Alerts This Week
Warning Icon 1 631
Alerts This Week
Warning Icon 1 631

Fedora: 2009-9427 Moderate: kdebindings KSSL Certificate Validation Issue

fedora
Calendar Grey September 15, 2009
Dist Fedora Esm H88
The KDE 4.3.1 release enhances multilingual capabilities and resolves instability issues on Fedora systems, addressing a possible KSSL vulnerability.
This updates KDE to 4.3.1, the latest upstream bugfix release

Summary

KDE bindings to non-C++ languages

Update Information:

This updates KDE to 4.3.1, the latest upstream bugfix release. The main improvements are: * KDE 4.3 is now also available in Croatian. * A crash when editing toolbar setup has been fixed. * Support for transferring files through SSH using KIO::Fish has been fixed. * A number of bugs in KWin, KDE's window and compositing manager has been fixed. * A large number of bugs in KMail, KDE's email client are now gone. See https://kde.org/announcements/announce-4.3.1/ for more information. In addition, this update: * fixes a potential security issue (CVE-2009-2702) with certificate validation in the KIO KSSL code. It is believed that the affected code is not actually used (the code in Qt, for which a security update was already issued, is) and thus the issue is only potential, but KSSL is being patched just in case, * splits PolicyKit-kde out of kdebase-workspace again to avoid forcing it onto GNOME-based setups, where PolicyKit-gnome is desired instead (#519654).

Topics%20covered

Topics Covered

security advisory Fedora moderate threat KDE certificate validation KSSL potential issue

