drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Prüfung von Zertifikaten in KDE-Libs
| Name: |
Mangelnde Prüfung von Zertifikaten in KDE-Libs |
|
| ID: |
USN-1248-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 |
|
| Datum: |
Mi, 26. Oktober 2011, 14:33 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3365 |
|
| Applikationen: |
KDE Software Compilation |
|
Originalnachricht |
--===============2171005563869475423==
Content-Type: multipart/signed; micalg="pgp-sha512";
protocol="application/pgp-signature";
boundary="=-y3HkFdpNiVnK3RkMvZuB"
--=-y3HkFdpNiVnK3RkMvZuB
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable
==========================================================================
Ubuntu Security Notice USN-1248-1
October 25, 2011
kde4libs vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary:
KDE-Libs could improperly display fraudulent security certificates.
Software Description:
- kde4libs: KDE 4 core applications and libraries
Details:
Tim Brown discovered that KSSL in KDE-Libs did not properly perform input
validation when displaying the common name (CN) for an SSL certificate. An
attacker could exploit this to spoof the common name which could be used in
an attack to trick the user into accepting a fraudulent certificate. This
issue only affected Ubuntu 10.04 LTS and Ubuntu 10.10. (CVE-2011-3365)
It was discovered that KIO in KDE-Libs did not properly perform input
validation during proxy authentication. An attacker could exploit this to
modify displaying of the realm and proxy URL.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.04:
libkio5 4:4.6.5-0ubuntu1.1
Ubuntu 10.10:
libkio5 4:4.5.5-0ubuntu2.1
Ubuntu 10.04 LTS:
kdelibs5 4:4.4.5-0ubuntu1.2
After a standard system update you need to restart any applications that
use KSSL and KIO, such as Konqueror and Rekong, to make all the necessary
changes.
References:
http://www.ubuntu.com/usn/usn-1248-1
CVE-2011-3365
Package Information:
https://launchpad.net/ubuntu/+source/kde4libs/4:4.6.5-0ubuntu1.1
https://launchpad.net/ubuntu/+source/kde4libs/4:4.5.5-0ubuntu2.1
https://launchpad.net/ubuntu/+source/kde4libs/4:4.4.5-0ubuntu1.2
--Ò3HkFdpNiVnK3RkMvZuB
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJOpzfsAAoJEFHb3FjMVZVzbVYP/iyYv3ls84e0SJBjfuK0zo8y
TYDRfqd/uLNgs2wY6oXZSUdlhZcHEVENc1rFt3CgUzYEjFdqB1r0IAAuPfqEMSvo
Vmzr4cGTQdFVbznbDHXwxe1P8MOM0L2YW7JRt1r1i7yaUEAWLtIEmb1XjUw074PJ
3qk1McifsuJRmaMZmFG3klKZCPN5ZTpBDwHffYLcs3nC9V6B1MzvOM77EOAhjkuQ
5RbZzFoLSB8cC7lyI87cX4ZNOVCjuCfVmhG+wpGdRSFbSXod4LwyMAfSYDHrNqQV
MZDKvzhHlEfFLN5OVf/+7HMQuhYZQhZwK9ZxuSIJkRxeWGIAYehwwDzQWGgypaVe
Uo6AcbjZLMYLvvIDJmy+OV8TsTCk3LH6kThIrh+GNLaWUS6U5gI/m5VZtVNBa+2V
XWhrNATtXrAKy+/h2MmPKe0VYGVAllaTfNkFMkkaKRRMHddq0+lEwB9bPkOBQjvN
rIRxo+5FBqPp8J62ZWFz4X09KxGf98Rhb2M35VDkIHSZDSDlyfxijImNsQbYatPW
F2TnPOoVZT2h11wYWcXOYSG44CB5vW/sbO0LvLA5afLUPy13ybjh0/tDn2mkHB7/
/6q5NeaXQuV+T+/meNyQqvlCbe3lWhMO3hZIKJCxmvnFGPyrgxbMfdLa84xUCLxo
XQw/IiB4r42HoGrAFLKg
=Ho/8
-----END PGP SIGNATURE-----
--=-y3HkFdpNiVnK3RkMvZuB--
--===============2171005563869475423==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============2171005563869475423==--
|
|
|
|
