Mandriva Update For Qt4 MDVSA-2008:042 (qt4) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A potential vulnerability was discovered in Qt4 version 4.3.0 through 4.3.2 which may cause a certificate verification in SSL connections not to be performed. As a result, code that uses QSslSocket could be tricked into thinking that the certificate was verified correctly when it actually failed in one or more criteria. The updated packages have been patched to correct this issue.

Affected

qt4 on Mandriva Linux 2008.0, Mandriva Linux 2008.0/X86_64

Severity

Classification

CVE CVE-2007-5965

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:090 (php)
Mandrake Security Advisory MDVSA-2009:117 (ntp)
Mandrake Security Advisory MDVSA-2009:042 (samba)
Mandrake Security Advisory MDVSA-2009:079 (postgresql)
Mandrake Security Advisory MDVSA-2009:038 (blender)

Mandriva Update for qt4 MDVSA-2008:042 (qt4)

Take action and discover your vulnerabilities