Mandriva Linux Security Advisory : qt4 (MDVSA-2008:042)

This script is Copyright (C) 2009-2015 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

A potential vulnerability was discovered in Qt4 version 4.3.0 through
4.3.2 which may cause a certificate verification in SSL connections
not to be performed. As a result, code that uses QSslSocket could be
tricked into thinking that the certificate was verified correctly when
it actually failed in one or more criteria.

The updated packages have been patched to correct this issue.

See also :

http://www.nessus.org/u?24ed23d5

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Mandriva Local Security Checks

Nessus Plugin ID: 38087 (mandriva_MDVSA-2008-042.nasl)

Bugtraq ID: 27112

CVE ID: CVE-2007-5965

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now