KDE 4 vulnerabilities

2009-12-11T00:00:00
ID USN-871-2
Type ubuntu
Reporter Ubuntu
Modified 2009-12-11T00:00:00

Description

USN-871-1 fixed vulnerabilities in KDE. This update provides the
corresponding updates for KDE 4.

This update also fixes a directory traversal flaw in KDE when processing
help:// URLs. This issue only affected Ubuntu 8.10.

Original advisory details:

It was discovered that the KDE libraries could use KHTML to process an
unknown MIME type. If a user or application linked against kdelibs were
tricked into opening a crafted file, an attacker could potentially trigger
XMLHTTPRequests to remote sites.