Release date:
Updated on:
Affected Systems:
Trolltech Qt <= 4.8.4
Description:
--------------------------------------------------------------------------------
Bugtraq id: 57162
CVE (CAN) ID: CVE-2012-6093
Qt is a cross-platform application framework.
In Qt 4.8.4 and earlier versions, the QSslSocket: sslErrors () function has a security vulnerability in certificate verification. If an invalid certificate is used in an ssl http connection after successful exploitation, applications developed using qt (such as browsers) do not receive security warnings, which can be used by malicious attackers for phishing attacks.
<* Source: Shane Kearns
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Trolltech
---------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.trolltech.com/