Bug 630063 (CVE-2010-5076)
Summary: | CVE-2010-5076 Qt: QSslSocket incorrect handling of IP wildcards in certificate Common Name | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | bressers, than |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-06-20 10:09:28 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 805433 | ||
Bug Blocks: | 784298 |
Description
Jan Lieskovsky
2010-09-03 15:53:02 UTC
Upstream commit addressing this issue: http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e KDE code re-implements name checking code in KIO::TCPSlaveBase, following KDE commit changes that code to address wp-10-0001 as well as the issue with * wilcard matching more than one host name label (see QTBUG-4455 or bug #520435, comment #2): http://websvn.kde.org/?view=revision&revision=1173851 (trunk) http://websvn.kde.org/?view=revision&revision=1173904 (4.4) (In reply to comment #17) > Upstream commit addressing this issue: > http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e This patch has to be applied after: http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0 which is a fix for: http://bugreports.qt.nokia.com/browse/QTBUG-4455 (see bug #520435, comment #2) This issue has been assigned CVE-2010-5076 This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2012:0880 https://rhn.redhat.com/errata/RHSA-2012-0880.html |