Advisories

Mandriva Advisories

Package name	kdelibs
Date	July 31st, 2003
Advisory ID	MDKSA-2003:079
Affected versions	9.0, 9.1, CS2.1
Synopsis	Updated kdelibs packages fix konqueror authentication leak

Problem Description

A vulnerability in Konqueror was discovered where it could
inadvertently send authentication credentials to websites other than
the intended site in clear text via the HTTP-referer header when
authentication credentials are passed as part of a URL in the form
http://user:password@host/.

The provided packages have a patch that corrects this issue.

Updated Packages

Mandrakelinux 9.0

 b8bc8c31085b3953081b68e84563eafb  9.0/RPMS/kdelibs-3.0.5a-1.3mdk.i586.rpm
2c202cd237dd49f4f722c5566bd987cc  9.0/RPMS/kdelibs-devel-3.0.5a-1.3mdk.i586.rpm
fbdd8d3ee582d77450254a7e20c5edf5  9.0/SRPMS/kdelibs-3.0.5a-1.3mdk.src.rpm

Mandrakelinux 9.1

 407505c85c575715048509488bcf9137  9.1/RPMS/kdelibs-3.1-58.2mdk.i586.rpm
52921509997a7688377a6000d00711b7  9.1/RPMS/kdelibs-common-3.1-58.2mdk.i586.rpm
3ab334a2170fe9bd8fc035327d0ff178  9.1/RPMS/kdelibs-devel-3.1-58.2mdk.i586.rpm
7c5f0501a362ac2c89e3ea8ef882990a  9.1/RPMS/kdelibs-static-devel-3.1-58.2mdk.i586.rpm
ee3757404d902cfe682f0da6e7fbebd0  9.1/SRPMS/kdelibs-3.1-58.2mdk.src.rpm

Mandrakelinux 9.1/PPC

 e7092f9cf6c55fc0a7008e04e01e6d2c  ppc/9.1/RPMS/kdelibs-3.1-58.2mdk.ppc.rpm
3db061e6d33b8f6c52450d81bfdd8350  ppc/9.1/RPMS/kdelibs-common-3.1-58.2mdk.ppc.rpm
310c9f897ec102364c4c3cdcd316489e  ppc/9.1/RPMS/kdelibs-devel-3.1-58.2mdk.ppc.rpm
759658ab119a0f16ea1d159e2e5a1f04  ppc/9.1/RPMS/kdelibs-static-devel-3.1-58.2mdk.ppc.rpm
ee3757404d902cfe682f0da6e7fbebd0  ppc/9.1/SRPMS/kdelibs-3.1-58.2mdk.src.rpm

Corporate Server 2.1

 b8bc8c31085b3953081b68e84563eafb  corporate/2.1/RPMS/kdelibs-3.0.5a-1.3mdk.i586.rpm
2c202cd237dd49f4f722c5566bd987cc  corporate/2.1/RPMS/kdelibs-devel-3.0.5a-1.3mdk.i586.rpm
fbdd8d3ee582d77450254a7e20c5edf5  corporate/2.1/SRPMS/kdelibs-3.0.5a-1.3mdk.src.rpm

Corporate Server 2.1/X86_64

 a57625bd5ba6e06c4bbd6c0a9a31338e  x86_64/corporate/2.1/RPMS/kdelibs-3.0.5-2.1mdk.x86_64.rpm
05c01ebdeed267aa9a45201880907fb9  x86_64/corporate/2.1/RPMS/kdelibs-devel-3.0.5-2.1mdk.x86_64.rpm
72279bba0e9901ddd8d17d7db35998ef  x86_64/corporate/2.1/SRPMS/kdelibs-3.0.5-2.1mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0459
http://www.kde.org/info/security/advisory-20030729-1.txt

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer