Moderate: Red Hat Security Advisory: kdelibs, kdebase security update

Updated kdelib and kdebase packages that resolve multiple security issues are now available. The kdelibs packages include libraries for the K Desktop Environment. The kdebase packages include core applications for the K Desktop Environment. Andrew Tuitt reported that versions of KDE up to and...

CVE-2004-0746

Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session...

kdelibs -- konqueror cross-domain cookie injection

According to a KDE Security Advisory: WESTPOINT internet reconnaissance services alerted the KDE security team that the KDE web browser Konqueror allows websites to set cookies for certain country specific secondary top level domains. Web sites operating under the affected domains can set HTTP...

Mandrake Linux Security Advisory : kdelibs/kdebase (MDKSA-2004:086)

A number of vulnerabilities were discovered in KDE that are corrected with these update packages. The integrity of symlinks used by KDE are not ensured and as a result can be abused by local attackers to create or truncate arbitrary files or to prevent KDE applications from functioning correctly...