Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

Fedora 11: 2009-9391 Critical: Kdelibs3 SSL Certificate Validation Fault

fedora
Calendar Grey September 8, 2009
Dist Fedora Esm H88
Security patch for kdelibs3 released on Fedora 11 to resolve critical SSL certificate verification vulnerability.
This update fixes CVE-2009-2702, a security issue where SSL certificates containing embedded NUL characters would falsely pass validation when they're actually invalid, for the KD...

Summary

Libraries for the K Desktop Environment 3:

KDE Libraries included: kdecore (KDE core library), kdeui (user interface),

kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking),

kspell (spelling checker), jscript (javascript), kab (addressbook),

kimgio (image manipulation).

Update Information:

This update fixes CVE-2009-2702, a security issue where SSL certificates containing embedded NUL characters would falsely pass validation when they're actually invalid, for the KDE 3 compatibility version of kdelibs.

Topics%20covered

Topics Covered

security advisory update critical Fedora SSL issue KDE libraries kdelibs3

Change Log

* Sun Sep 6 2009 Kevin Kofler - 3.5.10-13.1 - fix for CVE-2009-2702 * Sun Jul 26 2009 Kevin Kofler - 3.5.10-13 - fix CVE-2009-2537 - select length DoS - fix CVE-2009-1725 - crash, possible ACE in numeric character references - fix CVE-2009-1690 - crash, possible ACE in KHTML ( use-after-free) - fix CVE-2009-1687 - possible ACE in KJS (FIXME: still crashes?) - fix CVE-2009-1698 - crash, possible ACE in CSS style attribute handling * Fri Jul 24 2009 Fedora Release Engineering - 3.5.10-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Sat Jul 18 2009 Rex Dieter - 3.5.10-12 - FTBFS kdelibs3-3.5.10-11.fc11 (#511571) - -devel: Requires: %{name}%_isa ...

References


[ 1 ] Bug #520661 - CVE-2009-2702 kdelibs: kssl incorrect verification of SSL certificate with NUL in subjectAltName https://bugzilla.redhat.com/show_bug.cgi?id=520661

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update kdelibs3' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: kdelibs3
Product: Fedora 11
Version: 3.5.10
Release: 13.fc11.1
URL: https://kde.org/
Summary: K Desktop Environment 3 - Libraries

Topics%20covered

Topics Covered

security advisory update critical Fedora SSL issue KDE libraries kdelibs3

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here