Bug 927808 - (CVE-2015-1860) VUL-0: CVE-2015-1860: libqt5-qtbase,libqt4,qt,qt3: segmentation fault in GIF Qt Image Format Handling
(CVE-2015-1860)
VUL-0: CVE-2015-1860: libqt5-qtbase,libqt4,qt,qt3: segmentation fault in GIF ...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/115702/
maint:released:sle11-sp3:61769 CVSSv2...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-04-20 10:09 UTC by Andreas Stieger
Modified: 2016-04-28 08:56 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2015-04-20 10:09:35 UTC
From http://lists.qt-project.org/pipermail/announce/2015-April/000067.html

Qt Project Security Advisory
----------------------------

Title:        Multiple Vulnerabilities in Qt Image Format Handling
Risk Rating:  High
CVE:          CVE-2015-1858, CVE-2015-1859, CVE-2015-1860
Platforms:    All
Modules:      QtBase
Versions:     Qt 4.8.6 and earlier, Qt 5.4.1 and earlier
Author:       Richard J. Moore <rich at kde.org>
Date:         12th April 2015

Overview
--------

Due to two recent vulnerabilities identified in the built-in image format
handling code, it was decided that this area required further testing to
determine if further issues remained. Fuzzing using afl-fuzz located a
number
of issues in the handling of BMP, ICO and GIF files. The issues exposed
included denial of service and buffer overflows leading to heap corruption.
It
is possible the latter could be used to perform remote code execution.


CVE-2015-1860 GIF vulnerability

Impact
------

Denial of service and potentially remote code execution.

Workaround
----------

None

Solution
--------

Upgrade to Qt 5.5 once released or apply the patches below:

For Qt 5.0 to 5.4:

https://codereview.qt-project.org/#/c/108312/
https://codereview.qt-project.org/#/c/108248/

For Qt 4.8:

https://codereview.qt-project.org/#/c/108474/
https://codereview.qt-project.org/#/c/108475/

The fixes will also be included in Qt 4.8.7 and 5.4.2.


References:
https://bugzilla.redhat.com/show_bug.cgi?id=1210675
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1860
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1860.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1860
Comment 1 Swamp Workflow Management 2015-04-20 11:18:13 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2015-05-04.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/61570
Comment 2 Swamp Workflow Management 2015-04-20 22:01:24 UTC
bugbot adjusting priority
Comment 3 Dirk Mueller 2015-05-07 13:50:58 UTC
Thanks, submitted to openSUSE:Factory!
Comment 4 Bernhard Wiedemann 2015-05-07 14:00:09 UTC
This is an autogenerated message for OBS integration:
This bug (927808) was mentioned in
https://build.opensuse.org/request/show/305776 Factory / libqt4
Comment 7 Bernhard Wiedemann 2015-05-07 17:00:18 UTC
This is an autogenerated message for OBS integration:
This bug (927808) was mentioned in
https://build.opensuse.org/request/show/305786 Factory / libqt4
Comment 12 Andreas Stieger 2015-05-13 14:56:32 UTC
bug 921999, bug 927806, bug 927807, bug 927808 affect libqt5-qtbase on SLE 12. Assigning to maintainer for submission.
Comment 15 Swamp Workflow Management 2015-06-01 13:05:42 UTC
SUSE-SU-2015:0977-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 921999,927806,927807,927808
CVE References: CVE-2015-0295,CVE-2015-1858,CVE-2015-1859,CVE-2015-1860
Sources used:
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    libqt4-4.6.3-5.34.2, libqt4-devel-doc-4.6.3-5.34.2, libqt4-devel-doc-data-4.6.3-5.34.2, libqt4-sql-plugins-4.6.3-5.34.2
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    libqt4-4.6.3-5.34.2, libqt4-devel-doc-4.6.3-5.34.2, libqt4-sql-plugins-4.6.3-5.34.2
SUSE Linux Enterprise Server 11 SP3 (src):    libqt4-4.6.3-5.34.2, libqt4-devel-doc-4.6.3-5.34.2, libqt4-sql-plugins-4.6.3-5.34.2
SUSE Linux Enterprise Desktop 11 SP3 (src):    libqt4-4.6.3-5.34.2, libqt4-sql-plugins-4.6.3-5.34.2
Comment 16 Swamp Workflow Management 2015-08-07 09:11:47 UTC
SUSE-SU-2015:1359-1: An update that solves four vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 847880,921999,927806,927807,927808,929688
CVE References: CVE-2015-0295,CVE-2015-1858,CVE-2015-1859,CVE-2015-1860
Sources used:
SUSE Linux Enterprise Workstation Extension 12 (src):    libqt4-4.8.6-4.2, libqt4-sql-plugins-4.8.6-4.1
SUSE Linux Enterprise Software Development Kit 12 (src):    libqt4-4.8.6-4.2, libqt4-devel-doc-4.8.6-4.6, libqt4-sql-plugins-4.8.6-4.1
SUSE Linux Enterprise Server 12 (src):    libqt4-4.8.6-4.2, libqt4-devel-doc-4.8.6-4.6, libqt4-sql-plugins-4.8.6-4.1
SUSE Linux Enterprise Desktop 12 (src):    libqt4-4.8.6-4.2, libqt4-sql-plugins-4.8.6-4.1
Comment 17 Swamp Workflow Management 2015-08-14 11:10:32 UTC
SUSE-SU-2015:1383-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 870151,921999,927806,927807,927808
CVE References: CVE-2015-0295,CVE-2015-1858,CVE-2015-1859,CVE-2015-1860
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    libqt5-qtbase-5.3.1-4.4.2
SUSE Linux Enterprise Server 12 (src):    libqt5-qtbase-5.3.1-4.4.2
SUSE Linux Enterprise Desktop 12 (src):    libqt5-qtbase-5.3.1-4.4.2
Comment 18 Rin Okuyama 2015-10-05 08:21:37 UTC
OpenSUSE 13.1 is still vulnerable. Could you please apply these fixes to it?
Comment 19 Marcus Meissner 2016-03-22 16:26:43 UTC
13.1 has meanwhile turned to evergreen support. :/

sorry , we did not see your message to reassiugn to the maintainer