Ubuntu 1248-1: KDE-Libs vulnerability

    Date25 Oct 2011
    CategoryUbuntu
    74
    Posted ByLinuxSecurity Advisories
    KDE-Libs could improperly display fraudulent security certificates.
    ==========================================================================
    Ubuntu Security Notice USN-1248-1
    October 25, 2011
    
    kde4libs vulnerability
    ==========================================================================
    
    A security issue affects these releases of Ubuntu and its derivatives:
    
    - Ubuntu 11.04
    - Ubuntu 10.10
    - Ubuntu 10.04 LTS
    
    Summary:
    
    KDE-Libs could improperly display fraudulent security certificates.
    
    Software Description:
    - kde4libs: KDE 4 core applications and libraries
    
    Details:
    
    Tim Brown discovered that KSSL in KDE-Libs did not properly perform input
    validation when displaying the common name (CN) for an SSL certificate. An
    attacker could exploit this to spoof the common name which could be used in
    an attack to trick the user into accepting a fraudulent certificate. This
    issue only affected Ubuntu 10.04 LTS and Ubuntu 10.10. (CVE-2011-3365)
    
    It was discovered that KIO in KDE-Libs did not properly perform input
    validation during proxy authentication. An attacker could exploit this to
    modify displaying of the realm and proxy URL.
    
    Update instructions:
    
    The problem can be corrected by updating your system to the following
    package versions:
    
    Ubuntu 11.04:
      libkio5                         4:4.6.5-0ubuntu1.1
    
    Ubuntu 10.10:
      libkio5                         4:4.5.5-0ubuntu2.1
    
    Ubuntu 10.04 LTS:
      kdelibs5                        4:4.4.5-0ubuntu1.2
    
    After a standard system update you need to restart any applications that
    use KSSL and KIO, such as Konqueror and Rekong, to make all the necessary
    changes.
    
    References:
      http://www.ubuntu.com/usn/usn-1248-1
      CVE-2011-3365
    
    Package Information:
      https://launchpad.net/ubuntu/+source/kde4libs/4:4.6.5-0ubuntu1.1
      https://launchpad.net/ubuntu/+source/kde4libs/4:4.5.5-0ubuntu2.1
      https://launchpad.net/ubuntu/+source/kde4libs/4:4.4.5-0ubuntu1.2
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"36","type":"x","order":"1","pct":50.7,"resources":[]},{"id":"88","title":"Should be more technical","votes":"10","type":"x","order":"2","pct":14.08,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"25","type":"x","order":"3","pct":35.21,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.