Ubuntu
qt4-x11 package

Security: XML Entity Expansion Denial of Service

Bug #1259577 reported by Jonathan Riddell
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
qt4-x11 (Ubuntu)
Fix Released
Undecided
Unassigned
Precise
Fix Released
Undecided
Unassigned
Quantal
Fix Released
Undecided
Unassigned
Raring
Fix Released
Undecided
Unassigned
Saucy
Fix Released
Undecided
Unassigned
Trusty
Fix Released
Undecided
Unassigned
qtbase-opensource-src (Ubuntu)
Fix Released
Undecided
Unassigned
Raring
Fix Released
Undecided
Unassigned
Saucy
Fix Released
Undecided
Unassigned
Trusty
Fix Released
Undecided
Unassigned

Bug Description

http://lists.qt-project.org/pipermail/announce/2013-December/000036.html

Qt Project Security Advisory
----------------------------

Title: XML Entity Expansion Denial of Service
Risk Rating: Low
CVE: CVE-2013-4549
Platforms: All
Modules: QtBase
Versions: All versions before 5.2
Author: Richard J. Moore <rich at kde.org>
Date: 5 December 2013

Overview
--------

QXmlSimpleReader in Qt versions prior to 5.2 supports expansion of internal
entities in XML documents without placing restrictions to ensure the document
does not cause excessive memory usage. If an application using this API
processes untrusted data then the application may use unexpected amounts of
memory if a malicious document is processed.

Details
-------

It is possible to construct XML documents using internal entities that consume
large amounts of memory and other resources to process, this is known as the
'Billion Laughs' attack. Qt versions prior to 5.2 did not offer protection
against this issue.

Impact
------

An application loading untrusted XML data may consume arbitrary amounts of
memory and CPU when attempting to parse a maliciously constructed document.

Tags: patch

CVE References

Dmitry Shachnev (mitya57)
no longer affects: qtbase-opensource-src (Ubuntu Precise)
no longer affects: qtbase-opensource-src (Ubuntu Quantal)
Revision history for this message
Jonathan Riddell (jr) wrote :
Revision history for this message
Jonathan Riddell (jr) wrote :
Ubuntu Foundations Team Bug Bot (crichton)
tags: added: patch
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package qtbase-opensource-src - 5.0.2+dfsg1-7ubuntu13

---------------
qtbase-opensource-src (5.0.2+dfsg1-7ubuntu13) trusty; urgency=low

  * SECURITY UPDATE: [XML Entity Expansion Denial of Service] (LP: #1259577).
    - add limit in src/xml/sax/qxml.cpp
    - http://lists.qt-project.org/pipermail/announce/2013-December/000036.html
    - CVE-2013-4549
 -- Jonathan Riddell <email address hidden> Tue, 10 Dec 2013 15:08:17 +0000

Changed in qtbase-opensource-src (Ubuntu Trusty):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package qt4-x11 - 4:4.8.4+dfsg-0ubuntu20

---------------
qt4-x11 (4:4.8.4+dfsg-0ubuntu20) trusty; urgency=low

  * SECURITY UPDATE: [XML Entity Expansion Denial of Service] (LP: #1259577).
    - Add CVE-2013-4549.patch
    - add limit in src/xml/sax/qxml.cpp
    - http://lists.qt-project.org/pipermail/announce/2013-December/000036.html
    - CVE-2013-4549
 -- Jonathan Riddell <email address hidden> Tue, 10 Dec 2013 16:30:00 +0000

Changed in qt4-x11 (Ubuntu Trusty):
status: New → Fix Released
Revision history for this message
Jonathan Riddell (jr) wrote :
Revision history for this message
Jonathan Riddell (jr) wrote :
Revision history for this message
Jonathan Riddell (jr) wrote :
Revision history for this message
Jonathan Riddell (jr) wrote :
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

ACK on the debdiffs, thanks! I have uploaded them to the security team PPA to build and test, and will release them shortly.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package qt4-x11 - 4:4.8.3+dfsg-0ubuntu3.2

