1 August 2007, 14:43

Security vulnerability in Qt development framework library

Trolltech, producers of the Qt library, have released a source code patch for Qt3, which fixes a security vulnerability. Bugs may lead to execution of arbitrary code during processing of crafted strings by applications which use the cross-platform C++ framework.

The routines for the QTextEdit element contain format string vulnerabilities and integer overflows. These can be triggered when an application linked to Qt issues an error message which incorporates text provided by the user. The bugs affect versions of Qt3 up to and including version 3.3.8. Programs using this version of the library include the KDE Desktop.

Red Hat has already released an updated package, and other Linux distributors are likely to follow suit shortly. Users should install the updated packages as soon as they become available.

Security vulnerability in Qt development framework library

Internet Toolkit

SSL for free - step by step

Testing email with encryption

Shortened-breaks

The H Security Conficker information site

Tracking down malware

Health Check: Mandriva

Kernel Log: Linux 2.6.34 goes into testing

The H Update Check

Happenings: FOSS at CeBIT 2010

Of Android and the Fear of Fragmentation

Kernel Log: Stable kernels analysed, Linux without firmware, new graphics drivers

What's new in Linux 2.6.33

Health Check: FreeBSD - "The unknown giant"

New life for dead software

Price Insight Top 10

The H

The H open source

The H Security

The H Internet Toolkit