Ubuntu: DSA 362-1 Significant: Kdeutils-Security Local Vulnerabilities
debian
August 9, 2003
There are multiple vulnerabilities in kdelibs.
Topics Covered
Summary
Two vulnerabilities were discovered in kdelibs:
- - CAN-2003-0459: KDE Konqueror for KDE 3.1.2 and earlier does not
remove authentication credentials from URLs of the
"user:password@host" form in the HTTP-Referer header, which could
allow remote web sites to steal the credentials for pages that link
to the sites.
- - CAN-2003-0370: Konqueror Embedded and KDE 2.2.2 and earlier does not
validate the Common Name (CN) field for X.509 Certificates, which
could allow remote attackers to spoof certificates via a
man-in-the-middle attack.
These vulnerabilities are described in the following security
advisories from KDE:
kde
kde
For the current stable distribution (woody) these problems have been
fixed in version 2.2.2-6woody2.
For the unstable distribution (sid) these problems have been fixed in
kdelibs version 4:3.1.3-1.
We recommend that you update your kdelibs-crypto package.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will in...
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Package: kdelibs-crypto
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!