Sections

Qt patches released fixing potential security flaw

Patches for Qt versions 4.3.0 and newer available for download.

Oslo, 01 September 2009 – Nokia today released a set of patches to Qt addressing a potential vulnerability in the QSslCertificate class parsing of Subject Alternate Names (SAN) of X.509 certificates that contain embedded NUL characters. The security vulnerability affects all Qt releases containing SSL support, namely all releases since Qt 4.3.0, and has been assigned a risk level of "Moderate" on a scale of Low / Moderate / Important / Critical.

Patches for Qt 4.3.x and Qt 4.4 series releases are available for download below. These patches can be used with Qt under the license(s) that originally accompanied the Qt release to which the patch is being applied.

*Can be applied to all Qt 4.3.x series releases with minor whitespace modifications.

Document Actions

Navigation

The Qt Blog: Planning Qt Contributors Summit Apr 25, 2012; Qt SDK 1.2.1 update released Apr 11, 2012; Qt 5 Alpha is here – providing a taste of the future Apr 03, 2012; Qt 4.8.1 libraries for Windows, Mac and Linux/X11 released as stand-alone download Mar 28, 2012; A year of Qt ecosystem growth with Digia nurturing Qt Commercial Mar 23, 2012; More…

Official Nokia site