Login
Newsletter
Werbung
Sicherheit: Zahlen-Überlauf in kdelibs
Aktuelle Meldungen Distributionen
Name: Zahlen-Überlauf in kdelibs
ID:
Distribution: Gentoo
Plattformen: Keine Angabe
Datum: Do, 12. September 2002, 13:00
Referenzen: Keine Angabe
Applikationen: KDE Software Compilation

Originalnachricht

 
=2D----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=2D ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT
=2D ---------------------------------------------------------------------

PACKAGE        :kdelibs
SUMMARY        :integer overflow
DATE           :2002-09-11 09:00 GMT

=2D ---------------------------------------------------------------------

OVERVIEW

Konqueror's cross site scripting protection fails to initialize the domains
 on
sub-(i)frames correctly. As a result, Javascript can access any foreign
subframe which is defined in the HTML source.

DETAIL

Users of Konqueror and other KDE software that uses the KHTML rendering engine
may fall victim of a cookie stealing and other cross site scripting attacks.

Versions affected:
kdelibs 2.2.2 and earlier (kdelibs-2.2.2a has the fix)
kdelibs 3.0.3 and earlier (kdelibs-3.0.3a has the fix)

More information can be found at:
http://www.kde.org/info/security/advisory-20020908-2.txt
http://online.securityfocus.com/archive/1/290832/2002-09-03/2002-09-09/2

SOLUTION

It is recommended that all Gentoo Linux users who are running
kde-base/kdelibs-3.0.3 and earlier update their systems as follows:

emerge rsync
# if kdelibs-3.x is installed:
emerge kdelibs
# if kdelibs-2.x is also installed:
emerge =kdelibs-2*
emerge clean

=2D ---------------------------------------------------------------------
danarmak@gentoo.org
=2D ---------------------------------------------------------------------

=2D --
Dan Armak
Gentoo Linux developer (KDE)
Matan, Israel
=2D----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9fvs3UI2RQ41fiVERArSyAJ9BaBZPEBXO7xdrw0x4WV4XeZhQYgCbBbdV
qEh51H9sfouYtLgbMmzsrzE=
=AmNX
=2D----END PGP SIGNATURE-----

_______________________________________________
gentoo-announce mailing list
gentoo-announce@gentoo.org
http://lists.gentoo.org/mailman/listinfo/gentoo-announce
_______________________________________________
gentoo-security mailing list
gentoo-security@gentoo.org
http://lists.gentoo.org/mailman/listinfo/gentoo-security
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung