Mandrake Local Security Checks : Mandriva Update for kdelibs4 MDVSA-2011:075 (kdelibs4)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.831379

Categoría: Mandrake Local Security Checks

Título: Mandriva Update for kdelibs4 MDVSA-2011:075 (kdelibs4)

Resumen: The remote host is missing an update for the 'kdelibs4'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'kdelibs4'
package(s) announced via the referenced advisory.

Vulnerability Insight:
A vulnerability has been found and corrected in kdelibs4:

Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError
function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through
4.6.1 allows remote attackers to inject arbitrary web script or
HTML via the URI in a URL corresponding to an unavailable web site
(CVE-2011-1168).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. The updated packages have been patched to correct this issue.

Affected Software/OS:
kdelibs4 on Mandriva Linux 2009.0,
Mandriva Linux 2009.0/X86_64,
Mandriva Linux 2010.0,
Mandriva Linux 2010.0/X86_64,
Mandriva Linux 2010.1,
Mandriva Linux 2010.1/X86_64

Solution:
Please Install the Updated Packages.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-1168
1025322
http://securitytracker.com/id?1025322
20110411 Medium severity flaw in Konqueror
http://www.securityfocus.com/archive/1/517432/100/0/threaded
20110412 Re: [Full-disclosure] Medium severity flaw in Konqueror
http://www.securityfocus.com/archive/1/517433/100/0/threaded
44065
http://secunia.com/advisories/44065
44108
http://secunia.com/advisories/44108
47304
http://www.securityfocus.com/bid/47304
8208
http://securityreason.com/securityalert/8208
ADV-2011-0927
http://www.vupen.com/english/advisories/2011/0927
ADV-2011-0928
http://www.vupen.com/english/advisories/2011/0928
ADV-2011-0990
http://www.vupen.com/english/advisories/2011/0990
MDVSA-2011:075
http://www.mandriva.com/security/advisories?name=MDVSA-2011:075
SSA:2011-101-02
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.329727
SUSE-SR:2011:009
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
USN-1110-1
http://www.ubuntu.com/usn/USN-1110-1
http://www.kde.org/info/security/advisory-20110411-1.txt
http://www.nth-dimension.org.uk/pub/NDSA20110321.txt.asc
https://bugzilla.redhat.com/show_bug.cgi?id=695398
konqueror-khtmlparthtmlerror-xss(66697)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66697

Copyright Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.831379
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Update for kdelibs4 MDVSA-2011:075 (kdelibs4)
Resumen:	The remote host is missing an update for the 'kdelibs4'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'kdelibs4' package(s) announced via the referenced advisory. Vulnerability Insight: A vulnerability has been found and corrected in kdelibs4: Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site (CVE-2011-1168). Packages for 2009.0 are provided as of the Extended Maintenance Program. The updated packages have been patched to correct this issue. Affected Software/OS: kdelibs4 on Mandriva Linux 2009.0, Mandriva Linux 2009.0/X86_64, Mandriva Linux 2010.0, Mandriva Linux 2010.0/X86_64, Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64 Solution: Please Install the Updated Packages. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1168 1025322 http://securitytracker.com/id?1025322 20110411 Medium severity flaw in Konqueror http://www.securityfocus.com/archive/1/517432/100/0/threaded 20110412 Re: [Full-disclosure] Medium severity flaw in Konqueror http://www.securityfocus.com/archive/1/517433/100/0/threaded 44065 http://secunia.com/advisories/44065 44108 http://secunia.com/advisories/44108 47304 http://www.securityfocus.com/bid/47304 8208 http://securityreason.com/securityalert/8208 ADV-2011-0927 http://www.vupen.com/english/advisories/2011/0927 ADV-2011-0928 http://www.vupen.com/english/advisories/2011/0928 ADV-2011-0990 http://www.vupen.com/english/advisories/2011/0990 MDVSA-2011:075 http://www.mandriva.com/security/advisories?name=MDVSA-2011:075 SSA:2011-101-02 http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.329727 SUSE-SR:2011:009 http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html USN-1110-1 http://www.ubuntu.com/usn/USN-1110-1 http://www.kde.org/info/security/advisory-20110411-1.txt http://www.nth-dimension.org.uk/pub/NDSA20110321.txt.asc https://bugzilla.redhat.com/show_bug.cgi?id=695398 konqueror-khtmlparthtmlerror-xss(66697) https://exchange.xforce.ibmcloud.com/vulnerabilities/66697
Copyright	Copyright (C) 2011 Greenbone AG