Solution
Please Install the Updated Packages.
Insight
Andreas Nolden discover a bug in qt4, where the UTF8 decoder does not reject overlong sequences, which can cause " /../"
injection or
(in the case of konqueror) a "
<
script>
"
tag injection.
Updated packages have been patched to address this issue.
Affected
qt4 on Mandriva Linux 2007.0,
Mandriva Linux 2007.0/X86_64
Severity
Classification
-
CVE CVE-2007-0242 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities