4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
The kdelibs and kdelibs3 packages is vulnerable to spoofing of common name of a certificate. An input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An attacker could supply a specially-crafted SSL certificate (for example, via a web page) to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid.
www.kde.org/info/security/advisory-20111003-1.txt
www.mandriva.com/security/advisories?name=MDVSA-2011:162
www.redhat.com/support/errata/RHSA-2011-1364.html
www.redhat.com/support/errata/RHSA-2011-1385.html
access.redhat.com/errata/RHSA-2011:1364
access.redhat.com/errata/RHSA-2011:1385
access.redhat.com/security/cve/CVE-2011-3365
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=743054