laughs' attack. Qt versions prior to 5.2 did not offer protection against this issue. Impact ------ An application loading untrusted XML data may consume arbitrary amounts of memory and CPU when attempting to parse a maliciously constructed document. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4549 http://lists.qt-project.org/pipermail/announce/2013-December/000036.html http://www.ubuntu.com/usn/usn-2057-1/ ======================== Updated packages in core/updates_testing: ======================== qtbase5-common-5.0.2-1.1.mga3 qtbase5-common-devel-5.0.2-1.1.mga3 qtbase5-database-plugin-mysql-5.0.2-1.1.mga3 qtbase5-database-plugin-odbc-5.0.2-1.1.mga3 qtbase5-database-plugin-pgsql-5.0.2-1.1.mga3 qtbase5-database-plugin-sqlite-5.0.2-1.1.mga3 qtbase5-database-plugin-tds-5.0.2-1.1.mga3 qtbase5-debuginfo-5.0.2-1.1.mga3 qtbase5-examples-5.0.2-1.1.mga3 lib64qt5base5-devel-5.0.2-1.1.mga3 lib64qt5bootstrap-devel-5.0.2-1.1.mga3 lib64qt5concurrent5-5.0.2-1.1.mga3 lib64qt5concurrent-devel-5.0.2-1.1.mga3 lib64qt5core5-5.0.2-1.1.mga3 lib64qt5core-devel-5.0.2-1.1.mga3 lib64qt5core-private-devel-5.0.2-1.1.mga3 lib64qt5dbus5-5.0.2-1.1.mga3 lib64qt5dbus-devel-5.0.2-1.1.mga3 lib64qt5dbus-private-devel-5.0.2-1.1.mga3 lib64qt5gui5-5.0.2-1.1.mga3 lib64qt5gui-devel-5.0.2-1.1.mga3 lib64qt5gui-private-devel-5.0.2-1.1.mga3 lib64qt5network5-5.0.2-1.1.mga3 lib64qt5network-devel-5.0.2-1.1.mga3 lib64qt5network-private-devel-5.0.2-1.1.mga3 lib64qt5opengl5-5.0.2-1.1.mga3 lib64qt5opengl-devel-5.0.2-1.1.mga3 lib64qt5opengl-private-devel-5.0.2-1.1.mga3 lib64qt5platformsupport-devel-5.0.2-1.1.mga3 lib64qt5platformsupport-private-devel-5.0.2-1.1.mga3 lib64qt5printsupport5-5.0.2-1.1.mga3 lib64qt5printsupport-devel-5.0.2-1.1.mga3 lib64qt5printsupport-private-devel-5.0.2-1.1.mga3 lib64qt5sql5-5.0.2-1.1.mga3 lib64qt5sql-devel-5.0.2-1.1.mga3 lib64qt5sql-private-devel-5.0.2-1.1.mga3 lib64qt5test5-5.0.2-1.1.mga3 lib64qt5test-devel-5.0.2-1.1.mga3 lib64qt5test-private-devel-5.0.2-1.1.mga3 lib64qt5widgets5-5.0.2-1.1.mga3 lib64qt5widgets-devel-5.0.2-1.1.mga3 lib64qt5widgets-private-devel-5.0.2-1.1.mga3 lib64qt5xml5-5.0.2-1.1.mga3 lib64qt5xml-devel-5.0.2-1.1.mga3 from qtbase5-5.0.2-1.1.mga3.src.rpm
Status: NEW => ASSIGNEDCC: (none) => anaselliCVE: (none) => CVE-2013-4549Assignee: bugsquad => qa-bugsSource RPM: qt4 => qtbase5
Thanks Angelo! We can use the more concise advisory text from Ubuntu that we used for the qt4 update. Patched package uploaded for Mageia 3 by Angelo. Thanks Angelo! Advisory: ======================== Updated qt5 packages fixes security vulnerability: It was discovered that QXmlSimpleReader in Qt incorrectly handled XML entity expansion. An attacker could use this flaw to cause Qt applications to consume large amounts of resources, resulting in a denial of service (CVE-2013-4549). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4549 http://lists.qt-project.org/pipermail/announce/2013-December/000036.html http://www.ubuntu.com/usn/usn-2057-1/ ======================== Updated packages in core/updates_testing: ======================== qtbase5-common-5.0.2-1.1.mga3 qtbase5-examples-5.0.2-1.1.mga3 qtbase5-database-plugin-odbc-5.0.2-1.1.mga3 qtbase5-database-plugin-mysql-5.0.2-1.1.mga3 qtbase5-database-plugin-sqlite-5.0.2-1.1.mga3 qtbase5-database-plugin-tds-5.0.2-1.1.mga3 qtbase5-database-plugin-pgsql-5.0.2-1.1.mga3 libqt5core5-5.0.2-1.1.mga3 libqt5core-devel-5.0.2-1.1.mga3 libqt5core-private-devel-5.0.2-1.1.mga3 libqt5sql5-5.0.2-1.1.mga3 libqt5sql-devel-5.0.2-1.1.mga3 libqt5sql-private-devel-5.0.2-1.1.mga3 libqt5dbus5-5.0.2-1.1.mga3 libqt5dbus-devel-5.0.2-1.1.mga3 libqt5dbus-private-devel-5.0.2-1.1.mga3 libqt5concurrent5-5.0.2-1.1.mga3 libqt5concurrent-devel-5.0.2-1.1.mga3 libqt5gui5-5.0.2-1.1.mga3 libqt5gui-devel-5.0.2-1.1.mga3 libqt5gui-private-devel-5.0.2-1.1.mga3 libqt5network5-5.0.2-1.1.mga3 libqt5network-devel-5.0.2-1.1.mga3 libqt5network-private-devel-5.0.2-1.1.mga3 libqt5opengl5-5.0.2-1.1.mga3 libqt5opengl-devel-5.0.2-1.1.mga3 libqt5opengl-private-devel-5.0.2-1.1.mga3 libqt5printsupport5-5.0.2-1.1.mga3 libqt5printsupport-devel-5.0.2-1.1.mga3 libqt5printsupport-private-devel-5.0.2-1.1.mga3 libqt5test5-5.0.2-1.1.mga3 libqt5test-devel-5.0.2-1.1.mga3 libqt5test-private-devel-5.0.2-1.1.mga3 libqt5widgets5-5.0.2-1.1.mga3 libqt5widgets-devel-5.0.2-1.1.mga3 libqt5widgets-private-devel-5.0.2-1.1.mga3 libqt5xml5-5.0.2-1.1.mga3 libqt5xml-devel-5.0.2-1.1.mga3 libqt5platformsupport-devel-5.0.2-1.1.mga3 libqt5platformsupport-private-devel-5.0.2-1.1.mga3 libqt5bootstrap-devel-5.0.2-1.1.mga3 libqt5base5-devel-5.0.2-1.1.mga3 qtbase5-common-devel-5.0.2-1.1.mga3 qtbase5-debuginfo-5.0.2-1.1.mga3 from qtbase5-5.0.2-1.1.mga3.src.rpm
Sure that was my first advisory of such a type of bugs :D I haven't tested the vulnerability itself, but all install fine and i seem not to have regressions on my qt5 applications (X86_64)
well from my local iurt repository though.
No public poc, that I could find, so just testing using qtcreator to create a simple c "hello world program. Advisory uploaded to svn, Testing complete on Mageia 3 i586 and x86_64. Someon from the sysadmin team please push 12178.adv to updates.
Keywords: (none) => validated_updateWhiteboard: (none) => advisory MGA3-64-OK MGA3-32-OKCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2014-0115.html
Status: ASSIGNED => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED