Home / mailings [USN-1197-6] Qt vulnerability
Posted on 22 September 2011
Ubuntu Security==========================
==========================
========================
Ubuntu Security Notice USN-1197-6
September 22, 2011
qt4-x11 vulnerability
==========================
==========================
========================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary:
A certificate authority mis-issued fraudulent certificates.
Software Description:
- qt4-x11: Qt 4 libraries and support modules
Details:
USN-1197-1 and USN-1197-3 addressed an issue in Firefox and Xulrunner
pertaining to the Dutch Certificate Authority DigiNotar mis-issuing
fraudulent certificates. This update provides an update
for Qt that blacklists the known fraudulent certificates.
Original advisory details:
USN-1197-1
It was discovered that Dutch Certificate Authority DigiNotar had
mis-issued multiple fraudulent certificates. These certificates could al=
low
an attacker to perform a "man in the middle" (MITM) attack which would m=
ake
the user believe their connection is secure, but is actually being
monitored.
=20
For the protection of its users, Mozilla has removed the DigiNotar
certificate. Sites using certificates issued by DigiNotar will need to s=
eek
another certificate vendor.
=20
We are currently aware of a regression that blocks one of two Staat der
Nederlanden root certificates which are believed to still be secure. Thi=
s
regression is being tracked at https://launchpad.net/bugs/838322.
USN-1197-3
USN-1197-1 partially addressed an issue with Dutch Certificate Authority=
DigiNotar mis-issuing fraudulent certificates. This update actively
distrusts the DigiNotar root certificate as well as several intermediary=
certificates. Also included in this list of distrusted certificates are =
the
"PKIOverheid" (PKIGovernment) intermediates under DigiNotar's control th=
at
did not chain to DigiNotar's root and were not previously blocked.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.04:
libqt4-network 4:4.7.2-0ubuntu6.3
Ubuntu 10.10:
libqt4-network 4:4.7.0-0ubuntu4.4
Ubuntu 10.04 LTS:
libqt4-network 4:4.6.2-0ubuntu5.3
After a standard system upgrade you need to restart your session to effec=
t
the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1197-6
http://www.ubuntu.com/usn/usn-1197-1
http://www.ubuntu.com/usn/usn-1197-3, https://launchpad.net/bugs/837557=
Package Information:
https://launchpad.net/ubuntu/+source/qt4-x11/4:4.7.2-0ubuntu6.3
https://launchpad.net/ubuntu/+source/qt4-x11/4:4.7.0-0ubuntu4.4
https://launchpad.net/ubuntu/+source/qt4-x11/4:4.6.2-0ubuntu5.3
------------