CVE-2012-6093
First published: Fri Jan 04 2013(Updated: )
A security flaw was found in the way QSslSocket implementation of the Qt, a software toolkit for applications development, performed certificate verification callbacks, when Qt libraries were used with different OpenSSL version than the one, they were compiled against. In such scenario, this would result in a connection error, but with the SSL error list to contain QSslError:NoError instead of proper reason of the error. This might result in a confusing error being presented to the end users, possibly encouraging them to ignore the SSL errors for the site the connection was initiated against. References: [1] <a href="http://lists.qt-project.org/pipermail/announce/2013-January/000020.html">http://lists.qt-project.org/pipermail/announce/2013-January/000020.html</a> Relevant upstream patch: [2] <a href="https://codereview.qt-project.org/#change,42461">https://codereview.qt-project.org/#change,42461</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Qt Qt | <=4.6.5 | |
| Qt Qt | =4.6.0 | |
| Qt Qt | =4.6.0-rc1 | |
| Qt Qt | =4.6.1 | |
| Qt Qt | =4.6.2 | |
| Qt Qt | =4.6.3 | |
| Qt Qt | =4.6.4 | |
| Qt Qt | =4.7.0 | |
| Qt Qt | =4.7.1 | |
| Qt Qt | =4.7.2 | |
| Qt Qt | =4.7.3 | |
| Qt Qt | =4.7.4 | |
| Qt Qt | =4.7.5 | |
| Qt Qt | =4.7.6-rc | |
| Qt Qt | =4.8.0 | |
| Qt Qt | =4.8.1 | |
| Qt Qt | =4.8.2 | |
| Qt Qt | =4.8.3 | |
| Qt Qt | =4.8.4 | |
| Canonical Ubuntu Linux | =10.04 | |
| Canonical Ubuntu Linux | =11.10 | |
| Canonical Ubuntu Linux | =12.04 | |
| Canonical Ubuntu Linux | =12.10 | |
| openSUSE openSUSE | =11.4 | |
| openSUSE openSUSE | =12.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.qt-project.org/pipermail/announce/2013-January/000020.html
- https://codereview.qt-project.org/#change,42461
- http://www.openwall.com/lists/oss-security/2013/01/04/3
- https://admin.fedoraproject.org/updates/qt-4.8.4-4.fc18
- https://admin.fedoraproject.org/updates/qt-4.8.4-4.fc17
- https://admin.fedoraproject.org/updates/qt-4.8.4-4.fc16
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=891964
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=891955#c2
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=891955#c6
- http://www.openwall.com/lists/oss-security/2013/01/04/6
- https://bugzilla.redhat.com/show_bug.cgi?id=891955
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697582
- http://lists.opensuse.org/opensuse-updates/2013-01/msg00086.html
- http://lists.opensuse.org/opensuse-updates/2013-01/msg00089.html
- http://lists.opensuse.org/opensuse-updates/2013-02/msg00014.html
- http://qt.gitorious.org/qt/qt/commit/3b14dc93cf0ef06f1424d7d6319a1af4505faa53%20%284.7%29
- http://qt.gitorious.org/qt/qt/commit/691e78e5061d4cbc0de212d23b06c5dffddf2098%20%284.8%29
- http://secunia.com/advisories/52217
- http://www.ubuntu.com/usn/USN-1723-1
- https://codereview.qt-project.org/#change%2C42461
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2012-6093
- vendor/qt
- canonical/qt qt
- version/qt qt/4.6.5
- version/qt qt/4.6.0
- version/qt qt/4.6.0-rc1
- version/qt qt/4.6.1
- version/qt qt/4.6.2
- version/qt qt/4.6.3
- version/qt qt/4.6.4
- version/qt qt/4.7.0
- version/qt qt/4.7.1
- version/qt qt/4.7.2
- version/qt qt/4.7.3
- version/qt qt/4.7.4
- version/qt qt/4.7.5
- version/qt qt/4.7.6-rc
- version/qt qt/4.8.0
- version/qt qt/4.8.1
- version/qt qt/4.8.2
- version/qt qt/4.8.3
- version/qt qt/4.8.4
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/10.04
- version/canonical ubuntu linux/11.10
- version/canonical ubuntu linux/12.04
- version/canonical ubuntu linux/12.10
- vendor/opensuse
- canonical/opensuse opensuse
- version/opensuse opensuse/11.4
- version/opensuse opensuse/12.2