Slackware Local Security Checks : Slackware: Security Advisory (SSA:2003-213-01)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.53890

Kategorie: Slackware Local Security Checks

Titel: Slackware: Security Advisory (SSA:2003-213-01)

Zusammenfassung: The remote host is missing an update for the 'KDE' package(s) announced via the SSA:2003-213-01 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'KDE' package(s) announced via the SSA:2003-213-01 advisory.

Vulnerability Insight:
New KDE packages are available for Slackware 9.0. These address a
security issue where Konqueror may leak authentication credentials.

Here are the details from the Slackware 9.0 ChangeLog:
+--------------------------+
Fri Aug 1 15:15:51 PDT 2003
patches/packages/kde/*: Upgraded to KDE 3.1.3.
Note that this update addresses a security problem in Konqueror which may
cause authentication credentials to be leaked to an unintended website
through the HTTP-referer header when they have been entered into Konqueror
as a URL of the form:
http://user:password@example.com/
For more information about this issue, please see the KDE advisory:
[link moved to references]
We recommend that sites running KDE install this update.
(* Security fix *)
patches/packages/kdei/*: New internationalization packages for KDE 3.1.3.
+--------------------------+

Affected Software/OS:
'KDE' package(s) on Slackware 9.0.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2003-0459
Bugtraq: 20030802 [slackware-security] KDE packages updated (SSA:2003-213-01) (Google Search)
http://marc.info/?l=bugtraq&m=105986238428061&w=2
Conectiva Linux advisory: CLA-2003:747
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747
Debian Security Information: DSA-361 (Google Search)
http://www.debian.org/security/2003/dsa-361
http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007300.html
http://www.mandriva.com/security/advisories?name=MDKSA-2003:079
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A411
http://www.redhat.com/support/errata/RHSA-2003-235.html
http://www.redhat.com/support/errata/RHSA-2003-236.html
TurboLinux Advisory: TLSA-2003-45
http://www.turbolinux.com/security/TLSA-2003-45.txt

Copyright Copyright (C) 2012 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.53890
Kategorie:	Slackware Local Security Checks
Titel:	Slackware: Security Advisory (SSA:2003-213-01)
Zusammenfassung:	The remote host is missing an update for the 'KDE' package(s) announced via the SSA:2003-213-01 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'KDE' package(s) announced via the SSA:2003-213-01 advisory. Vulnerability Insight: New KDE packages are available for Slackware 9.0. These address a security issue where Konqueror may leak authentication credentials. Here are the details from the Slackware 9.0 ChangeLog: +--------------------------+ Fri Aug 1 15:15:51 PDT 2003 patches/packages/kde/: Upgraded to KDE 3.1.3. Note that this update addresses a security problem in Konqueror which may cause authentication credentials to be leaked to an unintended website through the HTTP-referer header when they have been entered into Konqueror as a URL of the form: http://user:password@example.com/ For more information about this issue, please see the KDE advisory: [link moved to references] We recommend that sites running KDE install this update. ( Security fix ) patches/packages/kdei/: New internationalization packages for KDE 3.1.3. +--------------------------+ Affected Software/OS: 'KDE' package(s) on Slackware 9.0. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0459 Bugtraq: 20030802 [slackware-security] KDE packages updated (SSA:2003-213-01) (Google Search) http://marc.info/?l=bugtraq&m=105986238428061&w=2 Conectiva Linux advisory: CLA-2003:747 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747 Debian Security Information: DSA-361 (Google Search) http://www.debian.org/security/2003/dsa-361 http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007300.html http://www.mandriva.com/security/advisories?name=MDKSA-2003:079 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A411 http://www.redhat.com/support/errata/RHSA-2003-235.html http://www.redhat.com/support/errata/RHSA-2003-236.html TurboLinux Advisory: TLSA-2003-45 http://www.turbolinux.com/security/TLSA-2003-45.txt
Copyright	Copyright (C) 2012 Greenbone AG