Lucene search

K
ubuntuUbuntuUSN-1628-1
HistoryNov 08, 2012 - 12:00 a.m.

Qt vulnerability

2012-11-0800:00:00
ubuntu.com
84

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

AI Score

5.5

Confidence

Low

EPSS

0.002

Percentile

61.5%

Releases

  • Ubuntu 12.04
  • Ubuntu 11.10
  • Ubuntu 10.04

Packages

  • qt4-x11 - Qt 4 libraries

Details

Juliano Rizzo and Thai Duong discovered a flaw in the Transport Layer
Security (TLS) protocol when it is used with data compression. If an
attacker were able to perform a machine-in-the-middle attack, this flaw
could be exploited to view sensitive information. This update disables
TLS data compression in Qt by default.

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

AI Score

5.5

Confidence

Low

EPSS

0.002

Percentile

61.5%