| Description: | Description:
The remote host is missing an update to libqt4-network
announced via advisory USN-1504-1.
Details:
It was discovered that Qt did not properly handle wildcard domain names or
IP addresses in the Common Name field of X.509 certificates. An attacker
could exploit this to perform a man in the middle attack to view sensitive
information or alter encrypted communications. This issue only affected
Ubuntu 10.04 LTS. (CVE-2010-5076)
A heap-based buffer overflow was discovered in the HarfBuzz module. If a
user were tricked into opening a crafted font file in a Qt application,
an attacker could cause a denial of service or possibly execute arbitrary
code with the privileges of the user invoking the program. (CVE-2011-3193)
It was discovered that Qt did not properly handle greyscale TIFF images.
If a Qt application could be made to process a crafted TIFF file, an
attacker could cause a denial of service. (CVE-2011-3194)
Solution:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.04:
libqt4-network 4:4.7.2-0ubuntu6.4
libqtgui4 4:4.7.2-0ubuntu6.4
Ubuntu 10.04 LTS:
libqt4-network 4:4.6.2-0ubuntu5.4
libqtgui4 4:4.6.2-0ubuntu5.4
http://www.securityspace.com/smysecure/catid.html?in=USN-1504-1
CVSS Score:
10.0
CVSS Vector:
AV:L/AC:L/Au:NR/C:C/I:C/A:C
|
