The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[USN-579-1] Qt vulnerability


<< Previous INDEX Search src / Print Next >>
Date: Thu, 21 Feb 2008 09:07:54 -0500
From: Jamie Strandboge <jamie@canonical.com.>
To: [email protected]
Subject: [USN-579-1] Qt vulnerability
Message-ID: <20080221140754.GA8804@severus.strandboge.com.>
Reply-To: Jamie Strandboge <jamie@canonical.com.>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="NzB8fVQJ5HfG6fxh"
Content-Disposition: inline
User-Agent: Mutt/1.5.17+20080114 (2008-01-14)
X-Virus-Scanned: antivirus-gw at tyumen.ru


--NzB8fVQJ5HfG6fxh
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=20
Ubuntu Security Notice USN-579-1          February 20, 2008
qt4-x11 vulnerability
CVE-2007-5965
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects the following Ubuntu releases:

Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.10:
  libqt4-core                     4.3.2-0ubuntu3.2

After a standard system upgrade you need to restart applications
linked against Qt to effect the necessary changes.

Details follow:

It was discovered that QSslSocket did not properly verify SSL
certificates. A remote attacker may be able to trick applications
using QSslSocket into accepting invalid SSL certificates.


Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-x11_4.3.2-0ub=
untu3.2.diff.gz
      Size/MD5:    50784 34e258b7ef8ddb98baff43b8addda445
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-x11_4.3.2-0ub=
untu3.2.dsc
      Size/MD5:     1605 13abaddb49b3db3c5c30e9f9f04de057
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-x11_4.3.2.ori=
g.tar.gz
      Size/MD5: 43462686 a60490b36099bdd10c4d2f55430075b3

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-doc_4.3.2-0ub=
untu3.2_all.deb
      Size/MD5: 25346480 99cd0e2b1094ed55284db1d58605d079

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-core_4.3.2=
-0ubuntu3.2_amd64.deb
      Size/MD5:  1943082 b4e65e7adebc86ba9b6cc871a60bbd0e
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-debug_4.3.=
2-0ubuntu3.2_amd64.deb
      Size/MD5: 81469132 14a6f12efd943643de8dad9c0e34f339
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-dev_4.3.2-=
0ubuntu3.2_amd64.deb
      Size/MD5:  4803626 e72bbf5adf05487893c14820191aa485
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-gui_4.3.2-=
0ubuntu3.2_amd64.deb
      Size/MD5:  5395948 c66f7f37b88c2f153bd2fde0f5f949a8
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-qt3support=
_4.3.2-0ubuntu3.2_amd64.deb
      Size/MD5:  1140384 4f2364042868f3c780e26fd80b40919a
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql_4.3.2-=
0ubuntu3.2_amd64.deb
      Size/MD5:   154934 8fa24a2d0efe9bd826d20e79e26de0de
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-designer_4.3.=
2-0ubuntu3.2_amd64.deb
      Size/MD5:  1295424 435d9d6947a1becd34602c9b68a48176
    http://security.ubuntu.com/ubuntu/pool/universe/q/qt4-x11/qt4-dev-tools=
_4.3.2-0ubuntu3.2_amd64.deb
      Size/MD5:   769864 652ecbdfe495cc23e4cf160cca21d36d
    http://security.ubuntu.com/ubuntu/pool/universe/q/qt4-x11/qt4-qtconfig_=
4.3.2-0ubuntu3.2_amd64.deb
      Size/MD5:    99416 8868ca06f4ee62152de3cc4b9b426b80

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-core_4.3.2=
-0ubuntu3.2_i386.deb
      Size/MD5:  1768524 131d6c2c0551f2398fce9ff082b37ef2
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-debug_4.3.=
2-0ubuntu3.2_i386.deb
      Size/MD5: 81026292 8ebfec68d6e0955a3e0a5e1e476a5b55
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-dev_4.3.2-=
0ubuntu3.2_i386.deb
      Size/MD5:  4437758 222c08edb1bfc0785ed467a5e5ce83a8
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-gui_4.3.2-=
0ubuntu3.2_i386.deb
      Size/MD5:  4887460 434b7dbebf234ff398e0fe33e8fcc486
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-qt3support=
_4.3.2-0ubuntu3.2_i386.deb
      Size/MD5:  1021026 db8cb6acd0537582fc6ff4012e359555
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql_4.3.2-=
0ubuntu3.2_i386.deb
      Size/MD5:   138812 4492b7b101fbf43cd914a7085c8c5481
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-designer_4.3.=
2-0ubuntu3.2_i386.deb
      Size/MD5:  1249678 1e65a2dcc55131b96f793b69a56eeb08
    http://security.ubuntu.com/ubuntu/pool/universe/q/qt4-x11/qt4-dev-tools=
_4.3.2-0ubuntu3.2_i386.deb
      Size/MD5:   699468 9f2a65ffc4dac8f019bcdadba7571d9c
    http://security.ubuntu.com/ubuntu/pool/universe/q/qt4-x11/qt4-qtconfig_=
4.3.2-0ubuntu3.2_i386.deb
      Size/MD5:    93364 db90b49be856de532888e68d3bbe402b

