1.238. qt

Updated qt packages that fix two security issues are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below.
Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. HarfBuzz is an OpenType text shaping engine.

Security Fixes

CVE-2011-3193
A buffer overflow flaw was found in the harfbuzz module in Qt. If a user loaded a specially-crafted font file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
CVE-2011-3194
A buffer overflow flaw was found in the way Qt handled certain gray-scale image files. If a user loaded a specially-crafted gray-scale image file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
Users of Qt should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against Qt libraries must be restarted for this update to take effect.
Updated qt packages that fix two security issues are now available for Red Hat Enterprise Linux 6 FasTrack.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below.
Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. HarfBuzz is an OpenType text shaping engine.

Security Fixes

CVE-2011-3193
A buffer overflow flaw was found in the harfbuzz module in Qt. If a user loaded a specially-crafted font file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
CVE-2011-3194
A buffer overflow flaw was found in the way Qt handled certain gray-scale image files. If a user loaded a specially-crafted gray-scale image file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
Users of Qt should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against Qt libraries must be restarted for this update to take effect.
Updated qt packages that fix various bugs are now available for Red Hat Enterprise Linux 6.
Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System.
Bug Fixes
BZ#562049
In the Bengali script, a certain consonant conjunct with a zero-with joiner (that is, the "U+09B0 U+200D U+09CD U+09AF" sequence in Unicode) was not rendered correctly. This error has been fixed, and this conjunct is now rendered as expected.
BZ#562058
In the Bengali script, some character combinations were incorrectly rendered with an extra space between them (for example, the "U+0989 U+09CD U+09AA U+09BE U+09A6 U+09A8 U+09C7 U+09B0" sequence in Unicode). This update ensures that these combinations are correctly rendered with a straight line at the upper part of the text.
BZ#562060
In the Kannada script, the "U+0CB0 U+200D U+0CCD U+0C95" Unicode sequence produced an incorrectly rendered glyph. With this update, the underlying source code has been modified to address this issue, and the above glyph is now rendered properly.
BZ#631732
In the Marathi language, a certain combination of syllables (that is, the "U+0915 U+09EF U+09EF" sequence in Unicode) was not recognized properly. This update resolves this issue, and this combination is now rendered as expected.
BZ#636399
In the Oriya script, some character combinations (such as the "U+0B2C U+0B4D U+0B21" Unicode sequence) were not rendered correctly. With this update, a patch has been applied to address this issue, and such character combinations are now rendered correctly.
All users of Qt are advised to upgrade to these updated packages, which resolve these issues.