[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1JNLy2-0002K6-MB@artemis.annvix.ca>
Date: Thu, 07 Feb 2008 22:40:06 -0700
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2008:042 ] - Updated Qt4 packages fix
vulnerability in QSslSocket
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:042
http://www.mandriva.com/security/
_______________________________________________________________________
Package : qt4
Date : February 7, 2008
Affected: 2008.0
_______________________________________________________________________
Problem Description:
A potential vulnerability was discovered in Qt4 version 4.3.0 through
4.3.2 which may cause a certificate verification in SSL connections
not to be performed. As a result, code that uses QSslSocket could
be tricked into thinking that the certificate was verified correctly
when it actually failed in one or more criteria.
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5965
http://trolltech.com/company/newsroom/announcements/press.2007-12-21.2182567220
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
9892e330bfdea25e6413b35ec8bbe065 2008.0/i586/libqassistant1-4.3.1-12.1mdv2008.0.i586.rpm
f8b0bc238f5e4040c0e1a4c52d36fcff 2008.0/i586/libqt3support4-4.3.1-12.1mdv2008.0.i586.rpm
c01bef3b080956c8a342b08b8a1c44f3 2008.0/i586/libqt4-devel-4.3.1-12.1mdv2008.0.i586.rpm
38e5dbe9bb71c70df4a899a5e3565506 2008.0/i586/libqtcore4-4.3.1-12.1mdv2008.0.i586.rpm
a366f116831687ce4b5c12c3c379ed33 2008.0/i586/libqtdbus4-4.3.1-12.1mdv2008.0.i586.rpm
21c55d28fb48f5007849ba8d173f034e 2008.0/i586/libqtdesigner1-4.3.1-12.1mdv2008.0.i586.rpm
ab24b17d472efb5430d06bbad8b29c4d 2008.0/i586/libqtgui4-4.3.1-12.1mdv2008.0.i586.rpm
321b4ee6a9461cec4a543d6766e23824 2008.0/i586/libqtnetwork4-4.3.1-12.1mdv2008.0.i586.rpm
13026ce7524212b11f59af029504bbfc 2008.0/i586/libqtopengl4-4.3.1-12.1mdv2008.0.i586.rpm
3ab94beb4c00604d633653f5152ba79f 2008.0/i586/libqtscript4-4.3.1-12.1mdv2008.0.i586.rpm
78e85399d17d2d13732deaecdc31b51d 2008.0/i586/libqtsql4-4.3.1-12.1mdv2008.0.i586.rpm
a8a9722b8ceecd3e3e4ecf264b74050d 2008.0/i586/libqtsvg4-4.3.1-12.1mdv2008.0.i586.rpm
405c08ac629be45cd62aac89554c30cd 2008.0/i586/libqttest4-4.3.1-12.1mdv2008.0.i586.rpm
3db94cdadd714cb3dba5ca0f1f41d561 2008.0/i586/libqtuitools4-4.3.1-12.1mdv2008.0.i586.rpm
5fbf9397f30954b22d3e068d2f5ee523 2008.0/i586/libqtxml4-4.3.1-12.1mdv2008.0.i586.rpm
487ea8eeb121f73194bc8e0117fe77be 2008.0/i586/qt4-accessibility-plugin-lib-4.3.1-12.1mdv2008.0.i586.rpm
9f0841dc6a2a31caba420b8aa284c4a7 2008.0/i586/qt4-assistant-4.3.1-12.1mdv2008.0.i586.rpm
d00096b568d5b5dae8a55420c60acdf8 2008.0/i586/qt4-codecs-plugin-lib-4.3.1-12.1mdv2008.0.i586.rpm
97fbcb80fd078b70859aa792c6dc16b5 2008.0/i586/qt4-common-4.3.1-12.1mdv2008.0.i586.rpm
a85a2e3b2be98f14754411f1fed34a55 2008.0/i586/qt4-database-plugin-mysql-lib-4.3.1-12.1mdv2008.0.i586.rpm
244f3e6e6b2cd4751b1d68c809025bc7 2008.0/i586/qt4-database-plugin-odbc-lib-4.3.1-12.1mdv2008.0.i586.rpm
66afc64e0c50120a9b674f1ed48421c5 2008.0/i586/qt4-database-plugin-pgsql-lib-4.3.1-12.1mdv2008.0.i586.rpm
ee488e093fd920d0a707b4a1db1c6fa4 2008.0/i586/qt4-database-plugin-sqlite-lib-4.3.1-12.1mdv2008.0.i586.rpm
1292dc112e626d257212cb8c1f8a2c36 2008.0/i586/qt4-designer-4.3.1-12.1mdv2008.0.i586.rpm
5165061dfdf84dcb78509818e447c036 2008.0/i586/qt4-doc-4.3.1-12.1mdv2008.0.i586.rpm
c50f6f4474fd606cb71989eb4822465b 2008.0/i586/qt4-examples-4.3.1-12.1mdv2008.0.i586.rpm
bc42ac400160c55c4b35332bcd92d73c 2008.0/i586/qt4-linguist-4.3.1-12.1mdv2008.0.i586.rpm
fbcd20b52b762696c1f3de9386102f19 2008.0/i586/qt4-qtdbus-4.3.1-12.1mdv2008.0.i586.rpm
74f23c3ea68198a21f31e2fda7175a46 2008.0/i586/qt4-qvfb-4.3.1-12.1mdv2008.0.i586.rpm
a7613cde958d622e432e730d7969bc94 2008.0/i586/qt4-tutorial-4.3.1-12.1mdv2008.0.i586.rpm
a81a3d38966f72ae51b787c8505b0045 2008.0/SRPMS/qt4-4.3.1-12.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
f0d5dc297fc63f3c650d662182eb2e6a 2008.0/x86_64/lib64qassistant1-4.3.1-12.1mdv2008.0.x86_64.rpm
a85d2f673b21770c9a2775ba74755a91 2008.0/x86_64/lib64qt3support4-4.3.1-12.1mdv2008.0.x86_64.rpm
71b5ec95059347b0c8879748f732d4d3 2008.0/x86_64/lib64qt4-devel-4.3.1-12.1mdv2008.0.x86_64.rpm
0833417df8b4f279f21801855e192c61 2008.0/x86_64/lib64qtcore4-4.3.1-12.1mdv2008.0.x86_64.rpm
3b563a0e1b7c424d74c01e98359f8336 2008.0/x86_64/lib64qtdbus4-4.3.1-12.1mdv2008.0.x86_64.rpm
c5f892fc94c05008552f60a83cd28c51 2008.0/x86_64/lib64qtdesigner1-4.3.1-12.1mdv2008.0.x86_64.rpm
2e0bec990bff5b842c8e8fc13f553ccb 2008.0/x86_64/lib64qtgui4-4.3.1-12.1mdv2008.0.x86_64.rpm
d92b3c89bcf9ba9d332c762e94d6f5cf 2008.0/x86_64/lib64qtnetwork4-4.3.1-12.1mdv2008.0.x86_64.rpm
0e116dc52bede2c7da46be005f8d8d16 2008.0/x86_64/lib64qtopengl4-4.3.1-12.1mdv2008.0.x86_64.rpm
e8ce343308abea504f515afda06fa0be 2008.0/x86_64/lib64qtscript4-4.3.1-12.1mdv2008.0.x86_64.rpm
cb1457ab2b436495ce36deae66078d36 2008.0/x86_64/lib64qtsql4-4.3.1-12.1mdv2008.0.x86_64.rpm
2f1d0e82f650dfe8aff775b544be9963 2008.0/x86_64/lib64qtsvg4-4.3.1-12.1mdv2008.0.x86_64.rpm
37f7e45b3b8191491ef9e7007918632f 2008.0/x86_64/lib64qttest4-4.3.1-12.1mdv2008.0.x86_64.rpm
9aaf39a6324b754e537b4853c1e4ab69 2008.0/x86_64/lib64qtuitools4-4.3.1-12.1mdv2008.0.x86_64.rpm
e2b342f677b6455ade6c5bec8de7e65d 2008.0/x86_64/lib64qtxml4-4.3.1-12.1mdv2008.0.x86_64.rpm
32dcf23e048930f8827241f5799d3724 2008.0/x86_64/qt4-accessibility-plugin-lib64-4.3.1-12.1mdv2008.0.x86_64.rpm
8fc0e37845c71b1ea7af0ee4c29c0953 2008.0/x86_64/qt4-assistant-4.3.1-12.1mdv2008.0.x86_64.rpm
17ff2b701839a3a61393adaa644e8408 2008.0/x86_64/qt4-codecs-plugin-lib64-4.3.1-12.1mdv2008.0.x86_64.rpm
1aa85044040591f4749120e4457c7bd0 2008.0/x86_64/qt4-common-4.3.1-12.1mdv2008.0.x86_64.rpm
46b5a01974b850cec6e15834c16184a5 2008.0/x86_64/qt4-database-plugin-mysql-lib64-4.3.1-12.1mdv2008.0.x86_64.rpm
3f80c878b4f65d7b232da1c6ae974933 2008.0/x86_64/qt4-database-plugin-odbc-lib64-4.3.1-12.1mdv2008.0.x86_64.rpm
cfb1cfd18bd2adc874504d9bec7573c4 2008.0/x86_64/qt4-database-plugin-pgsql-lib64-4.3.1-12.1mdv2008.0.x86_64.rpm
3d44014208f9170fa17e28dfe17e4d0e 2008.0/x86_64/qt4-database-plugin-sqlite-lib64-4.3.1-12.1mdv2008.0.x86_64.rpm
a4ff08c40609d0104d376748c12cd560 2008.0/x86_64/qt4-designer-4.3.1-12.1mdv2008.0.x86_64.rpm
6724c21c07be1a4432c31a2eb250429c 2008.0/x86_64/qt4-doc-4.3.1-12.1mdv2008.0.x86_64.rpm
eae92efad52acc32623fb91aef2eff30 2008.0/x86_64/qt4-examples-4.3.1-12.1mdv2008.0.x86_64.rpm
1aaa5cd4e3691a90e7c740f79fa371fa 2008.0/x86_64/qt4-linguist-4.3.1-12.1mdv2008.0.x86_64.rpm
133e0fa6e84d6881fc8812aa4f9d7352 2008.0/x86_64/qt4-qtdbus-4.3.1-12.1mdv2008.0.x86_64.rpm
8d376491fbe47b7a1a6f7b02e74e2a07 2008.0/x86_64/qt4-qvfb-4.3.1-12.1mdv2008.0.x86_64.rpm
16798b4d0a36cb3581523fed094d7f66 2008.0/x86_64/qt4-tutorial-4.3.1-12.1mdv2008.0.x86_64.rpm
a81a3d38966f72ae51b787c8505b0045 2008.0/SRPMS/qt4-4.3.1-12.1mdv2008.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
iD8DBQFHq8DOmqjQ0CJFipgRAuVbAJ4rh2er1D2hN27VwfM4lzlndzokzwCgi09Y
iHECyKOHTcf453NYqRgJrhU=
=Mgl8
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists