4.261. qt

Updated qt packages that fix two security issues are now available for Red Hat Enterprise Linux 6 FasTrack.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below.
Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. HarfBuzz is an OpenType text shaping engine.

Security Fixes

CVE-2011-3193
A buffer overflow flaw was found in the harfbuzz module in Qt. If a user loaded a specially-crafted font file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
CVE-2011-3194
A buffer overflow flaw was found in the way Qt handled certain gray-scale image files. If a user loaded a specially-crafted gray-scale image file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
Users of Qt should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against Qt libraries must be restarted for this update to take effect.
Updated qt packages that resolve several issues are now available for Red Hat Enterprise Linux 6.
Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System.

Bug Fixes

BZ#562132
While using the Lohit font in the Malayalam script, the ra-kar character combination (0D4D + 0D30 in Unicode) was rendered incorrectly. This issue has been fixed and this combination is now rendered correctly.
BZ#679759
Example binary files in the qt-examples package were missing execute permissions, which meant that normal users could not run them. This has been fixed: file permissions have been corrected and the example files now can be executed properly.
BZ#680088
Due to an issue in the qt buildroot, the complexpong example was incorrectly removed for the PowerPC architecture qt-examples package, which caused that missing files were reported when the qt-examples file list was verified. This issue has been fixed: the complexpong example is now correctly included for all supported architectures.
BZ#716694
Previously, the /etc/rpm/macros.qt4 file was part of the qt-x11 package, which was incorrect. This issue has been corrected: the file has been moved into the qt-devel package.
All users of qt are advised to upgrade to these updated packages, which resolve these issues.