Qt Vulnerability Plugged in Three Ubuntu OSes

Users have been advised to update the operating system as quickly as possible

  Ubuntu 12.04 LTS desktop
On November 8, Canonical published in a security notice details about a Qt vulnerability for its Ubuntu 12.10 (Quantal Quetzal), Ubuntu 11.10 (Oneiric Ocelot) and Ubuntu 10.04 LTS (Lucid Lynx) operating systems.

On November 8, Canonical published in a security notice details about a Qt vulnerability for its Ubuntu 12.10 (Quantal Quetzal), Ubuntu 11.10 (Oneiric Ocelot) and Ubuntu 10.04 LTS (Lucid Lynx) operating systems.

According to Canonical, Qt applications could be made to expose sensitive information over the network.

Juliano Rizzo and Thai Duong discovered a flaw in the Transport Layer Security (TLS) protocol when it is used with data compression.

If an attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. This update disables TLS data compression in Qt by default.

For a more detailed description of the security problems, you can visit Canonical's security notification.

Users can simply fix the security flaws by upgrading the operating systems to the latest libqt4-network, specific to each distribution.

A normal system update, executed with the Update Manager, will implement all the necessary changes. A complete system restart is not necessary.

Comments