CVE-2012-5624

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2012-5624 at MITRE

Description

The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application.

NVD CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

SUSE information

SUSE Bugzilla entry: 793194

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE Evergreen 11.4
  • libQtWebKit-devel >= 4.7.1-8.63.1
  • libQtWebKit4 >= 4.7.1-8.63.1
  • libQtWebKit4-32bit >= 4.7.1-8.63.1
  • libQtWebKit4-debuginfo >= 4.7.1-8.63.1
  • libQtWebKit4-debuginfo-32bit >= 4.7.1-8.63.1
  • libQtWebKit4-debuginfo-x86 >= 4.7.1-8.63.1
  • libQtWebKit4-x86 >= 4.7.1-8.63.1
  • libqt4 >= 4.7.1-8.63.1
  • libqt4-32bit >= 4.7.1-8.63.1
  • libqt4-debuginfo >= 4.7.1-8.63.1
  • libqt4-debuginfo-32bit >= 4.7.1-8.63.1
  • libqt4-debuginfo-x86 >= 4.7.1-8.63.1
  • libqt4-debugsource >= 4.7.1-8.63.1
  • libqt4-devel >= 4.7.1-8.63.1
  • libqt4-devel-debuginfo >= 4.7.1-8.63.1
  • libqt4-qt3support >= 4.7.1-8.63.1
  • libqt4-qt3support-32bit >= 4.7.1-8.63.1
  • libqt4-qt3support-debuginfo >= 4.7.1-8.63.1
  • libqt4-qt3support-debuginfo-32bit >= 4.7.1-8.63.1
  • libqt4-qt3support-debuginfo-x86 >= 4.7.1-8.63.1
  • libqt4-qt3support-x86 >= 4.7.1-8.63.1
  • libqt4-sql >= 4.7.1-8.63.1
  • libqt4-sql-32bit >= 4.7.1-8.63.1
  • libqt4-sql-debuginfo >= 4.7.1-8.63.1
  • libqt4-sql-debuginfo-32bit >= 4.7.1-8.63.1
  • libqt4-sql-debuginfo-x86 >= 4.7.1-8.63.1
  • libqt4-sql-sqlite >= 4.7.1-8.63.1
  • libqt4-sql-sqlite-32bit >= 4.7.1-8.63.1
  • libqt4-sql-sqlite-debuginfo >= 4.7.1-8.63.1
  • libqt4-sql-sqlite-debuginfo-32bit >= 4.7.1-8.63.1
  • libqt4-sql-sqlite-debuginfo-x86 >= 4.7.1-8.63.1
  • libqt4-sql-sqlite-x86 >= 4.7.1-8.63.1
  • libqt4-sql-x86 >= 4.7.1-8.63.1
  • libqt4-x11 >= 4.7.1-8.63.1
  • libqt4-x11-32bit >= 4.7.1-8.63.1
  • libqt4-x11-debuginfo >= 4.7.1-8.63.1
  • libqt4-x11-debuginfo-32bit >= 4.7.1-8.63.1
  • libqt4-x11-debuginfo-x86 >= 4.7.1-8.63.1
  • libqt4-x11-x86 >= 4.7.1-8.63.1
  • libqt4-x86 >= 4.7.1-8.63.1
Patchnames:
2013-6