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-core_4.3.2=
-0ubuntu3.2_powerpc.deb
      Size/MD5:  1861838 4ad11d44b4208bb7a5a2519a02de72fc
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-debug_4.3.=
2-0ubuntu3.2_powerpc.deb
      Size/MD5: 82142134 aa5b06c09de5c25944ad9b98f5dcb676
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-dev_4.3.2-=
0ubuntu3.2_powerpc.deb
      Size/MD5:  4567070 25ffc9fc0c49e5d7530559489a2d35c0
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-gui_4.3.2-=
0ubuntu3.2_powerpc.deb
      Size/MD5:  5197272 6a3d9fb41efa29c7f8b9704d06a5f3dc
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-qt3support=
_4.3.2-0ubuntu3.2_powerpc.deb
      Size/MD5:  1080292 189dafc8eadebe3d9805baf6d89b6fa7
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql_4.3.2-=
0ubuntu3.2_powerpc.deb
      Size/MD5:   148286 06074830da4f808d783fbbbb74790fab
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-designer_4.3.=
2-0ubuntu3.2_powerpc.deb
      Size/MD5:  1301788 ce0c43cbc94828802e56fbe5ac2b7915
    http://security.ubuntu.com/ubuntu/pool/universe/q/qt4-x11/qt4-dev-tools=
_4.3.2-0ubuntu3.2_powerpc.deb
      Size/MD5:   736666 89d70c039b28804dc839c59bca89391e
    http://security.ubuntu.com/ubuntu/pool/universe/q/qt4-x11/qt4-qtconfig_=
4.3.2-0ubuntu3.2_powerpc.deb
      Size/MD5:    99296 5d0f324237c2917dfedd321e9609d91f

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-core_4.3.2=
-0ubuntu3.2_sparc.deb
      Size/MD5:  1995356 dd817644c167ae96d89cf18a6cbb6ce0
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-debug_4.3.=
2-0ubuntu3.2_sparc.deb
      Size/MD5: 81693916 71f54e309969dad838e11744967e8456
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-dev_4.3.2-=
0ubuntu3.2_sparc.deb
      Size/MD5:  4901052 fe9616d0a0e887c755c9a1e377b67369
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-gui_4.3.2-=
0ubuntu3.2_sparc.deb
      Size/MD5:  5446702 dcb34afd768d848994abb5a957c1fab9
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-qt3support=
_4.3.2-0ubuntu3.2_sparc.deb
      Size/MD5:  1095232 c1f10a9b14875556be4e58a8a4929920
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql_4.3.2-=
0ubuntu3.2_sparc.deb
      Size/MD5:   149300 9a1f86ef66138ebc1e795b3e861599af
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-designer_4.3.=
2-0ubuntu3.2_sparc.deb
      Size/MD5:  1307846 98d9129d15fb7c2869c12e5e5350f442
    http://security.ubuntu.com/ubuntu/pool/universe/q/qt4-x11/qt4-dev-tools=
_4.3.2-0ubuntu3.2_sparc.deb
      Size/MD5:   749918 7d01faab0bcc71e048d05f4084f6200c
    http://security.ubuntu.com/ubuntu/pool/universe/q/qt4-x11/qt4-qtconfig_=
4.3.2-0ubuntu3.2_sparc.deb
      Size/MD5:    97246 018bdbaf72fba8492ab75360da84face



--NzB8fVQJ5HfG6fxh
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHvYW6W0JvuRdL8BoRAi9iAJwIgkzDNvBHJrDz72t3ZwB2hu80hQCgoLV/
6lzXn/Own6zpK3iVP3cphi4=
=Jt11
-----END PGP SIGNATURE-----

--NzB8fVQJ5HfG6fxh--


<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру