Conectiva Local Security Checks : Conectiva Security Advisory CLA-2002:519

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51531

Categoría: Conectiva Local Security Checks

Título: Conectiva Security Advisory CLA-2002:519

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory CLA-2002:519.

KDE[3] is a very popular graphical desktop environment available for
GNU/Linux and other operating systems.

This is a full update of the KDE desktop to the 3.0.3 version, the
latest release by the project[1]. Besides containing several bugfixes
and enhancements, this update also fixes two security
vulnerabilities:

- SSL[2]: previous version of the SSL implementation used by KDE did
not correctly check the validity of X.509 certificates and would
accept, without any warning, certificates signed by any entity
provided that this entity is signed by a recognized CA. This problem
would allow for undetected MITM attacks (man in the mittle), which
could compromise an encrypted HTTPS session.

- artswrapper: in previous versions, this program was SUID root. This
configuration is no longer needed and has been removed.

Details of all fixes and enhancements made to this new KDE version
can be obtained in the project's changelog[4].

Additionally, the Qt library has also been updated to the latest
release available at this time, 3.0.5.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://www.kde.org/announcements/announce-3.0.3.html
http://www.kde.org/info/security/advisory-20020818-1.txt
http://www.kde.org/
http://www.kde.org/announcements/changelogs/changelog3_0_2to3_0_3.html
http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:519
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002

Risk factor : High

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51531
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2002:519
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2002:519. KDE[3] is a very popular graphical desktop environment available for GNU/Linux and other operating systems. This is a full update of the KDE desktop to the 3.0.3 version, the latest release by the project[1]. Besides containing several bugfixes and enhancements, this update also fixes two security vulnerabilities: - SSL[2]: previous version of the SSL implementation used by KDE did not correctly check the validity of X.509 certificates and would accept, without any warning, certificates signed by any entity provided that this entity is signed by a recognized CA. This problem would allow for undetected MITM attacks (man in the mittle), which could compromise an encrypted HTTPS session. - artswrapper: in previous versions, this program was SUID root. This configuration is no longer needed and has been removed. Details of all fixes and enhancements made to this new KDE version can be obtained in the project's changelog[4]. Additionally, the Qt library has also been updated to the latest release available at this time, 3.0.5. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.kde.org/announcements/announce-3.0.3.html http://www.kde.org/info/security/advisory-20020818-1.txt http://www.kde.org/ http://www.kde.org/announcements/changelogs/changelog3_0_2to3_0_3.html http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:519 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002 Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com