-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                ESB-2008.0195 -- [Win][UNIX/Linux][Ubuntu]
                             Qt vulnerability
                             22 February 2008

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              libqt4-core
Publisher:            Ubuntu
Operating System:     Ubuntu
                      UNIX variants (UNIX, Linux, OSX)
                      Windows
Impact:               Provide Misleading Information
                      Reduced Security
Access:               Remote/Unauthenticated
CVE Names:            CVE-2007-5965

Original Bulletin:    http://www.ubuntu.com/usn/usn-579-1

Comment: This advisory references vulnerabilities in products which run on
         platforms other than Ubuntu. It is recommended that administrators
         running qt check for an updated version of the software for their
         operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

=========================================================== 
Ubuntu Security Notice USN-579-1          February 20, 2008
qt4-x11 vulnerability
CVE-2007-5965
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.10:
  libqt4-core                     4.3.2-0ubuntu3.2

After a standard system upgrade you need to restart applications
linked against Qt to effect the necessary changes.

Details follow:

It was discovered that QSslSocket did not properly verify SSL
certificates. A remote attacker may be able to trick applications
using QSslSocket into accepting invalid SSL certificates.


Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-x11_4.3.2-0ubuntu3.2.diff.gz
      Size/MD5:    50784 34e258b7ef8ddb98baff43b8addda445
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-x11_4.3.2-0ubuntu3.2.dsc
      Size/MD5:     1605 13abaddb49b3db3c5c30e9f9f04de057
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-x11_4.3.2.orig.tar.gz
      Size/MD5: 43462686 a60490b36099bdd10c4d2f55430075b3

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-doc_4.3.2-0ubuntu3.2_all.deb
      Size/MD5: 25346480 99cd0e2b1094ed55284db1d58605d079

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-core_4.3.2-0ubuntu3.2_amd64.deb
      Size/MD5:  1943082 b4e65e7adebc86ba9b6cc871a60bbd0e
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-debug_4.3.2-0ubuntu3.2_amd64.deb
      Size/MD5: 81469132 14a6f12efd943643de8dad9c0e34f339
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-dev_4.3.2-0ubuntu3.2_amd64.deb
      Size/MD5:  4803626 e72bbf5adf05487893c14820191aa485
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-gui_4.3.2-0ubuntu3.2_amd64.deb
      Size/MD5:  5395948 c66f7f37b88c2f153bd2fde0f5f949a8
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-qt3support_4.3.2-0ubuntu3.2_amd64.deb
      Size/MD5:  1140384 4f2364042868f3c780e26fd80b40919a
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql_4.3.2-0ubuntu3.2_amd64.deb
      Size/MD5:   154934 8fa24a2d0efe9bd826d20e79e26de0de
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-designer_4.3.2-0ubuntu3.2_amd64.deb
      Size/MD5:  1295424 435d9d6947a1becd34602c9b68a48176
    http://security.ubuntu.com/ubuntu/pool/universe/q/qt4-x11/qt4-dev-tools_4.3.2-0ubuntu3.2_amd64.deb
      Size/MD5:   769864 652ecbdfe495cc23e4cf160cca21d36d
    http://security.ubuntu.com/ubuntu/pool/universe/q/qt4-x11/qt4-qtconfig_4.3.2-0ubuntu3.2_amd64.deb
      Size/MD5:    99416 8868ca06f4ee62152de3cc4b9b426b80

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-core_4.3.2-0ubuntu3.2_i386.deb
      Size/MD5:  1768524 131d6c2c0551f2398fce9ff082b37ef2
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-debug_4.3.2-0ubuntu3.2_i386.deb
      Size/MD5: 81026292 8ebfec68d6e0955a3e0a5e1e476a5b55
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-dev_4.3.2-0ubuntu3.2_i386.deb
      Size/MD5:  4437758 222c08edb1bfc0785ed467a5e5ce83a8
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-gui_4.3.2-0ubuntu3.2_i386.deb
      Size/MD5:  4887460 434b7dbebf234ff398e0fe33e8fcc486
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-qt3support_4.3.2-0ubuntu3.2_i386.deb
      Size/MD5:  1021026 db8cb6acd0537582fc6ff4012e359555
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql_4.3.2-0ubuntu3.2_i386.deb
      Size/MD5:   138812 4492b7b101fbf43cd914a7085c8c5481
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-designer_4.3.2-0ubuntu3.2_i386.deb
      Size/MD5:  1249678 1e65a2dcc55131b96f793b69a56eeb08
    http://security.ubuntu.com/ubuntu/pool/universe/q/qt4-x11/qt4-dev-tools_4.3.2-0ubuntu3.2_i386.deb
      Size/MD5:   699468 9f2a65ffc4dac8f019bcdadba7571d9c
    http://security.ubuntu.com/ubuntu/pool/universe/q/qt4-x11/qt4-qtconfig_4.3.2-0ubuntu3.2_i386.deb
      Size/MD5:    93364 db90b49be856de532888e68d3bbe402b

