LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 7th, 2014
Linux Advisory Watch: April 4th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Updated Qt4 packages fix vulnerability in Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A potential vulnerability was discovered in Qt4 version 4.3.0 through 4.3.2 which may cause a certificate verification in SSL connections not to be performed. As a result, code that uses QSslSocket could be tricked into thinking that the certificate was verified correctly when it actually failed in one or more criteria. The updated packages have been patched to correct this issue.
 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:042
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : qt4
 Date    : February 7, 2008
 Affected: 2008.0
 _______________________________________________________________________
 
 Problem Description:
 
 A potential vulnerability was discovered in Qt4 version 4.3.0 through
 4.3.2 which may cause a certificate verification in SSL connections
 not to be performed.  As a result, code that uses QSslSocket could
 be tricked into thinking that the certificate was verified correctly
 when it actually failed in one or more criteria.
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5965
 http://trolltech.com/company/newsroom/announcements/press.2007-12-21.2182567220
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2008.0:
 9892e330bfdea25e6413b35ec8bbe065  2008.0/i586/libqassistant1-4.3.1-12.1mdv2008.0.i586.rpm
 f8b0bc238f5e4040c0e1a4c52d36fcff  2008.0/i586/libqt3support4-4.3.1-12.1mdv2008.0.i586.rpm
 c01bef3b080956c8a342b08b8a1c44f3  2008.0/i586/libqt4-devel-4.3.1-12.1mdv2008.0.i586.rpm
 38e5dbe9bb71c70df4a899a5e3565506  2008.0/i586/libqtcore4-4.3.1-12.1mdv2008.0.i586.rpm
 a366f116831687ce4b5c12c3c379ed33  2008.0/i586/libqtdbus4-4.3.1-12.1mdv2008.0.i586.rpm
 21c55d28fb48f5007849ba8d173f034e  2008.0/i586/libqtdesigner1-4.3.1-12.1mdv2008.0.i586.rpm
 ab24b17d472efb5430d06bbad8b29c4d  2008.0/i586/libqtgui4-4.3.1-12.1mdv2008.0.i586.rpm
 321b4ee6a9461cec4a543d6766e23824  2008.0/i586/libqtnetwork4-4.3.1-12.1mdv2008.0.i586.rpm
 13026ce7524212b11f59af029504bbfc  2008.0/i586/libqtopengl4-4.3.1-12.1mdv2008.0.i586.rpm
 3ab94beb4c00604d633653f5152ba79f  2008.0/i586/libqtscript4-4.3.1-12.1mdv2008.0.i586.rpm
 78e85399d17d2d13732deaecdc31b51d  2008.0/i586/libqtsql4-4.3.1-12.1mdv2008.0.i586.rpm
 a8a9722b8ceecd3e3e4ecf264b74050d  2008.0/i586/libqtsvg4-4.3.1-12.1mdv2008.0.i586.rpm
 405c08ac629be45cd62aac89554c30cd  2008.0/i586/libqttest4-4.3.1-12.1mdv2008.0.i586.rpm
 3db94cdadd714cb3dba5ca0f1f41d561  2008.0/i586/libqtuitools4-4.3.1-12.1mdv2008.0.i586.rpm
 5fbf9397f30954b22d3e068d2f5ee523  2008.0/i586/libqtxml4-4.3.1-12.1mdv2008.0.i586.rpm
 487ea8eeb121f73194bc8e0117fe77be  2008.0/i586/qt4-accessibility-plugin-lib-4.3.1-12.1mdv2008.0.i586.rpm
 9f0841dc6a2a31caba420b8aa284c4a7  2008.0/i586/qt4-assistant-4.3.1-12.1mdv2008.0.i586.rpm
 d00096b568d5b5dae8a55420c60acdf8  2008.0/i586/qt4-codecs-plugin-lib-4.3.1-12.1mdv2008.0.i586.rpm
 97fbcb80fd078b70859aa792c6dc16b5  2008.0/i586/qt4-common-4.3.1-12.1mdv2008.0.i586.rpm
 a85a2e3b2be98f14754411f1fed34a55  2008.0/i586/qt4-database-plugin-mysql-lib-4.3.1-12.1mdv2008.0.i586.rpm
 244f3e6e6b2cd4751b1d68c809025bc7  2008.0/i586/qt4-database-plugin-odbc-lib-4.3.1-12.1mdv2008.0.i586.rpm
 66afc64e0c50120a9b674f1ed48421c5  2008.0/i586/qt4-database-plugin-pgsql-lib-4.3.1-12.1mdv2008.0.i586.rpm
 ee488e093fd920d0a707b4a1db1c6fa4  2008.0/i586/qt4-database-plugin-sqlite-lib-4.3.1-12.1mdv2008.0.i586.rpm
 1292dc112e626d257212cb8c1f8a2c36  2008.0/i586/qt4-designer-4.3.1-12.1mdv2008.0.i586.rpm
 5165061dfdf84dcb78509818e447c036  2008.0/i586/qt4-doc-4.3.1-12.1mdv2008.0.i586.rpm