Change Log

* Thu Sep 3 2009 Kevin Kofler - 4.3.1-3 - also disable polkit-qt on EL6+ - also remove polkit-qt sip files and examples on F12+/EL6+ * Thu Sep 3 2009 Kevin Kofler - 4.3.1-2 - only (temporarily) disable Falcon on F12+ - drop bindings for polkit-qt on F12+ (PolicyKit 0.9 is going away) - remove unused (commented out) patch * Fri Aug 28 2009 Than Ngo - 4.3.1-1 - 4.3.1 - temporarily disable Falcon bindings (build fails with Falcon 0.9.x) * Mon Aug 17 2009 Rex Dieter - 4.3.0-5 - re-enable php bindings (rawhide) * Tue Aug 11 2009 Rex Dieter - 4.3.0-4.1 - BR: qscintilla-devel >= 2.4 * Sun Aug 9 2009 Rex Dieter - 4.3.0-4 - manually specify PYTHON_LIBRARIES (and friends) (#516386) * Mon Aug 3 2009 Than Ngo - 4.3.0-3 - respin * Sat Aug 1 2009 Rex Dieter 4.3.0-2 - workaround pykdeuic4 upgrade brokenness (introduced in 4.2.98) * Thu Jul 30 2009 Than Ngo - 4.3.0-1 - 4.3.0 - more pykdeuic4 and related multilib love (kdebug#198162) * Fri Jul 24 2009 Fedora Release Engineering - 4.2.98-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Wed Jul 22 2009 Than Ngo - 4.2.98-1 - 4.3rc3 * Mon Jul 20 2009 Than Ngo - 4.2.96-5 - add correct check for php version * Mon Jul 20 2009 Than Ngo - 4.2.96-4 - allow for build php-5.2.x * Mon Jul 20 2009 Than Ngo - 4.2.96-3 - fix build issue with php-5.3.x * Thu Jul 16 2009 Rex Dieter - 4.2.96-2 - fix pykdeuic4-related install bits (kdebug#198162) - pyqt4_version 4.5.2 - License: LGPLv2+ * Fri Jul 10 2009 Than Ngo - 4.2.96-1 - 4.3rc2 * Fri Jun 26 2009 Than Ngo - 4.2.95-1 - 4.3rc1 * Mon Jun 22 2009 Kevin Kofler - 4.2.90-3 - make the Python plugin factory work without python-devel * Wed Jun 17 2009 Rex Dieter - 4.2.90-2 - rework old-PyQt4 patch * Wed Jun 3 2009 Rex Dieter - 4.2.90-1 - KDE-4.3 beta2 (4.2.90) * Thu May 21 2009 Rex Dieter - 4.2.85-2 - respin against PyQt-4.5 * Wed May 20 2009 Than Ngo - 4.2.85-1 - 4.2.85 (4.3 beta1) - build fixes backported from trunk by Nicolas Lécureuil - revert change which requires PyQt4 4.5 (Kevin Kofler) - fix build issue with gcc-4.4 * Tue Apr 21 2009 Kevin Kofler - 4.2.2-5 - F11+: enable csharp on ppc64 * Wed Apr 15 2009 Kevin Kofler - 4.2.2-4 - reenable csharp on ppc * Wed Apr 8 2009 Rex Dieter - 4.2.2-3 - enable csharp only on archs supported by mono (ie, drop ppc) * Wed Apr 1 2009 Rex Dieter - 4.2.2-2 - relax dep on kdepimlibs-akonadi * Tue Mar 31 2009 Lukáš Tinkl - 4.2.2-1 - KDE 4.2.2 * Sat Mar 28 2009 Ben Boeckel - 4.2.1-8 - Only install the .pc file if building csharp/qyoto support * Sat Mar 28 2009 Ben Boeckel - 4.2.1-7 - Fix install line * Sat Mar 28 2009 Ben Boeckel - 4.2.1-6 - Create pkgconfig directory * Sat Mar 28 2009 Ben Boeckel - 4.2.1-5 - Ship qyoto.pc file as well - Add dependency on mono-devel from qyoto-devel * Fri Mar 20 2009 Ben Boeckel - 4.2.1-4 - Don't enable csharp on ppc64 * Fri Mar 20 2009 Ben Boeckel - 4.2.1-3 - Clean up conditionals - Enable PHP and C# bindings * Wed Mar 18 2009 Rex Dieter - 4.2.1-2 - fix typos in Provides: kross(python) * Fri Feb 27 2009 Than Ngo - 4.2.1-1 - 4.2.1 * Wed Feb 25 2009 Than Ngo - 4.2.0-7 - fix build issue again qt-4.5 * Wed Feb 25 2009 Fedora Release Engineering - 4.2.0-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild * Fri Feb 20 2009 Rex Dieter - 4.2.0-5 - enable PyKDE4-akonadi subpkg * Mon Feb 16 2009 Rex Dieter - 4.2.0-4 - include toggle for PyKDE4-akonadi subpkg (not enabled) - PyKDE4: move examples to -devel pkg - PyKDE4: make dep on PyQt4 versioned - PyKDE4: Provides: -akonadi, Requires: kdepimlibs-akonadi - PyKDE4(-devel): adjust description/summary * Mon Feb 9 2009 Ben Boeckel - 4.2.0-3 - Enabled Falcon for Kross (min version met) * Sat Jan 24 2009 Ben Boeckel - 4.2.0-2 - Removed Ruby examples; killed upstream * Thu Jan 22 2009 Than Ngo - 4.2.0-1 - 4.2.0 * Thu Jan 15 2009 Rex Dieter 4.1.96-5 - toggle for QtRuby/kde-plasma-ruby bootstrap * Thu Jan 15 2009 Rex Dieter 4.1.96-4 - update %description/%summaries for new (sub)pkgs - use versioned Provides/Requires all over - BR: akonadi-devel kdegraphics-devel - don't package kde-plasma-ruby-* (cmake error "rbuic4 not found") * Thu Jan 15 2009 Ben Boeckel 4.1.96-3 - Fixed QtRuby version - Moved QtRuby tools to QtRuby-devel * Wed Jan 14 2009 Ben Boeckel 4.1.96-2 - Split out Ruby bindings and Kross modules * Wed Jan 7 2009 Than Ngo - 4.1.96-1 - 4.2rc1 * Fri Dec 12 2008 Kevin Kofler 4.1.85-2 - reenable smoke, ruby - disable NepomukSmoke for now: it wasn't actually used (the corresponding Ruby binding is disabled by default and we don't build the C# bindings) and it depends on nepomukquery libs from kdebase (which also means we need to sort out the -devel symlink mess there first) * Fri Dec 12 2008 Than Ngo 4.1.85-1 - 4.2beta2 * Mon Dec 1 2008 Kevin Kofler 4.1.80-5 - rebuild for Python 2.6 * Mon Dec 1 2008 Kevin Kofler 4.1.80-4 - don't require kdebase-workspace(-devel) * Thu Nov 27 2008 Kevin Kofler 4.1.80-3 - BR plasma-devel instead of kdebase-workspace-devel - disable smoke,ruby (for now, busted) * Thu Nov 20 2008 Than Ngo 4.1.80-2 - merged * Thu Nov 20 2008 Lorenzo Villani - 4.1.80-1 - 4.1.80 - BR cmake >= 2.6.2 - make install/fast * Mon Nov 17 2008 Rex Dieter 4.1.2-2.1 - respin (qscintilla) * Wed Nov 12 2008 Than Ngo 4.1.3-1 - 4.1.3

References


[ 1 ] Bug #520661 - CVE-2009-2702 kdelibs: kssl incorrect verification of SSL certificate with NUL in subjectAltName https://bugzilla.redhat.com/show_bug.cgi?id=520661

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update kdebindings' at the command line. For more information, refer to "Managing Software with yum", available at .

Name: kdebindings
Product: Fedora 10
Version: 4.3.1
Release: 3.fc10
URL: Summary : KDE bindings to non-C++ languages

Topics%20covered

Topics Covered

security advisory Fedora moderate threat KDE certificate validation KSSL potential issue

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here