Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:29045
HistoryFeb 18, 2013 - 12:00 a.m.

[USN-1723-1] Qt vulnerabilities

2013-02-1800:00:00
vulners.com
44
JSON

==========================================================================
Ubuntu Security Notice USN-1723-1
February 14, 2013

qt4-x11 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 12.10
  • Ubuntu 12.04 LTS
  • Ubuntu 11.10
  • Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in Qt.

Software Description:

  • qt4-x11: Qt 4 libraries

Details:

Richard J. Moore and Peter Hartmann discovered that Qt allowed redirecting
requests from http to file schemes. If an attacker were able to perform a
man-in-the-middle attack, this flaw could be exploited to view sensitive
information. This issue only affected Ubuntu 11.10, Ubuntu 12.04 LTS,
and Ubuntu 12.10. (CVE-2012-5624)

Stephen Cheng discovered that Qt may report incorrect errors when ssl
certificate verification fails. (CVE-2012-6093)

Tim Brown and Mark Lowe discovered that Qt incorrectly used weak
permissions on shared memory segments. A local attacker could use this
issue to view sensitive information, or modify program data belonging to
other users. (CVE-2013-0254)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
libqt4-core 4:4.8.3+dfsg-0ubuntu3.1
libqt4-network 4:4.8.3+dfsg-0ubuntu3.1

Ubuntu 12.04 LTS:
libqt4-core 4:4.8.1-0ubuntu4.4
libqt4-network 4:4.8.1-0ubuntu4.4

Ubuntu 11.10:
libqt4-core 4:4.7.4-0ubuntu8.3
libqt4-network 4:4.7.4-0ubuntu8.3

Ubuntu 10.04 LTS:
libqt4-core 4:4.6.2-0ubuntu5.6
libqt4-network 4:4.6.2-0ubuntu5.6

After a standard system update you need to restart your session to make all
the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1723-1
CVE-2012-5624, CVE-2012-6093, CVE-2013-0254

Package Information:
https://launchpad.net/ubuntu/+source/qt4-x11/4:4.8.3+dfsg-0ubuntu3.1
https://launchpad.net/ubuntu/+source/qt4-x11/4:4.8.1-0ubuntu4.4
https://launchpad.net/ubuntu/+source/qt4-x11/4:4.7.4-0ubuntu8.3
https://launchpad.net/ubuntu/+source/qt4-x11/4:4.6.2-0ubuntu5.6

– ubuntu-security-announce mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Related

securityvulns 1
nessus 23
openvas 22
ubuntu 1
fedora 8
prion 3
cve 3
ubuntucve 3
debiancve 3
veracode 1
oraclelinux 1
centos 1
redhat 1
gentoo 1
debian 1
osv 1
securityvulns
securityvulns
Qt multiple security vulnerabilities
2013-02-18 00:00:00
nessus
nessus
Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : qt4-x11 vulnerabilities (USN-1723-1)
2013-02-15 00:00:00
SuSE 11.2 Security Update : libqt4 (SAT Patch Number 7441)
2013-03-15 00:00:00
SuSE 11.2 Security Update : libqt4 (SAT Patch Number 7441)
2013-03-15 00:00:00
openvas
openvas
Ubuntu Update for qt4-x11 USN-1723-1
2013-02-15 00:00:00
Ubuntu Update for qt4-x11 USN-1723-1
2013-02-15 00:00:00
Fedora Update for qt FEDORA-2013-0277
2013-01-15 00:00:00
ubuntu
ubuntu
Qt vulnerabilities
2013-02-14 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: qt-4.8.4-6.fc18
2013-01-23 01:40:30
[SECURITY] Fedora 17 Update: qt-4.8.4-6.fc17
2013-01-12 15:08:52
[SECURITY] Fedora 17 Update: qt-4.8.4-1.fc17
2012-12-13 06:01:36
prion
prion
Design/Logic Flaw
2013-02-24 19:55:00
Design/Logic Flaw
2013-02-24 19:55:00
Design/Logic Flaw
2013-02-06 12:05:00
cve
cve
CVE-2012-6093
2013-02-24 19:55:00
CVE-2012-5624
2013-02-24 19:55:00
CVE-2013-0254
2013-02-06 12:05:00
ubuntucve
ubuntucve
CVE-2012-6093
2012-12-31 00:00:00
CVE-2012-5624
2012-12-05 00:00:00
CVE-2013-0254
2013-02-06 00:00:00
debiancve
debiancve
CVE-2012-6093
2013-02-24 19:55:00
CVE-2012-5624
2013-02-24 19:55:00
CVE-2013-0254
2013-02-06 12:05:00
veracode
veracode
Information Disclosure
2019-01-15 09:01:02
oraclelinux
oraclelinux
qt security update
2013-03-21 00:00:00
centos
centos
phonon, qt security update
2013-03-21 22:39:15
redhat
redhat
(RHSA-2013:0669) Moderate: qt security update
2013-03-21 00:00:00
gentoo
gentoo
QtCore, QtGui: Multiple vulnerabilities
2013-11-22 00:00:00
debian
debian
[SECURITY] [DLA 210-1] qt4-x11 security update
2015-04-30 11:59:25
osv
osv
qt4-x11 - security update
2015-04-30 00:00:00
JSON
Related for SECURITYVULNS:DOC:29045
securityvulns1nessus23openvas22ubuntu1fedora8prion3cve3ubuntucve3debiancve3veracode1oraclelinux1centos1redhat1gentoo1debian1osv1