Fehlerhafte Zertifikat-Bearbeitung in konqueror
ID: | MDKSA-2002:058 |
Distribution: | Mandrake |
Plattformen: | Mandrake 8.1, Mandrake 8.2 |
Datum: | Di, 10. September 2002, 13:00 |
Referenzen: | Keine Angabe |
Applikationen: | KDE Software Compilation |
Originalnachricht |
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ Mandrake Linux Security Update Advisory ________________________________________________________________________ Package name: kdelibs Advisory ID: MDKSA-2002:058 Date: September 9th, 2002 Affected versions: 8.1, 8.2 ________________________________________________________________________ Problem Description: A vulnerability was discovered in KDE's SSL implementation in that it does not check the basic constraints on a certificate and as a result may accept certificates as valid that were signed by an issuer who is not authorized to do so. This can lead to Konqueror and other SSL- enabled KDE software falling victim to a man-in-the-middle attack without being aware of the invalid certificate. This will trick users into thinking they are on a secure connection with a valid site when in fact the site is different from that which they intended to connect to. This is fixed in KDE 3.0.3, and the KDE team provided a patch for KDE 2.2.2. This patch has been applied to the following packages. After upgrading kdelibs, you must restart KDE in order for the fix to work. ________________________________________________________________________ References: http://www.kde.org/info/security/advisory-20020818-1.txt ________________________________________________________________________ Updated Packages: Mandrake Linux 8.1: 59e07a902775fa12e7e9e712270626e2 8.1/RPMS/arts-2.2.1-5.2mdk.i586.rpm 2f3aa85203be22528059e0689c9a216a 8.1/RPMS/kdelibs-2.2.1-5.2mdk.i586.rpm 0e51a89a084d75d4315248fa01ded952 8.1/RPMS/kdelibs-devel-2.2.1-5.2mdk.i586.rpm 0a06fe260a9598c0783f59666a7658d7 8.1/RPMS/kdelibs-sound-2.2.1-5.2mdk.i586.rpm 147d35f45ecc4729fa6217345df526e1 8.1/RPMS/kdelibs-static-devel-2.2.1-5.2mdk.i586.rpm 583da993496f36c5c0f6710f5905639a 8.1/RPMS/libarts2-2.2.1-5.2mdk.i586.rpm 86928a0b4a3aa0c7a41461166760e524 8.1/RPMS/libarts2-devel-2.2.1-5.2mdk.i586.rpm 155c8190d9cc9c64c5989d0aada188fd 8.1/SRPMS/kdelibs-2.2.1-5.2mdk.src.rpm Mandrake Linux 8.1/ia64: f9b2cc29cf756af97cbf286d97d6fefb ia64/8.1/RPMS/arts-2.2.1-5.2mdk.ia64.rpm b7e524fe0a9f05afd527b11b139e00cb ia64/8.1/RPMS/kdelibs-2.2.1-5.2mdk.ia64.rpm ef2c379830806fca349904bc9e74c905 ia64/8.1/RPMS/kdelibs-devel-2.2.1-5.2mdk.ia64.rpm 58a3d638d22dd880a6bd12defee780a7 ia64/8.1/RPMS/kdelibs-sound-2.2.1-5.2mdk.ia64.rpm 773397b0613dee9caa8911a6867f5dc8 ia64/8.1/RPMS/kdelibs-static-devel-2.2.1-5.2mdk.ia64.rpm 72f4993f1854f2e8967f5610dd11c431 ia64/8.1/RPMS/libarts2-2.2.1-5.2mdk.ia64.rpm 640e1ebc2a54a6b92fa78f9c0edf0cc9 ia64/8.1/RPMS/libarts2-devel-2.2.1-5.2mdk.ia64.rpm 155c8190d9cc9c64c5989d0aada188fd ia64/8.1/SRPMS/kdelibs-2.2.1-5.2mdk.src.rpm Mandrake Linux 8.2: 4285bef1ff018f7daa375d51ffd38aa4 8.2/RPMS/arts-2.2.2-48.1mdk.i586.rpm 981fd5d9d73f63960c1c84e36e8c012c 8.2/RPMS/kdelibs-2.2.2-48.1mdk.i586.rpm 910f9a99101076af2eeb2a195d4e8de7 8.2/RPMS/kdelibs-devel-2.2.2-48.1mdk.i586.rpm 93d7c56dbd235d49d87610de699b54a0 8.2/RPMS/kdelibs-sound-2.2.2-48.1mdk.i586.rpm 61d5d895b11ae7bb4d5317dcf8cea6b7 8.2/RPMS/libarts2-2.2.2-48.1mdk.i586.rpm 2df99b1aea65a9ca2d12a817a50581d9 8.2/RPMS/libarts2-devel-2.2.2-48.1mdk.i586.rpm ac2a31f2e0a6b1d97ad6cebddd568273 8.2/SRPMS/kdelibs-2.2.2-48.1mdk.src.rpm Mandrake Linux 8.2/ppc: 9f483a97b6e9fd553198da5dce58d662 ppc/8.2/RPMS/arts-2.2.2-48.1mdk.ppc.rpm 37b10fecf6009404354ffe521c04f9da ppc/8.2/RPMS/kdelibs-2.2.2-48.1mdk.ppc.rpm 843095c9c931d386fea23b4d59add9c2 ppc/8.2/RPMS/kdelibs-devel-2.2.2-48.1mdk.ppc.rpm ba6e239c18f640e988da184f0550d241 ppc/8.2/RPMS/kdelibs-sound-2.2.2-48.1mdk.ppc.rpm 7a0e12d4475c090e1204145a264297ac ppc/8.2/RPMS/libarts2-2.2.2-48.1mdk.ppc.rpm 20c775055485cd9f23ba454b4b53d086 ppc/8.2/RPMS/libarts2-devel-2.2.2-48.1mdk.ppc.rpm ac2a31f2e0a6b1d97ad6cebddd568273 ppc/8.2/SRPMS/kdelibs-2.2.2-48.1mdk.src.rpm ________________________________________________________________________ Bug IDs fixed (see https://qa.mandrakesoft.com for more information): ________________________________________________________________________ To upgrade automatically, use MandrakeUpdate. The verification of md5 checksums and GPG signatures is performed automatically for you. If you want to upgrade manually, download the updated package from one of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm". A list of FTP mirrors can be obtained from: http://www.mandrakesecure.net/en/ftp.php Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command: rpm --checksig |