Bug#587711: libqt4-network: infinite loop in QSslSocketBackendPrivate::transmit()

To: submit@bugs.debian.org
Subject: Bug#587711: libqt4-network: infinite loop in QSslSocketBackendPrivate::transmit()
From: Raphael Geissert <geissert@debian.org>
Date: Wed, 30 Jun 2010 21:08:22 -0500
Message-id: <[🔎] 201006302108.24939.geissert@debian.org>
Reply-to: Raphael Geissert <geissert@debian.org>, 587711@bugs.debian.org

Package: libqt4-network
Version: 4:4.6.3-1
Severity: grave
Tags: security

Hi,

The following vulnerability has been reported in libqt4-network.

From [1]:
> The part of the network library which handles the SSL connection can be
> tricked into an endless loop that freezes the whole application with
> CPU at 100%.
> 
> The problem is located in the QSslSocketBackendPrivate::transmit()
> function in src_network_ssl_qsslsocket_openssl.cpp that never exits
> from the main "while" loop.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry, if one is assigned by then.

There's no known patch at the moment and an exploit is linked by the advisory.

[1]http://aluigi.altervista.org/adv/qtsslame-adv.txt

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

Reply to:

Follow-Ups:
- Bug#587711: libqt4-network: infinite loop in QSslSocketBackendPrivate::transmit()
  - From: Fathi Boudra <fabo@debian.org>

Next by Date: Bug#587715: Update notification daemon displays bad grammar
Next by thread: Bug#587711: libqt4-network: infinite loop in QSslSocketBackendPrivate::transmit()
Index(es):
- Date
- Thread