klieber
Bodhisattva
Joined: 17 Apr 2002
Posts: 3657
Location: San Francisco, CA
|
 Posted: Wed Sep 11, 2002 1:27 pm Post subject: [gentoo-announce] GLSA: kdelibs |
 |
|
| Dan Armak wrote: | - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT
- ---------------------------------------------------------------------
PACKAGE :kdelibs
SUMMARY :integer overflow
DATE :2002-09-11 09:00 GMT
- ---------------------------------------------------------------------
OVERVIEW
Konqueror's cross site scripting protection fails to initialize the domains on
sub-(i)frames correctly. As a result, Javascript can access any foreign
subframe which is defined in the HTML source.
DETAIL
Users of Konqueror and other KDE software that uses the KHTML rendering engine
may fall victim of a cookie stealing and other cross site scripting attacks.
Versions affected:
kdelibs 2.2.2 and earlier (kdelibs-2.2.2a has the fix)
kdelibs 3.0.3 and earlier (kdelibs-3.0.3a has the fix)
More information can be found at:
http://www.kde.org/info/security/advisory-20020908-2.txt
http://online.securityfocus.com/archive/1/290832/2002-09-03/2002-09-09/2
SOLUTION
It is recommended that all Gentoo Linux users who are running
kde-base/kdelibs-3.0.3 and earlier update their systems as follows:
emerge rsync
# if kdelibs-3.x is installed:
emerge kdelibs
# if kdelibs-2.x is also installed:
emerge =kdelibs-2*
emerge clean
- ---------------------------------------------------------------------
danarmak@gentoo.org
- ---------------------------------------------------------------------
- --
Dan Armak
Gentoo Linux developer (KDE)
Matan, Israel |
Mailing List Archive: http://lists.gentoo.org/pipermail/gentoo-announce/2002-September/000203.html
--kurt
_________________
The problem with political jokes is that they get elected |
|
News & Announcements
