Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-361-2:AB145
HistoryAug 09, 2003 - 12:00 a.m.

[SECURITY] [DSA-361-2] New kdelibs-crypto packages fix multiple vulnerabilities

2003-08-0900:00:00
lists.debian.org
33

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Debian Security Advisory DSA 361-2 [email protected]
http://www.debian.org/security/ Matt Zimmerman
August 9th, 2003 http://www.debian.org/security/faq

Package : kdelibs-crypto
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE Ids : CAN-2003-0459, CAN-2003-0370

Two vulnerabilities were discovered in kdelibs:

    • CAN-2003-0459: KDE Konqueror for KDE 3.1.2 and earlier does not
      remove authentication credentials from URLs of the
      "user:password@host" form in the HTTP-Referer header, which could
      allow remote web sites to steal the credentials for pages that link
      to the sites.
    • CAN-2003-0370: Konqueror Embedded and KDE 2.2.2 and earlier does not
      validate the Common Name (CN) field for X.509 Certificates, which
      could allow remote attackers to spoof certificates via a
      man-in-the-middle attack.

These vulnerabilities are described in the following security
advisories from KDE:

http://www.kde.org/info/security/advisory-20030729-1.txt
http://www.kde.org/info/security/advisory-20030602-1.txt

For the current stable distribution (woody) these problems have been
fixed in version 2.2.2-6woody2.

For the unstable distribution (sid) these problems have been fixed in
kdelibs version 4:3.1.3-1.

We recommend that you update your kdelibs-crypto package.

Upgrade Instructions

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:

http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs-crypto_2.2.2-6woody2.dsc
  Size/MD5 checksum:      717 8599af4329028f8665dabc117e72f76f
http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs-crypto_2.2.2-6woody2.diff.gz
  Size/MD5 checksum:    27879 cb22e341dcb777db3b56965ba3cf6b9c
http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs-crypto_2.2.2.orig.tar.gz
  Size/MD5 checksum:   643622 5ef84fed86c7984f99f8e44e9d5a216a

Alpha architecture:

http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_alpha.deb
  Size/MD5 checksum:   132246 23a0d03e1ac5203f225aa0b8dd195d72

ARM architecture:

http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_arm.deb
  Size/MD5 checksum:   116806 3d31e16d92ad60db3b91f781dd3cdd5d

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_i386.deb
  Size/MD5 checksum:   114728 1b922a19c47457e0e82528be473f3225

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_ia64.deb
  Size/MD5 checksum:   165350 7447f5fa12e93891322d0d9f74d96c8b

HP Precision architecture:

http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_hppa.deb
  Size/MD5 checksum:   136022 37906155eecc5a343eb6a799dda29905

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_m68k.deb
  Size/MD5 checksum:   113360 39576c3be30cc7f85bb35382c7ffae50

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_mips.deb
  Size/MD5 checksum:   100388 7bb05d18af371197dca7804cadb20843

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_mipsel.deb
  Size/MD5 checksum:    99248 34b1cab5af6713de57d7a5fa045b0726

PowerPC architecture:

http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_powerpc.deb
  Size/MD5 checksum:   114196 0c9ba9eacb57305e2f4444eff479b0fe

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_s390.deb
  Size/MD5 checksum:   115462 c19494bf3b9e3a3e0314f8094e2e6506

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_sparc.deb
  Size/MD5 checksum:   114624 c29f68f9f7feeff15eef588a57daf671

These files will probably be moved into the stable distribution on
its next revision.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/&lt;pkg&gt;

OSVersionArchitecturePackageVersionFilename
Debian3allkdelibs-crypto< 2.2.2-6woody2kdelibs-crypto_2.2.2-6woody2_all.deb

Related

openvas 3
osv 1
debian 1
nessus 4
redhat 2
cvelist 2
ubuntucve 2
cve 2
securityvulns 2
suse 6
cert 2
openvas
openvas
Debian Security Advisory DSA 361-1 (kdelibs)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-361)
2008-01-17 00:00:00
Slackware: Security Advisory (SSA:2003-213-01)
2012-09-11 00:00:00
osv
osv
kdelibs, kdelibs-crypto - several vulnerabilities
2003-08-01 00:00:00
debian
debian
[SECURITY] [DSA-361-1] New kdelibs packages fix several vulnerabilities
2003-08-01 00:00:00
nessus
nessus
Debian DSA-361-2 : kdelibs, kdelibs-crypto - several vulnerabilities
2004-09-29 00:00:00
RHEL 2.1 : kdelibs (RHSA-2003:193)
2004-07-06 00:00:00
Mandrake Linux Security Advisory : kdelibs (MDKSA-2003:079)
2004-07-31 00:00:00
redhat
redhat
(RHSA-2003:193) kdelibs security update
2003-06-17 00:00:00
(RHSA-2003:236) kdelibs security update
2003-07-30 00:00:00
cvelist
cvelist
CVE-2003-0370
2003-06-05 04:00:00
CVE-2003-0459
2003-08-01 04:00:00
ubuntucve
ubuntucve
CVE-2003-0370
2003-06-16 00:00:00
CVE-2003-0459
2003-08-27 00:00:00
cve
cve
CVE-2003-0370
2003-06-16 04:00:00
CVE-2003-0459
2003-08-27 04:00:00
securityvulns
securityvulns
KDE Security Advisory: Konqueror Referrer Authentication Leak
2003-07-30 00:00:00
SUSE Security Announcement: hylafax &#40;SuSE-SA:2003:045&#41;
2003-11-13 00:00:00
suse
suse
cache poisoning/denial-of-service in bind8
2003-11-28 14:58:12
remote code execution in hylafax
2003-11-10 14:45:25
local privilege escalation in rsync
2003-12-04 17:18:15
cert
cert
ISC BIND 8 vulnerable to cache poisoning via negative responses
2003-12-01 00:00:00
Integer overflow vulnerability in rsync
2003-12-09 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON
Related for DEBIAN:DSA-361-2:AB145
openvas3osv1debian1nessus4redhat2cvelist2ubuntucve2cve2securityvulns2suse6cert2