| |||||||||||||
| Test ID: | 1.3.6.1.4.1.25623.1.0.69436 |
| Category: | Red Hat Local Security Checks |
| Title: | RedHat Security Advisory RHSA-2011:0464 |
| Summary: | Redhat Security Advisory RHSA-2011:0464 |
| Description: | The remote host is missing updates announced in advisory RHSA-2011:0464. The kdelibs packages provide libraries for the K Desktop Environment (KDE). A cross-site scripting (XSS) flaw was found in the way KHTML, the HTML layout engine used by KDE applications such as the Konqueror web browser, displayed certain error pages. A remote attacker could use this flaw to perform a cross-site scripting attack against victims by tricking them into visiting a specially-crafted URL. (CVE-2011-1168) A flaw was found in the way kdelibs checked the user specified hostname against the name in the server's SSL certificate. A man-in-the-middle attacker could use this flaw to trick an application using kdelibs into mistakenly accepting a certificate as if it was valid for the host, if that certificate was issued for an IP address to which the user specified hostname was resolved to. (CVE-2011-1094) Note: As part of the fix for CVE-2011-1094, this update also introduces stricter handling for wildcards used in servers' SSL certificates. Users should upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2011-0464.html Risk factor : Medium |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2011-1094 http://openwall.com/lists/oss-security/2011/03/08/13 http://openwall.com/lists/oss-security/2011/03/08/20 http://www.mandriva.com/security/advisories?name=MDVSA-2011:071 http://www.ubuntu.com/usn/USN-1110-1 BugTraq ID: 46789 http://www.securityfocus.com/bid/46789 http://secunia.com/advisories/44108 http://www.vupen.com/english/advisories/2011/0913 http://www.vupen.com/english/advisories/2011/0990 XForce ISS Database: kdelibs-ssl-security-bypass(65986) http://xforce.iss.net/xforce/xfdb/65986 Common Vulnerability Exposure (CVE) ID: CVE-2011-1168 Bugtraq: 20110411 Medium severity flaw in Konqueror (Google Search) http://www.securityfocus.com/archive/1/archive/1/517432/100/0/threaded Bugtraq: 20110412 Re: [Full-disclosure] Medium severity flaw in Konqueror (Google Search) http://www.securityfocus.com/archive/1/archive/1/517433/100/0/threaded http://www.nth-dimension.org.uk/pub/NDSA20110321.txt.asc http://www.mandriva.com/security/advisories?name=MDVSA-2011:075 http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.329727 BugTraq ID: 47304 http://www.securityfocus.com/bid/47304 http://securitytracker.com/id?1025322 http://secunia.com/advisories/44065 http://securityreason.com/securityalert/8208 http://www.vupen.com/english/advisories/2011/0927 http://www.vupen.com/english/advisories/2011/0928 XForce ISS Database: konqueror-khtmlparthtmlerror-xss(66697) http://xforce.iss.net/xforce/xfdb/66697 |
| Copyright | Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com |
| This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |
|
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois
© 1998-2013 E-Soft Inc. All rights reserved.