ubuntu-sdk-bugs team mailing list archive

[Jonathan Riddell <jriddell@xxxxxxxxxx>]

Public bug reported:

http://lists.qt-project.org/pipermail/announce/2013-December/000036.html

Qt Project Security Advisory
----------------------------

Title:        XML Entity Expansion Denial of Service
Risk Rating:  Low
CVE:          CVE-2013-4549
Platforms:    All
Modules:      QtBase
Versions:     All versions before 5.2
Author:       Richard J. Moore <rich at kde.org>
Date:         5 December 2013

Overview
--------

QXmlSimpleReader in Qt versions prior to 5.2 supports expansion of internal
entities in XML documents without placing restrictions to ensure the document
does not cause excessive memory usage. If an application using this API
processes untrusted data then the application may use unexpected amounts of
memory if a malicious document is processed.

Details
-------

It is possible to construct XML documents using internal entities that consume
large amounts of memory and other resources to process, this is known as the
'Billion Laughs' attack. Qt versions prior to 5.2 did not offer protection
against this issue.

Impact
------

An application loading untrusted XML data may consume arbitrary amounts of
memory and CPU when attempting to parse a maliciously constructed document.

** Affects: qt4-x11 (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: qtbase-opensource-src (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: qt4-x11 (Ubuntu Precise)
     Importance: Undecided
         Status: New

** Affects: qtbase-opensource-src (Ubuntu Precise)
     Importance: Undecided
         Status: New

** Affects: qt4-x11 (Ubuntu Quantal)
     Importance: Undecided
         Status: New

** Affects: qtbase-opensource-src (Ubuntu Quantal)
     Importance: Undecided
         Status: New

** Affects: qt4-x11 (Ubuntu Raring)
     Importance: Undecided
         Status: New

** Affects: qtbase-opensource-src (Ubuntu Raring)
     Importance: Undecided
         Status: New

** Affects: qt4-x11 (Ubuntu Saucy)
     Importance: Undecided
         Status: New

** Affects: qtbase-opensource-src (Ubuntu Saucy)
     Importance: Undecided
         Status: New

** Affects: qt4-x11 (Ubuntu Trusty)
     Importance: Undecided
         Status: New

** Affects: qtbase-opensource-src (Ubuntu Trusty)
     Importance: Undecided
         Status: New

** Also affects: qtbase-opensource-src (Ubuntu)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
SDK bug tracking, which is subscribed to qtbase-opensource-src in
Ubuntu.
https://bugs.launchpad.net/bugs/1259577

Title:
  Security: XML Entity Expansion Denial of Service

Status in “qt4-x11” package in Ubuntu:
  New
Status in “qtbase-opensource-src” package in Ubuntu:
  New
Status in “qt4-x11” source package in Precise:
  New
Status in “qtbase-opensource-src” source package in Precise:
  New
Status in “qt4-x11” source package in Quantal:
  New
Status in “qtbase-opensource-src” source package in Quantal:
  New
Status in “qt4-x11” source package in Raring:
  New
Status in “qtbase-opensource-src” source package in Raring:
  New
Status in “qt4-x11” source package in Saucy:
  New
Status in “qtbase-opensource-src” source package in Saucy:
  New
Status in “qt4-x11” source package in Trusty:
  New
Status in “qtbase-opensource-src” source package in Trusty:
  New

Bug description:
  http://lists.qt-
  project.org/pipermail/announce/2013-December/000036.html

  Qt Project Security Advisory
  ----------------------------

  Title:        XML Entity Expansion Denial of Service
  Risk Rating:  Low
  CVE:          CVE-2013-4549
  Platforms:    All
  Modules:      QtBase
  Versions:     All versions before 5.2
  Author:       Richard J. Moore <rich at kde.org>
  Date:         5 December 2013

  Overview
  --------

  QXmlSimpleReader in Qt versions prior to 5.2 supports expansion of internal
  entities in XML documents without placing restrictions to ensure the document
  does not cause excessive memory usage. If an application using this API
  processes untrusted data then the application may use unexpected amounts of
  memory if a malicious document is processed.

  Details
  -------

  It is possible to construct XML documents using internal entities that consume
  large amounts of memory and other resources to process, this is known as the
  'Billion Laughs' attack. Qt versions prior to 5.2 did not offer protection
  against this issue.

  Impact
  ------

  An application loading untrusted XML data may consume arbitrary amounts of
  memory and CPU when attempting to parse a maliciously constructed document.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/qt4-x11/+bug/1259577/+subscriptions