Oval Definition:oval:com.redhat.rhsa:def:20070909
Revision Date:2008-03-20Version:638
Title:RHSA-2007:0909: kdelibs security update (Moderate)
Description:The kdelibs package provides libraries for the K Desktop Environment (KDE).

  • Two cross-site-scripting flaws were found in the way Konqueror processes certain HTML content. This could result in a malicious attacker presenting misleading content to an unsuspecting user. (CVE-2007-0242, CVE-2007-0537)

  • A flaw was found in KDE JavaScript implementation. A web page containing malicious JavaScript code could cause Konqueror to crash. (CVE-2007-1308)

  • A flaw was found in the way Konqueror handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user's firewall. (CVE-2007-1564)

  • Two Konqueror address spoofing flaws have been discovered. It was possible for a malicious website to cause the Konqueror address bar to display information which could trick a user into believing they are at a different website than they actually are. (CVE-2007-3820, CVE-2007-4224)

    Users of KDE should upgrade to these updated packages, which contain backported patches to correct these issues.
  • Family:unixClass:patch
    Status:Reference(s):CVE-2007-0242
    CVE-2007-0537
    CVE-2007-1308
    CVE-2007-1564
    CVE-2007-3820
    CVE-2007-4224
    RHSA-2007:0909
    RHSA-2007:0909-02
    RHSA-2007:0909-02
    Platform(s):Red Hat Enterprise Linux 4
    Red Hat Enterprise Linux 5
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • kdelibs is earlier than 6:3.3.1-9.el4
  • AND kdelibs is signed with Red Hat redhatrelease2 key
  • kdelibs-devel is earlier than 6:3.3.1-9.el4
  • AND kdelibs-devel is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • kdelibs is earlier than 6:3.5.4-13.el5
  • AND kdelibs is signed with Red Hat redhatrelease2 key
  • kdelibs-apidocs is earlier than 6:3.5.4-13.el5
  • AND kdelibs-apidocs is signed with Red Hat redhatrelease2 key
  • kdelibs-devel is earlier than 6:3.5.4-13.el5
  • AND kdelibs-devel is signed with Red Hat redhatrelease2 key
  • BACK