Mandriva Linux Security Advisory : qt4 (MDVSA-2008:042)

medium Nessus Plugin ID 38087

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

A potential vulnerability was discovered in Qt4 version 4.3.0 through 4.3.2 which may cause a certificate verification in SSL connections not to be performed. As a result, code that uses QSslSocket could be tricked into thinking that the certificate was verified correctly when it actually failed in one or more criteria.

The updated packages have been patched to correct this issue.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?24ed23d5

Plugin Details

Severity: Medium

ID: 38087

File Name: mandriva_MDVSA-2008-042.nasl

Version: 1.14

Type: local

Published: 4/23/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.7

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:lib64qtsvg4, p-cpe:/a:mandriva:linux:lib64qttest4, p-cpe:/a:mandriva:linux:lib64qtuitools4, p-cpe:/a:mandriva:linux:lib64qtxml4, p-cpe:/a:mandriva:linux:libqassistant1, p-cpe:/a:mandriva:linux:libqt3support4, p-cpe:/a:mandriva:linux:libqt4-devel, p-cpe:/a:mandriva:linux:libqtcore4, p-cpe:/a:mandriva:linux:libqtdbus4, p-cpe:/a:mandriva:linux:libqtdesigner1, p-cpe:/a:mandriva:linux:libqtgui4, p-cpe:/a:mandriva:linux:libqtnetwork4, p-cpe:/a:mandriva:linux:libqtopengl4, p-cpe:/a:mandriva:linux:libqtscript4, p-cpe:/a:mandriva:linux:libqtsql4, p-cpe:/a:mandriva:linux:libqtsvg4, p-cpe:/a:mandriva:linux:libqttest4, p-cpe:/a:mandriva:linux:libqtuitools4, p-cpe:/a:mandriva:linux:libqtxml4, p-cpe:/a:mandriva:linux:qt4-accessibility-plugin-lib, p-cpe:/a:mandriva:linux:qt4-accessibility-plugin-lib64, p-cpe:/a:mandriva:linux:qt4-assistant, p-cpe:/a:mandriva:linux:qt4-codecs-plugin-lib, p-cpe:/a:mandriva:linux:qt4-codecs-plugin-lib64, p-cpe:/a:mandriva:linux:qt4-common, p-cpe:/a:mandriva:linux:qt4-database-plugin-mysql-lib, p-cpe:/a:mandriva:linux:qt4-database-plugin-mysql-lib64, p-cpe:/a:mandriva:linux:qt4-database-plugin-odbc-lib, p-cpe:/a:mandriva:linux:qt4-database-plugin-odbc-lib64, p-cpe:/a:mandriva:linux:qt4-database-plugin-pgsql-lib, p-cpe:/a:mandriva:linux:qt4-database-plugin-pgsql-lib64, p-cpe:/a:mandriva:linux:qt4-database-plugin-sqlite-lib, p-cpe:/a:mandriva:linux:qt4-database-plugin-sqlite-lib64, p-cpe:/a:mandriva:linux:qt4-designer, p-cpe:/a:mandriva:linux:qt4-doc, p-cpe:/a:mandriva:linux:qt4-examples, p-cpe:/a:mandriva:linux:qt4-linguist, p-cpe:/a:mandriva:linux:qt4-qtdbus, p-cpe:/a:mandriva:linux:qt4-qvfb, p-cpe:/a:mandriva:linux:qt4-tutorial, cpe:/o:mandriva:linux:2008.0, p-cpe:/a:mandriva:linux:lib64qassistant1, p-cpe:/a:mandriva:linux:lib64qt3support4, p-cpe:/a:mandriva:linux:lib64qt4-devel, p-cpe:/a:mandriva:linux:lib64qtcore4, p-cpe:/a:mandriva:linux:lib64qtdbus4, p-cpe:/a:mandriva:linux:lib64qtdesigner1, p-cpe:/a:mandriva:linux:lib64qtgui4, p-cpe:/a:mandriva:linux:lib64qtnetwork4, p-cpe:/a:mandriva:linux:lib64qtopengl4, p-cpe:/a:mandriva:linux:lib64qtscript4, p-cpe:/a:mandriva:linux:lib64qtsql4

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 2/7/2008

Reference Information

CVE: CVE-2007-5965

BID: 27112

CWE: 264

MDVSA: 2008:042