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-core_4.3.2-0ubuntu3.2_powerpc.deb
      Size/MD5:  1861838 4ad11d44b4208bb7a5a2519a02de72fc
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-debug_4.3.2-0ubuntu3.2_powerpc.deb
      Size/MD5: 82142134 aa5b06c09de5c25944ad9b98f5dcb676
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-dev_4.3.2-0ubuntu3.2_powerpc.deb
      Size/MD5:  4567070 25ffc9fc0c49e5d7530559489a2d35c0
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-gui_4.3.2-0ubuntu3.2_powerpc.deb
      Size/MD5:  5197272 6a3d9fb41efa29c7f8b9704d06a5f3dc
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-qt3support_4.3.2-0ubuntu3.2_powerpc.deb
      Size/MD5:  1080292 189dafc8eadebe3d9805baf6d89b6fa7
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql_4.3.2-0ubuntu3.2_powerpc.deb
      Size/MD5:   148286 06074830da4f808d783fbbbb74790fab
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-designer_4.3.2-0ubuntu3.2_powerpc.deb
      Size/MD5:  1301788 ce0c43cbc94828802e56fbe5ac2b7915
    http://security.ubuntu.com/ubuntu/pool/universe/q/qt4-x11/qt4-dev-tools_4.3.2-0ubuntu3.2_powerpc.deb
      Size/MD5:   736666 89d70c039b28804dc839c59bca89391e
    http://security.ubuntu.com/ubuntu/pool/universe/q/qt4-x11/qt4-qtconfig_4.3.2-0ubuntu3.2_powerpc.deb
      Size/MD5:    99296 5d0f324237c2917dfedd321e9609d91f

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-core_4.3.2-0ubuntu3.2_sparc.deb
      Size/MD5:  1995356 dd817644c167ae96d89cf18a6cbb6ce0
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-debug_4.3.2-0ubuntu3.2_sparc.deb
      Size/MD5: 81693916 71f54e309969dad838e11744967e8456
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-dev_4.3.2-0ubuntu3.2_sparc.deb
      Size/MD5:  4901052 fe9616d0a0e887c755c9a1e377b67369
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-gui_4.3.2-0ubuntu3.2_sparc.deb
      Size/MD5:  5446702 dcb34afd768d848994abb5a957c1fab9
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-qt3support_4.3.2-0ubuntu3.2_sparc.deb
      Size/MD5:  1095232 c1f10a9b14875556be4e58a8a4929920
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql_4.3.2-0ubuntu3.2_sparc.deb
      Size/MD5:   149300 9a1f86ef66138ebc1e795b3e861599af
    http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-designer_4.3.2-0ubuntu3.2_sparc.deb
      Size/MD5:  1307846 98d9129d15fb7c2869c12e5e5350f442
    http://security.ubuntu.com/ubuntu/pool/universe/q/qt4-x11/qt4-dev-tools_4.3.2-0ubuntu3.2_sparc.deb
      Size/MD5:   749918 7d01faab0bcc71e048d05f4084f6200c
    http://security.ubuntu.com/ubuntu/pool/universe/q/qt4-x11/qt4-qtconfig_4.3.2-0ubuntu3.2_sparc.deb
      Size/MD5:    97246 018bdbaf72fba8492ab75360da84face

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBR75Dvih9+71yA2DNAQIwOgQAjNJ1LoUmeLCBuDkK/tPuixoEzd+DBisf
nuS3gMm1WGX+U4gC1Rl9c+amMX6dgYNjEta9HTW6eVYxzuA69JvkewiX5kcC/PHw
ynHfjO5v15vIp7LEEqhOmigv1CYXnp3qXbdzM0adTK9ycucpcHSL/bJydp+cwnyq
qOkQFJEepmE=
=0dBy
-----END PGP SIGNATURE-----