Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora: 2009-9427 Moderate: Ksocial Certificate Validation Issue

fedora
Calendar Grey September 15, 2009
Dist Fedora Esm H88
The KDE 4.3.1 release enhances stability and security within Fedora, addressing significant KSSL vulnerabilities related to certificate verification errors.
This updates KDE to 4.3.1, the latest upstream bugfix release

Summary

The kdemultimedia package contains multimedia applications, including:

* dragonplayer (a simple video player)

* juk (a music manager and player)

* kmix (an audio mixer)

* kscd (an Audio-CD player)

Update Information:

This updates KDE to 4.3.1, the latest upstream bugfix release. The main improvements are: * KDE 4.3 is now also available in Croatian. * A crash when editing toolbar setup has been fixed. * Support for transferring files through SSH using KIO::Fish has been fixed. * A number of bugs in KWin, KDE's window and compositing manager has been fixed. * A large number of bugs in KMail, KDE's email client are now gone. See https://kde.org/announcements/announce-4.3.1/ for more information. In addition, this update: * fixes a potential security issue (CVE-2009-2702) with certificate validation in the KIO KSSL code. It is believed that the affected code is not actually used (the code in Qt, for which a security update was already issued, is) and thus the issue is only potential, but KSSL is being patched just in case, * splits PolicyKit-kde out of kdebase-workspace again to avoid forcing it onto GNOME-based setups, where PolicyKit-gnome is desired instead (#519654).

Topics%20covered

Topics Covered

security advisory update Fedora KDE KDM certificate issue KSSL

Change Log

* Fri Aug 28 2009 Than Ngo - 4.3.1-1 - 4.3.1 * Thu Jul 30 2009 Than Ngo - 4.3.0-1 - 4.3.0 * Fri Jul 24 2009 Fedora Release Engineering - 6:4.2.98-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Wed Jul 22 2009 Than Ngo - 4.2.98-1 - 4.3rc3 * Sat Jul 11 2009 Than Ngo - 4.2.96-1 - 4.3rc2 * Fri Jun 26 2009 Than Ngo - 4.2.95-1 - 4.3rc1 * Fri Jun 5 2009 Than Ngo - 4.2.90-2 - fix build issue without xine-lib * Thu Jun 4 2009 Rex Dieter - 4.2.90-1 - KDE-4.3 beta2 (4.2.90) * Mon May 18 2009 Kevin Kofler - 4.2.85-2 - Disable BR pulseaudio-libs-devel, KMix PA integration does not work yet. * Wed May 13 2009 Lukáš Tinkl - 4.2.85-1 - KDE 4.3 beta 1 * Wed Apr 1 2009 Rex Dieter - 4.2.2-2 - optimize scriptlets * Tue Mar 31 2009 Lukáš Tinkl - 4.2.2-1 - KDE 4.2.2 * Fri Feb 27 2009 Than Ngo - 4.2.1-1 - 4.2.1 * Sun Feb 22 2009 Tejas Dinkar - 4.2.0-3 - fix kde#165249 No sound after second video file in Dragon Player (from 4.2.1) * Sat Jan 31 2009 Rex Dieter - 4.2.0-2 - unowned dirs (#483516) * Thu Jan 22 2009 Than Ngo - 4.2.0-1 - 4.2.0 * Wed Jan 7 2009 Than Ngo - 4.1.96-1 - 4.2rc1 * Sat Dec 13 2008 Kevin Kofler 4.1.85-2 - restore BR libtunepimp-devel libmusicbrainz-devel for now, needed by Kscd * Fri Dec 12 2008 Than Ngo 4.1.85-1 - 4.2beta2 * Fri Nov 28 2008 Lorenzo Villani - 6:4.1.80-3 - dragon documentation disappeared (at least with my mock build), update file lists - add kioslave documentation to file lists * Thu Nov 20 2008 Rex Dieter 4.1.80-3 - -devel: drop Req: kdebase-workspace-devel * Thu Nov 20 2008 Than Ngo 4.1.80-2 - merged * Thu Nov 20 2008 Lorenzo Villani - 6:4.1.80-1 - 4.1.80 - BR cmake >= 2.6.2 - make install/fast * Wed Nov 12 2008 Than Ngo 4.1.3-1 - 4.1.3

References


[ 1 ] Bug #520661 - CVE-2009-2702 kdelibs: kssl incorrect verification of SSL certificate with NUL in subjectAltName https://bugzilla.redhat.com/show_bug.cgi?id=520661

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update kdemultimedia' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
important
Lowest
Low
Medium
High
Critical

Name: kdemultimedia
Product: Fedora 10
Version: 4.3.1
Release: 1.fc10
URL: https://kde.org/
Summary: K Desktop Environment - Multimedia applications

Topics%20covered

Topics Covered

security advisory update Fedora KDE KDM certificate issue KSSL

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here