Mailinglist Archive: opensuse-kde (218 mails)
| < Previous | Next > |
[opensuse-kde] Fraudulent certificates patch
- From: todd rme <toddrme2178@xxxxxxxxx>
- Date: Tue, 29 Mar 2011 13:32:03 -0400
- Message-id: <AANLkTinBYGpTCrTW=NwZvYsepyvZn5SSe8krupT9q=aL@mail.gmail.com>
You probably already saw this, but I thought I would pass it along just in case:
http://labs.qt.nokia.com/2011/03/29/security-advisory-fraudulent-certificates/
Since it is a serious security vulnerability it is probably a good
idea to push it as an openSUSE update.
-Todd
--
To unsubscribe, e-mail: opensuse-kde+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-kde+help@xxxxxxxxxxxx
http://labs.qt.nokia.com/2011/03/29/security-advisory-fraudulent-certificates/
A patch has been created for Qt 4.6 and 4.7 that addresses potential threats
caused by fraudulent SSL certificates.
Background:
Recently a group of people managed to get fraudulent SSL certificates signed
by a Certificate Authority (CA).
These certificates potentially enable their owners to pretend to be other
entities on the Web; the attackers can present valid certificates for e.g.
mail.google.com, login.yahoo.com and login.live.com, among others.
The patch below solves this problem by blacklisting those fake certificates
and aborting an SSL handshake with entities that present these certificates.
The patch applies to all 4.6 and 4.7 versions, and should be applied to all Qt
4.6.x and 4.7.x versions; upcoming Qt releases will contain a fix for this
problem.
Since it is a serious security vulnerability it is probably a good
idea to push it as an openSUSE update.
-Todd
--
To unsubscribe, e-mail: opensuse-kde+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-kde+help@xxxxxxxxxxxx
| < Previous | Next > |