Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora: 2009-9427 Critical: KDEPIM KSSL Certificate Validation Issue

fedora
Calendar Grey September 15, 2009
Dist Fedora Esm H88
KDE 4.3.1 release addresses various bugs, enhances security, notably a possible KSSL vulnerability. Explore the Fedora 10 upgrades within.
This updates KDE to 4.3.1, the latest upstream bugfix release

Summary

Personal Information Management (PIM) libraries for the

K Desktop Environment 4.

Update Information:

This updates KDE to 4.3.1, the latest upstream bugfix release. The main improvements are: * KDE 4.3 is now also available in Croatian. * A crash when editing toolbar setup has been fixed. * Support for transferring files through SSH using KIO::Fish has been fixed. * A number of bugs in KWin, KDE's window and compositing manager has been fixed. * A large number of bugs in KMail, KDE's email client are now gone. See https://kde.org/announcements/announce-4.3.1/ for more information. In addition, this update: * fixes a potential security issue (CVE-2009-2702) with certificate validation in the KIO KSSL code. It is believed that the affected code is not actually used (the code in Qt, for which a security update was already issued, is) and thus the issue is only potential, but KSSL is being patched just in case, * splits PolicyKit-kde out of kdebase-workspace again to avoid forcing it onto GNOME-based setups, where PolicyKit-gnome is desired instead (#519654).

Topics%20covered

Topics Covered

security advisory critical software update Fedora certificate validation KDEPIM KSSL issue

Change Log

* Fri Aug 28 2009 Than Ngo - 4.3.1-1 - 4.3.1 * Tue Aug 4 2009 Rex Dieter - 4.3.0-2 - akonadi_version 1.2.0 * Thu Jul 30 2009 Than Ngo - 4.3.0-1 - 4.3.0 * Wed Jul 29 2009 Rex Dieter - 4.2.98-3 - Conflicts: kdepim < 4.2.90 * Fri Jul 24 2009 Fedora Release Engineering - 4.2.98-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Wed Jul 22 2009 Than Ngo - 4.2.98-1 - 4.3rc3 * Thu Jul 16 2009 Rex Dieter - 4.2.96-2 - License: LGPLv2+ * Sat Jul 11 2009 Than Ngo - 4.2.96-1 - 4.3rc2 * Thu Jul 2 2009 Rex Dieter - 4.2.95-3 - akonadi_version 1.1.95 * Mon Jun 29 2009 Than Ngo - 4.2.95-2 - respin * Thu Jun 25 2009 Than Ngo - 4.2.95-1 - 4.3 RC1 * Wed Jun 3 2009 Rex Dieter 4.2.90-1 - KDE-4.3 beta2 (4.2.90) * Sun May 24 2009 Rex Dieter 4.2.85-2 - (min) akonadi_version 1.1.85 * Mon May 11 2009 Than Ngo 4.2.85-1 - 4.2.85 * Mon Apr 6 2009 Kevin Kofler - 4.2.2-3 - fix libkcal devel symlink hack * Thu Apr 2 2009 Rex Dieter - 4.2.2-2 - -apidocs noarch (f10+) - package %_kde4_appsdir/akonadi-kde only once * Tue Mar 31 2009 Lukáš Tinkl - 4.2.2-1 - KDE 4.2.2 * Mon Mar 9 2009 Kevin Kofler - 4.2.1-4 - disable CMake debugging, #475876 should be fixed now * Tue Mar 3 2009 Rex Dieter - 4.2.1-2 - avoid libkcal conflict with kdepim3 * Fri Feb 27 2009 Than Ngo - 4.2.1-1 - 4.2.1 * Wed Feb 25 2009 Fedora Release Engineering - 4.2.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild * Wed Feb 18 2009 Than Ngo - 4.2.0-4 - enable akonadi subpkg * Mon Feb 16 2009 Rex Dieter - 4.2.0-3 - include toggle for -akonadi subpkg (not enabled) - Provides: -akonadi * Mon Feb 16 2009 Rex Dieter - 4.2.0-2 - multilib conflicts (#485659) - kde4/devel symlinks: blacklist only known conflicts * Thu Jan 22 2009 Than Ngo - 4.2.0-1 - 4.2.0 - exclude kdepimlibs-apidocs from main pkg * Thu Jan 8 2009 Lorenzo Villani - 4.1.96-2 - fix build on Fedora 10 (cmake < 2.6.3 seems to have a different behaviour here) * Wed Jan 7 2009 Than Ngo - 4.1.96-1 - 4.2rc1 * Wed Dec 17 2008 Rex Dieter - 4.1.85-2 - versioned akonadi(-devel) deps * Thu Dec 11 2008 Lorenzo Villani - 4.1.85-1 - KDE 4.2beta2 * Wed Dec 10 2008 Lorenzo Villani - 4.1.82-2 - add --debug-output to our cmake call, that should fix a reproducible bug with cmake and ppc builds (this work-around should be removed anyway) * Tue Dec 9 2008 Lorenzo Villani - 4.1.82-1 - 4.1.82 * Tue Dec 2 2008 Rex Dieter 4.1.80-3 - -devel: Requires: libical-devel * Thu Nov 20 2008 Than Ngo 4.1.80-2 - merged * Thu Nov 20 2008 Lorenzo Villani - 4.1.80-1 - 4.1.80 - BR cmake 2.6 - make install/fast * Wed Nov 12 2008 Than Ngo 4.1.3-1 - 4.1.3

References


[ 1 ] Bug #520661 - CVE-2009-2702 kdelibs: kssl incorrect verification of SSL certificate with NUL in subjectAltName https://bugzilla.redhat.com/show_bug.cgi?id=520661

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update kdepimlibs' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: kdepimlibs
Product: Fedora 10
Version: 4.3.1
Release: 1.fc10
URL: https://kde.org/
Summary: K Desktop Environment 4 - PIM Libraries

Topics%20covered

Topics Covered

security advisory critical software update Fedora certificate validation KDEPIM KSSL issue

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here