 c50f6f4474fd606cb71989eb4822465b  2008.0/i586/qt4-examples-4.3.1-12.1mdv2008.0.i586.rpm
 bc42ac400160c55c4b35332bcd92d73c  2008.0/i586/qt4-linguist-4.3.1-12.1mdv2008.0.i586.rpm
 fbcd20b52b762696c1f3de9386102f19  2008.0/i586/qt4-qtdbus-4.3.1-12.1mdv2008.0.i586.rpm
 74f23c3ea68198a21f31e2fda7175a46  2008.0/i586/qt4-qvfb-4.3.1-12.1mdv2008.0.i586.rpm
 a7613cde958d622e432e730d7969bc94  2008.0/i586/qt4-tutorial-4.3.1-12.1mdv2008.0.i586.rpm 
 a81a3d38966f72ae51b787c8505b0045  2008.0/SRPMS/qt4-4.3.1-12.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 f0d5dc297fc63f3c650d662182eb2e6a  2008.0/x86_64/lib64qassistant1-4.3.1-12.1mdv2008.0.x86_64.rpm
 a85d2f673b21770c9a2775ba74755a91  2008.0/x86_64/lib64qt3support4-4.3.1-12.1mdv2008.0.x86_64.rpm
 71b5ec95059347b0c8879748f732d4d3  2008.0/x86_64/lib64qt4-devel-4.3.1-12.1mdv2008.0.x86_64.rpm
 0833417df8b4f279f21801855e192c61  2008.0/x86_64/lib64qtcore4-4.3.1-12.1mdv2008.0.x86_64.rpm
 3b563a0e1b7c424d74c01e98359f8336  2008.0/x86_64/lib64qtdbus4-4.3.1-12.1mdv2008.0.x86_64.rpm
 c5f892fc94c05008552f60a83cd28c51  2008.0/x86_64/lib64qtdesigner1-4.3.1-12.1mdv2008.0.x86_64.rpm
 2e0bec990bff5b842c8e8fc13f553ccb  2008.0/x86_64/lib64qtgui4-4.3.1-12.1mdv2008.0.x86_64.rpm
 d92b3c89bcf9ba9d332c762e94d6f5cf  2008.0/x86_64/lib64qtnetwork4-4.3.1-12.1mdv2008.0.x86_64.rpm
 0e116dc52bede2c7da46be005f8d8d16  2008.0/x86_64/lib64qtopengl4-4.3.1-12.1mdv2008.0.x86_64.rpm
 e8ce343308abea504f515afda06fa0be  2008.0/x86_64/lib64qtscript4-4.3.1-12.1mdv2008.0.x86_64.rpm
 cb1457ab2b436495ce36deae66078d36  2008.0/x86_64/lib64qtsql4-4.3.1-12.1mdv2008.0.x86_64.rpm
 2f1d0e82f650dfe8aff775b544be9963  2008.0/x86_64/lib64qtsvg4-4.3.1-12.1mdv2008.0.x86_64.rpm
 37f7e45b3b8191491ef9e7007918632f  2008.0/x86_64/lib64qttest4-4.3.1-12.1mdv2008.0.x86_64.rpm
 9aaf39a6324b754e537b4853c1e4ab69  2008.0/x86_64/lib64qtuitools4-4.3.1-12.1mdv2008.0.x86_64.rpm
 e2b342f677b6455ade6c5bec8de7e65d  2008.0/x86_64/lib64qtxml4-4.3.1-12.1mdv2008.0.x86_64.rpm
 32dcf23e048930f8827241f5799d3724  2008.0/x86_64/qt4-accessibility-plugin-lib64-4.3.1-12.1mdv2008.0.x86_64.rpm
 8fc0e37845c71b1ea7af0ee4c29c0953  2008.0/x86_64/qt4-assistant-4.3.1-12.1mdv2008.0.x86_64.rpm
 17ff2b701839a3a61393adaa644e8408  2008.0/x86_64/qt4-codecs-plugin-lib64-4.3.1-12.1mdv2008.0.x86_64.rpm
 1aa85044040591f4749120e4457c7bd0  2008.0/x86_64/qt4-common-4.3.1-12.1mdv2008.0.x86_64.rpm
 46b5a01974b850cec6e15834c16184a5  2008.0/x86_64/qt4-database-plugin-mysql-lib64-4.3.1-12.1mdv2008.0.x86_64.rpm
 3f80c878b4f65d7b232da1c6ae974933  2008.0/x86_64/qt4-database-plugin-odbc-lib64-4.3.1-12.1mdv2008.0.x86_64.rpm
 cfb1cfd18bd2adc874504d9bec7573c4  2008.0/x86_64/qt4-database-plugin-pgsql-lib64-4.3.1-12.1mdv2008.0.x86_64.rpm
 3d44014208f9170fa17e28dfe17e4d0e  2008.0/x86_64/qt4-database-plugin-sqlite-lib64-4.3.1-12.1mdv2008.0.x86_64.rpm
 a4ff08c40609d0104d376748c12cd560  2008.0/x86_64/qt4-designer-4.3.1-12.1mdv2008.0.x86_64.rpm
 6724c21c07be1a4432c31a2eb250429c  2008.0/x86_64/qt4-doc-4.3.1-12.1mdv2008.0.x86_64.rpm
 eae92efad52acc32623fb91aef2eff30  2008.0/x86_64/qt4-examples-4.3.1-12.1mdv2008.0.x86_64.rpm
 1aaa5cd4e3691a90e7c740f79fa371fa  2008.0/x86_64/qt4-linguist-4.3.1-12.1mdv2008.0.x86_64.rpm
 133e0fa6e84d6881fc8812aa4f9d7352  2008.0/x86_64/qt4-qtdbus-4.3.1-12.1mdv2008.0.x86_64.rpm
 8d376491fbe47b7a1a6f7b02e74e2a07  2008.0/x86_64/qt4-qvfb-4.3.1-12.1mdv2008.0.x86_64.rpm
 16798b4d0a36cb3581523fed094d7f66  2008.0/x86_64/qt4-tutorial-4.3.1-12.1mdv2008.0.x86_64.rpm 
 a81a3d38966f72ae51b787c8505b0045  2008.0/SRPMS/qt4-4.3.1-12.1mdv2008.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
'Snowden effect' has changed cloud data security assumption, survey claims
Galaxy S5 fingerprint scanner hacked with glue mould
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.