---------------
qt4-x11 (4:4.8.3+dfsg-0ubuntu3.2) quantal-security; urgency=low

  * SECURITY UPDATE: [XML Entity Expansion Denial of Service] (LP: #1259577).
    - Add CVE-2013-4549.diff
    - add limit in src/xml/sax/qxml.cpp
    - http://lists.qt-project.org/pipermail/announce/2013-December/000036.html
    - CVE-2013-4549
 -- Jonathan Riddell <email address hidden> Tue, 10 Dec 2013 22:44:01 +0000

Changed in qt4-x11 (Ubuntu Quantal):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package qt4-x11 - 4:4.8.4+dfsg-0ubuntu9.5

---------------
qt4-x11 (4:4.8.4+dfsg-0ubuntu9.5) raring-security; urgency=low

  * SECURITY UPDATE: [XML Entity Expansion Denial of Service] (LP: #1259577).
    - Add CVE-2013-4549.diff
    - add limit in src/xml/sax/qxml.cpp
    - http://lists.qt-project.org/pipermail/announce/2013-December/000036.html
    - CVE-2013-4549
 -- Jonathan Riddell <email address hidden> Tue, 10 Dec 2013 20:51:37 +0000

Changed in qt4-x11 (Ubuntu Raring):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package qtbase-opensource-src - 5.0.1+dfsg-0ubuntu4.1

---------------
qtbase-opensource-src (5.0.1+dfsg-0ubuntu4.1) raring-security; urgency=low

  * SECURITY UPDATE: [XML Entity Expansion Denial of Service] (LP: #1259577).
    - Add CVE-2013-4549-xml-expansion.diff
    - add limit in src/xml/sax/qxml.cpp
    - http://lists.qt-project.org/pipermail/announce/2013-December/000036.html
    - CVE-2013-4549
 -- Jonathan Riddell <email address hidden> Tue, 10 Dec 2013 15:59:04 +0000

Changed in qtbase-opensource-src (Ubuntu Raring):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package qt4-x11 - 4:4.8.4+dfsg-0ubuntu18.1

---------------
qt4-x11 (4:4.8.4+dfsg-0ubuntu18.1) saucy-security; urgency=low

  * SECURITY UPDATE: [XML Entity Expansion Denial of Service] (LP: #1259577).
    - Add CVE-2013-4549.diff
    - add limit in src/xml/sax/qxml.cpp
    - http://lists.qt-project.org/pipermail/announce/2013-December/000036.html
    - CVE-2013-4549
 -- Jonathan Riddell <email address hidden> Tue, 10 Dec 2013 16:54:32 +0000

Changed in qt4-x11 (Ubuntu Saucy):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package qt4-x11 - 4:4.8.1-0ubuntu4.5

---------------
qt4-x11 (4:4.8.1-0ubuntu4.5) precise-security; urgency=low

  * SECURITY UPDATE: [XML Entity Expansion Denial of Service] (LP: #1259577).
    - Add CVE-2013-4549.diff
    - add limit in src/xml/sax/qxml.cpp
    - http://lists.qt-project.org/pipermail/announce/2013-December/000036.html
    - CVE-2013-4549
 -- Jonathan Riddell <email address hidden> Tue, 10 Dec 2013 22:49:13 +0000

Changed in qt4-x11 (Ubuntu Precise):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package qtbase-opensource-src - 5.0.2+dfsg1-7ubuntu11.1

---------------
qtbase-opensource-src (5.0.2+dfsg1-7ubuntu11.1) saucy-security; urgency=low

  * SECURITY UPDATE: [XML Entity Expansion Denial of Service] (LP: #1259577).
    - Add CVE-2013-4549-xml-expansion.diff
    - add limit in src/xml/sax/qxml.cpp
    - http://lists.qt-project.org/pipermail/announce/2013-December/000036.html
    - CVE-2013-4549
 -- Jonathan Riddell <email address hidden> Tue, 10 Dec 2013 15:34:35 +0000

Changed in qtbase-opensource-src (Ubuntu Saucy):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.