Bug 58526 (CVE-2004-0693)

Summary:	VUL-0: CVE-2004-0693: opera: uses vulnerable version of QT lib
Product:	[Novell Products] SUSE Security Incidents	Reporter:	Thomas Biege <thomas>
Component:	Incidents	Assignee:	Lukas Tinkl <ltinkl>
Status:	RESOLVED FIXED	QA Contact:	Security Team bot <security-team>
Severity:	Normal
Priority:	P3 - Medium	CC:	security-team
Version:	unspecified
Target Milestone:	---
Hardware:	All
OS:	Linux
Whiteboard:	CVE-2004-0693: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Found By:	---	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---

Description Thomas Biege 2004-08-05 16:49:23 UTC

Hello Lukas, 
please have a look at bug 58356 
 
This bug is still private.

Comment 1 Thomas Biege 2004-08-05 16:49:23 UTC

<!-- SBZ_reproduce  -->
-

Comment 2 Marcus Meissner 2004-08-05 16:55:16 UTC

its also using a static version of the vulnerable libpng (for which we 
released an update yesterday)

Comment 3 Lukas Tinkl 2004-08-05 17:37:12 UTC

So I expect an updated version of Opera released very shortly...

Comment 4 Lukas Tinkl 2004-09-15 21:42:43 UTC

Fixed packages submitted

Comment 5 Lukas Tinkl 2004-09-20 18:48:32 UTC

Packages in STABLE now contain an Opera binary that's linked against the shared
Qt library version, I guess this is fixed now. Thomas?

What to do with the backport? 

christian.westgaard@opera.com wrote:

And when it comes to ulnerabilities in the Qt library:
Heap-based buffer overflow in the BMP image format parser for the QT library
(qt3) before 3.3.3 allows remote attackers to cause a denial of service
(application crash) and possibly execute arbitrary code.
http://cgi.nessus.org/cve.php3?cve=CAN-2004-0691

The XPM parser in the QT library (qt3) before 3.3.3 allows remote attackers to
cause a denial of service (application crash) via a malformed image file that
triggers a null dereference, a different vulnerability than CAN-2004-0693.
http://cgi.nessus.org/cve.php3?cve=CAN-2004-0692

The GIF parser in the QT library (qt3) before 3.3.3 allows remote attackers to
cause a denial of service (application crash) via a malformed image file that
triggers a null dereference, a different vulnerability than CAN-2004-0692.
http://cgi.nessus.org/cve.php3?cve=CAN-2004-0693

We have our own image decoders, as in we don't use Qt's image decoders.
We do use QFileDialog, but the file type images displayed there are
ASFAIK linked into the Qt library and cannot be exploited.

Comment 6 Thomas Biege 2004-09-20 18:56:36 UTC

> Packages in STABLE now contain an Opera binary that's linked against the 
> shared Qt library version, I guess this is fixed now. Thomas? 
 
Yes, it is. :) 
 
 
Hm, older versions need to be verified by watching testimgaes. 
I'll collect a list of them and be back...

Comment 7 Thomas Biege 2004-09-20 19:05:36 UTC

example pics: 
	http://scary.beasts.org/misc/bad.bmp 
	http://scary.beasts.org/misc/crash.gif 
	http://bugzilla.suse.de/attachment.cgi?id=14441&action=view 
 
For more details and patches used: 
	http://bugzilla.suse.de/show_bug.cgi?id=43356

Comment 8 Thomas Biege 2004-09-29 22:49:47 UTC

packages approved...

Comment 9 Thomas Biege 2009-10-13 20:31:09 UTC

CVE-2004-0693: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)