Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.870612
Category:Red Hat Local Security Checks
Title:RedHat Update for kdelibs RHSA-2011:0464-01
Summary:The remote host is missing an update for the 'kdelibs'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'kdelibs'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The kdelibs packages provide libraries for the K Desktop Environment (KDE).

A cross-site scripting (XSS) flaw was found in the way KHTML, the HTML
layout engine used by KDE applications such as the Konqueror web browser,
displayed certain error pages. A remote attacker could use this flaw to
perform a cross-site scripting attack against victims by tricking them into
visiting a specially-crafted URL. (CVE-2011-1168)

A flaw was found in the way kdelibs checked the user specified hostname
against the name in the server's SSL certificate. A man-in-the-middle
attacker could use this flaw to trick an application using kdelibs into
mistakenly accepting a certificate as if it was valid for the host, if that
certificate was issued for an IP address to which the user specified
hostname was resolved to. (CVE-2011-1094)

Note: As part of the fix for CVE-2011-1094, this update also introduces
stricter handling for wildcards used in servers' SSL certificates.

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The desktop must be restarted (log out,
then log back in) for this update to take effect.

Affected Software/OS:
kdelibs on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-1094
BugTraq ID: 46789
http://www.securityfocus.com/bid/46789
http://www.mandriva.com/security/advisories?name=MDVSA-2011:071
http://openwall.com/lists/oss-security/2011/03/08/13
http://openwall.com/lists/oss-security/2011/03/08/20
http://secunia.com/advisories/44108
http://www.ubuntu.com/usn/USN-1110-1
http://www.vupen.com/english/advisories/2011/0913
http://www.vupen.com/english/advisories/2011/0990
XForce ISS Database: kdelibs-ssl-security-bypass(65986)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65986
Common Vulnerability Exposure (CVE) ID: CVE-2011-1168
BugTraq ID: 47304
http://www.securityfocus.com/bid/47304
Bugtraq: 20110411 Medium severity flaw in Konqueror (Google Search)
http://www.securityfocus.com/archive/1/517432/100/0/threaded
Bugtraq: 20110412 Re: [Full-disclosure] Medium severity flaw in Konqueror (Google Search)
http://www.securityfocus.com/archive/1/517433/100/0/threaded
http://www.mandriva.com/security/advisories?name=MDVSA-2011:075
http://www.nth-dimension.org.uk/pub/NDSA20110321.txt.asc
http://securitytracker.com/id?1025322
http://secunia.com/advisories/44065
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.329727
http://securityreason.com/securityalert/8208
SuSE Security Announcement: SUSE-SR:2011:009 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://www.vupen.com/english/advisories/2011/0927
http://www.vupen.com/english/advisories/2011/0928
XForce ISS Database: konqueror-khtmlparthtmlerror-xss(66697)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66697
CopyrightCopyright (c) 2012 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.