Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2011:075 (kdelibs4)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.69457

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2011:075 (kdelibs4)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to kdelibs4
announced via advisory MDVSA-2011:075.

A vulnerability has been found and corrected in kdelibs4:

Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError
function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through
4.6.1 allows remote attackers to inject arbitrary web script or
HTML via the URI in a URL corresponding to an unavailable web site
(CVE-2011-1168).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

Affected: 2009.0, 2010.0, 2010.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:075

Risk factor : Medium

CVSS Score:
4.3

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-1168
1025322
http://securitytracker.com/id?1025322
20110411 Medium severity flaw in Konqueror
http://www.securityfocus.com/archive/1/517432/100/0/threaded
20110412 Re: [Full-disclosure] Medium severity flaw in Konqueror
http://www.securityfocus.com/archive/1/517433/100/0/threaded
44065
http://secunia.com/advisories/44065
44108
http://secunia.com/advisories/44108
47304
http://www.securityfocus.com/bid/47304
8208
http://securityreason.com/securityalert/8208
ADV-2011-0927
http://www.vupen.com/english/advisories/2011/0927
ADV-2011-0928
http://www.vupen.com/english/advisories/2011/0928
ADV-2011-0990
http://www.vupen.com/english/advisories/2011/0990
MDVSA-2011:075
http://www.mandriva.com/security/advisories?name=MDVSA-2011:075
SSA:2011-101-02
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.329727
SUSE-SR:2011:009
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
USN-1110-1
http://www.ubuntu.com/usn/USN-1110-1
http://www.kde.org/info/security/advisory-20110411-1.txt
http://www.nth-dimension.org.uk/pub/NDSA20110321.txt.asc
https://bugzilla.redhat.com/show_bug.cgi?id=695398
konqueror-khtmlparthtmlerror-xss(66697)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66697

Copyright Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.69457
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2011:075 (kdelibs4)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to kdelibs4 announced via advisory MDVSA-2011:075. A vulnerability has been found and corrected in kdelibs4: Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site (CVE-2011-1168). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. Affected: 2009.0, 2010.0, 2010.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:075 Risk factor : Medium CVSS Score: 4.3
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1168 1025322 http://securitytracker.com/id?1025322 20110411 Medium severity flaw in Konqueror http://www.securityfocus.com/archive/1/517432/100/0/threaded 20110412 Re: [Full-disclosure] Medium severity flaw in Konqueror http://www.securityfocus.com/archive/1/517433/100/0/threaded 44065 http://secunia.com/advisories/44065 44108 http://secunia.com/advisories/44108 47304 http://www.securityfocus.com/bid/47304 8208 http://securityreason.com/securityalert/8208 ADV-2011-0927 http://www.vupen.com/english/advisories/2011/0927 ADV-2011-0928 http://www.vupen.com/english/advisories/2011/0928 ADV-2011-0990 http://www.vupen.com/english/advisories/2011/0990 MDVSA-2011:075 http://www.mandriva.com/security/advisories?name=MDVSA-2011:075 SSA:2011-101-02 http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.329727 SUSE-SR:2011:009 http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html USN-1110-1 http://www.ubuntu.com/usn/USN-1110-1 http://www.kde.org/info/security/advisory-20110411-1.txt http://www.nth-dimension.org.uk/pub/NDSA20110321.txt.asc https://bugzilla.redhat.com/show_bug.cgi?id=695398 konqueror-khtmlparthtmlerror-xss(66697) https://exchange.xforce.ibmcloud.com/vulnerabilities/66697
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com