(RHSA-2007:0905) Moderate: kdebase security update

2007-10-08T04:00:00
ID RHSA-2007:0905
Type redhat
Reporter RedHat
Modified 2017-09-08T11:50:57

Description

The kdebase packages provide the core applications for KDE, the K Desktop Environment. These core packages include Konqueror, the web browser and file manager.

These updated packages address the following vulnerabilities:

Kees Huijgen found a flaw in the way KDM handled logins when autologin and "shutdown with password" were enabled. A local user would have been able to login via KDM as any user without requiring a password. (CVE-2007-4569)

Two Konqueror address spoofing flaws were discovered. A malicious web site could spoof the Konqueror address bar, tricking a victim into believing the page was from a different site. (CVE-2007-3820, CVE-2007-4224)

Users of KDE should upgrade to these updated packages, which contain backported patches to correct these issues.