Red Hat Local Security Checks : RedHat Update for kdelibs RHSA-2011:0464-01

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.870612

Categoría: Red Hat Local Security Checks

Título: RedHat Update for kdelibs RHSA-2011:0464-01

Resumen: The remote host is missing an update for the 'kdelibs'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'kdelibs'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The kdelibs packages provide libraries for the K Desktop Environment (KDE).

A cross-site scripting (XSS) flaw was found in the way KHTML, the HTML
layout engine used by KDE applications such as the Konqueror web browser,
displayed certain error pages. A remote attacker could use this flaw to
perform a cross-site scripting attack against victims by tricking them into
visiting a specially-crafted URL. (CVE-2011-1168)

A flaw was found in the way kdelibs checked the user specified hostname
against the name in the server's SSL certificate. A man-in-the-middle
attacker could use this flaw to trick an application using kdelibs into
mistakenly accepting a certificate as if it was valid for the host, if that
certificate was issued for an IP address to which the user specified
hostname was resolved to. (CVE-2011-1094)

Note: As part of the fix for CVE-2011-1094, this update also introduces
stricter handling for wildcards used in servers' SSL certificates.

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The desktop must be restarted (log out,
then log back in) for this update to take effect.

Affected Software/OS:
kdelibs on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-1094
44108
http://secunia.com/advisories/44108
46789
http://www.securityfocus.com/bid/46789
ADV-2011-0913
http://www.vupen.com/english/advisories/2011/0913
ADV-2011-0990
http://www.vupen.com/english/advisories/2011/0990
MDVSA-2011:071
http://www.mandriva.com/security/advisories?name=MDVSA-2011:071
USN-1110-1
http://www.ubuntu.com/usn/USN-1110-1
[oss-security] 20110308 KDE SSL name check issue
http://openwall.com/lists/oss-security/2011/03/08/13
[oss-security] 20110308 Re: KDE SSL name check issue
http://openwall.com/lists/oss-security/2011/03/08/20
https://projects.kde.org/projects/kde/kdelibs/repository/revisions/76f935197599a335a5fe09b78751ddb455248cf7
kdelibs-ssl-security-bypass(65986)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65986
Common Vulnerability Exposure (CVE) ID: CVE-2011-1168
1025322
http://securitytracker.com/id?1025322
20110411 Medium severity flaw in Konqueror
http://www.securityfocus.com/archive/1/517432/100/0/threaded
20110412 Re: [Full-disclosure] Medium severity flaw in Konqueror
http://www.securityfocus.com/archive/1/517433/100/0/threaded
44065
http://secunia.com/advisories/44065
47304
http://www.securityfocus.com/bid/47304
8208
http://securityreason.com/securityalert/8208
ADV-2011-0927
http://www.vupen.com/english/advisories/2011/0927
ADV-2011-0928
http://www.vupen.com/english/advisories/2011/0928
MDVSA-2011:075
http://www.mandriva.com/security/advisories?name=MDVSA-2011:075
SSA:2011-101-02
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.329727
SUSE-SR:2011:009
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://www.kde.org/info/security/advisory-20110411-1.txt
http://www.nth-dimension.org.uk/pub/NDSA20110321.txt.asc
https://bugzilla.redhat.com/show_bug.cgi?id=695398
konqueror-khtmlparthtmlerror-xss(66697)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66697

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.870612
Categoría:	Red Hat Local Security Checks
Título:	RedHat Update for kdelibs RHSA-2011:0464-01
Resumen:	The remote host is missing an update for the 'kdelibs'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'kdelibs' package(s) announced via the referenced advisory. Vulnerability Insight: The kdelibs packages provide libraries for the K Desktop Environment (KDE). A cross-site scripting (XSS) flaw was found in the way KHTML, the HTML layout engine used by KDE applications such as the Konqueror web browser, displayed certain error pages. A remote attacker could use this flaw to perform a cross-site scripting attack against victims by tricking them into visiting a specially-crafted URL. (CVE-2011-1168) A flaw was found in the way kdelibs checked the user specified hostname against the name in the server's SSL certificate. A man-in-the-middle attacker could use this flaw to trick an application using kdelibs into mistakenly accepting a certificate as if it was valid for the host, if that certificate was issued for an IP address to which the user specified hostname was resolved to. (CVE-2011-1094) Note: As part of the fix for CVE-2011-1094, this update also introduces stricter handling for wildcards used in servers' SSL certificates. Users should upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect. Affected Software/OS: kdelibs on Red Hat Enterprise Linux Desktop (v. 6), Red Hat Enterprise Linux Server (v. 6), Red Hat Enterprise Linux Workstation (v. 6) Solution: Please Install the Updated Packages. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1094 44108 http://secunia.com/advisories/44108 46789 http://www.securityfocus.com/bid/46789 ADV-2011-0913 http://www.vupen.com/english/advisories/2011/0913 ADV-2011-0990 http://www.vupen.com/english/advisories/2011/0990 MDVSA-2011:071 http://www.mandriva.com/security/advisories?name=MDVSA-2011:071 USN-1110-1 http://www.ubuntu.com/usn/USN-1110-1 [oss-security] 20110308 KDE SSL name check issue http://openwall.com/lists/oss-security/2011/03/08/13 [oss-security] 20110308 Re: KDE SSL name check issue http://openwall.com/lists/oss-security/2011/03/08/20 https://projects.kde.org/projects/kde/kdelibs/repository/revisions/76f935197599a335a5fe09b78751ddb455248cf7 kdelibs-ssl-security-bypass(65986) https://exchange.xforce.ibmcloud.com/vulnerabilities/65986 Common Vulnerability Exposure (CVE) ID: CVE-2011-1168 1025322 http://securitytracker.com/id?1025322 20110411 Medium severity flaw in Konqueror http://www.securityfocus.com/archive/1/517432/100/0/threaded 20110412 Re: [Full-disclosure] Medium severity flaw in Konqueror http://www.securityfocus.com/archive/1/517433/100/0/threaded 44065 http://secunia.com/advisories/44065 47304 http://www.securityfocus.com/bid/47304 8208 http://securityreason.com/securityalert/8208 ADV-2011-0927 http://www.vupen.com/english/advisories/2011/0927 ADV-2011-0928 http://www.vupen.com/english/advisories/2011/0928 MDVSA-2011:075 http://www.mandriva.com/security/advisories?name=MDVSA-2011:075 SSA:2011-101-02 http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.329727 SUSE-SR:2011:009 http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html http://www.kde.org/info/security/advisory-20110411-1.txt http://www.nth-dimension.org.uk/pub/NDSA20110321.txt.asc https://bugzilla.redhat.com/show_bug.cgi?id=695398 konqueror-khtmlparthtmlerror-xss(66697) https://exchange.xforce.ibmcloud.com/vulnerabilities/66697
Copyright	Copyright (C) 2012 Greenbone AG