Bug#417394: Possible UTF-8 overlong sequence decoding vulnerability
Package: kdelibs
Version: 4:3.5.5a.dfsg.1-7
Severity: grave
Tags: security
Justification: user security hole
>
> this is a notice about a significant bug in the Qt (3.x and 4.x) UTF 8
> decoder, that in certain cases can lead to security vulnerabilies. It causes
> XSS errors at least in Konqueror, though any KDE application that deals with
> urls or paths from untrusted locations can be affected.
>
> The issue is that the UTF8 decoder incorrectly does not reject overlong
> sequences, which can cause "/../" injection or (in the case of konqueror)
> a "<script>" tag injection.
>
> The patch was embargoed, but it leaked recently into the qt snapshots and
> was
> also imported into qt-copy, so you can consider it public now. Originally
> Trolltech planned to disclose this with an Qt 3.3.9 release, but it seems
> they changed their mind.
>
(this has been reported in bugs: 417390 and 417391).
> I'm also attaching a fix against KJS, which has a similar issue, but we
> don't know of a way to exploit this one. Please add both patches.
This issued has been addressed in the upload 4:3.5.5a.dfsg.1-8
Ana
Reply to: