View Full Version : USN-579-1: Qt vulnerability

February 21st, 2008, 05:00 PM
Referenced CVEs:

================================================== ========= Ubuntu Security Notice USN-579-1 February 20, 2008 qt4-x11 vulnerability CVE-2007-5965 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.10: libqt4-core 4.3.2-0ubuntu3.2 After a standard system upgrade you need to restart applications linked against Qt to effect the necessary changes. Details follow: It was discovered that QSslSocket did not properly verify SSL certificates. A remote attacker may be able to trick applications using QSslSocket into accepting invalid SSL certificates.

More... (http://www.ubuntu.com/usn/usn-579-1)