drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Prüfung von Zertifikaten in KDE-Libs
Name: |
Mangelnde Prüfung von Zertifikaten in KDE-Libs |
|
ID: |
USN-1248-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 |
|
Datum: |
Mi, 26. Oktober 2011, 14:33 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3365 |
|
Applikationen: |
KDE Software Compilation |
|
Originalnachricht |
--===============2171005563869475423== Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-y3HkFdpNiVnK3RkMvZuB"
--=-y3HkFdpNiVnK3RkMvZuB Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1248-1 October 25, 2011
kde4libs vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS
Summary:
KDE-Libs could improperly display fraudulent security certificates.
Software Description: - kde4libs: KDE 4 core applications and libraries
Details:
Tim Brown discovered that KSSL in KDE-Libs did not properly perform input validation when displaying the common name (CN) for an SSL certificate. An attacker could exploit this to spoof the common name which could be used in an attack to trick the user into accepting a fraudulent certificate. This issue only affected Ubuntu 10.04 LTS and Ubuntu 10.10. (CVE-2011-3365)
It was discovered that KIO in KDE-Libs did not properly perform input validation during proxy authentication. An attacker could exploit this to modify displaying of the realm and proxy URL.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.04: libkio5 4:4.6.5-0ubuntu1.1
Ubuntu 10.10: libkio5 4:4.5.5-0ubuntu2.1
Ubuntu 10.04 LTS: kdelibs5 4:4.4.5-0ubuntu1.2
After a standard system update you need to restart any applications that use KSSL and KIO, such as Konqueror and Rekong, to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1248-1 CVE-2011-3365
Package Information: https://launchpad.net/ubuntu/+source/kde4libs/4:4.6.5-0ubuntu1.1 https://launchpad.net/ubuntu/+source/kde4libs/4:4.5.5-0ubuntu2.1 https://launchpad.net/ubuntu/+source/kde4libs/4:4.4.5-0ubuntu1.2
--Ò3HkFdpNiVnK3RkMvZuB Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJOpzfsAAoJEFHb3FjMVZVzbVYP/iyYv3ls84e0SJBjfuK0zo8y TYDRfqd/uLNgs2wY6oXZSUdlhZcHEVENc1rFt3CgUzYEjFdqB1r0IAAuPfqEMSvo Vmzr4cGTQdFVbznbDHXwxe1P8MOM0L2YW7JRt1r1i7yaUEAWLtIEmb1XjUw074PJ 3qk1McifsuJRmaMZmFG3klKZCPN5ZTpBDwHffYLcs3nC9V6B1MzvOM77EOAhjkuQ 5RbZzFoLSB8cC7lyI87cX4ZNOVCjuCfVmhG+wpGdRSFbSXod4LwyMAfSYDHrNqQV MZDKvzhHlEfFLN5OVf/+7HMQuhYZQhZwK9ZxuSIJkRxeWGIAYehwwDzQWGgypaVe Uo6AcbjZLMYLvvIDJmy+OV8TsTCk3LH6kThIrh+GNLaWUS6U5gI/m5VZtVNBa+2V XWhrNATtXrAKy+/h2MmPKe0VYGVAllaTfNkFMkkaKRRMHddq0+lEwB9bPkOBQjvN rIRxo+5FBqPp8J62ZWFz4X09KxGf98Rhb2M35VDkIHSZDSDlyfxijImNsQbYatPW F2TnPOoVZT2h11wYWcXOYSG44CB5vW/sbO0LvLA5afLUPy13ybjh0/tDn2mkHB7/ /6q5NeaXQuV+T+/meNyQqvlCbe3lWhMO3hZIKJCxmvnFGPyrgxbMfdLa84xUCLxo XQw/IiB4r42HoGrAFLKg =Ho/8 -----END PGP SIGNATURE-----
--=-y3HkFdpNiVnK3RkMvZuB--
--===============2171005563869475423== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============2171005563869475423==--
|
|
|
|