On November 8, Canonical published in a security notice details about a Qt vulnerability for its Ubuntu 12.10 (Quantal Quetzal), Ubuntu 11.10 (Oneiric Ocelot) and Ubuntu 10.04 LTS (Lucid Lynx) operating systems. According to Canonical, Qt applications could be made to expose sensitive information over the network.
Juliano Rizzo and Thai Duong discovered a flaw in the Transport Layer Security (TLS) protocol when it is used with data compression.
If an attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. This update disables TLS data compression in Qt by default.
For a more detailed description of the security problems, you can visit Canonical's security
notification.
Users can simply fix the security flaws by upgrading the operating systems to the latest libqt4-network, specific to each distribution.
A normal system update, executed with the Update Manager, will implement all the necessary changes. A complete system restart is not necessary.
Find us on Google+
No user comments yet.
Be the first to express your opinion!
