Slackware 12.0 KDM Login Spoofing Critical Fix - 2007-264-01

slackware

September 22, 2007

New kdebase packages are available for Slackware 12.0 to fix security issues

Summary

Here are the details from the Slackware 12.0 ChangeLog: patches/packages/kdebase-3.5.7-i486-3_slack12.0.tgz: Patched Konqueror to prevent "spoofing" the URL (i.e. displaying a URL other than the one associated with the page displayed) For more information, see: https://www.cve.org/CVERecord?id=CVE-2007-3820 https://www.cve.org/CVERecord?id=CVE-2007-4224 https://www.cve.org/CVERecord?id=CVE-2007-4225 Patched KDM issue: "KDM can be tricked into performing a password-less login even for accounts with a password set under certain circumstances, namely autologin to be configured and "shutdown with password" enabled." For more information, see: https://kde.org/info/security/advisory-20070919-1.txt https://www.cve.org/CVERecord?id=CVE-2007-4569 (* Security fix *) patches/packages/kdelibs-3.5.7-i486-3_slack12.0.tgz: Patched Konqueror's supporting libraries to prevent addressbar spoofing. For more information, see:

Read the Full Advisory

Topics Covered

security advisory critical slackware login issue addressbar spoofing

Where Find New Packages

HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating additional FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated packages for Slackware 12.0: ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/kdebase-3.5.7-i486-3_slack12.0.tgz

MD5 Signatures

Slackware 12.0 packages: 467ac64778e2a72334b4ac13ff6f3e98 kdebase-3.5.7-i486-3_slack12.0.tgz 13d4eeb321c922503e8edc49f40e95f4 kdelibs-3.5.7-i486-3_slack12.0.tgz

Severity

critical

Lowest

Low

Medium

High

Critical

Topics Covered

security advisory critical slackware login issue addressbar spoofing

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the packages as root: # upgradepkg kdelibs-3.5.7-i486-3_slack12.0.tgz kdebase-3.5.7-i486-3_slack12.0.tgz

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Slackware 12.0 KDM Login Spoofing Critical Fix - 2007-264-01

Summary

Topics Covered

Where Find New Packages

MD5 Signatures

Topics Covered

Get the latest News and Insights

Installation Instructions

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Slackware 12.0 KDM Login Spoofing Critical Fix - 2007-264-01

Summary

Topics Covered

Where Find New Packages

MD5 Signatures

Topics Covered

Get the latest News and Insights

Installation Instructions

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!