drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zahlen-Überlauf in kdelibs
Name: |
Zahlen-Überlauf in kdelibs
|
|
ID: |
|
|
Distribution: |
Gentoo |
|
Plattformen: |
Keine Angabe |
|
Datum: |
Do, 12. September 2002, 13:00 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
KDE Software Compilation |
|
Originalnachricht |
=2D----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
=2D --------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT =2D ---------------------------------------------------------------------
PACKAGE :kdelibs SUMMARY :integer overflow DATE :2002-09-11 09:00 GMT
=2D ---------------------------------------------------------------------
OVERVIEW
Konqueror's cross site scripting protection fails to initialize the domains on sub-(i)frames correctly. As a result, Javascript can access any foreign subframe which is defined in the HTML source.
DETAIL
Users of Konqueror and other KDE software that uses the KHTML rendering engine may fall victim of a cookie stealing and other cross site scripting attacks.
Versions affected: kdelibs 2.2.2 and earlier (kdelibs-2.2.2a has the fix) kdelibs 3.0.3 and earlier (kdelibs-3.0.3a has the fix)
More information can be found at: http://www.kde.org/info/security/advisory-20020908-2.txt http://online.securityfocus.com/archive/1/290832/2002-09-03/2002-09-09/2
SOLUTION
It is recommended that all Gentoo Linux users who are running kde-base/kdelibs-3.0.3 and earlier update their systems as follows:
emerge rsync # if kdelibs-3.x is installed: emerge kdelibs # if kdelibs-2.x is also installed: emerge =kdelibs-2* emerge clean
=2D --------------------------------------------------------------------- danarmak@gentoo.org =2D ---------------------------------------------------------------------
=2D -- Dan Armak Gentoo Linux developer (KDE) Matan, Israel =2D----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9fvs3UI2RQ41fiVERArSyAJ9BaBZPEBXO7xdrw0x4WV4XeZhQYgCbBbdV qEh51H9sfouYtLgbMmzsrzE= =AmNX =2D----END PGP SIGNATURE-----
_______________________________________________ gentoo-announce mailing list gentoo-announce@gentoo.org http://lists.gentoo.org/mailman/listinfo/gentoo-announce _______________________________________________ gentoo-security mailing list gentoo-security@gentoo.org http://lists.gentoo.org/mailman/listinfo/gentoo-security
|
|
|
|