MandrivaUsers.org > Security Advisory (MDKSA-2003:079): kdelibs

Full Version: Security Advisory (MDKSA-2003:079): kdelibs

MandrivaUsers.org > Announcements > Mandriva Security Advisories

aru

Jul 31 2003, 03:41 PM

MandrakeSoft Security Advisory MDKSA-2003:079 : kdelibs

July 31st, 2003
Updated kdelibs packages fix konqueror authentication leak

A vulnerability in Konqueror was discovered where it could inadvertently send authentication credentials to websites other than the intended site in clear text via the HTTP-referer header when authentication credentials are passed as part of a URL in the form http://user:password@host/.

The provided packages have a patch that corrects this issue.

The released versions of Mandrake GNU/Linux affected are:[list] 9.0

[*] 9.1

[*] Corporate Server 2.1 [list]
Full information about this advisory, including the updated packages, is available at:
www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:079

Other references:
http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2003-0459
http://www.kde.org/info/security/advisory-...-20030729-1.txt

[size=9]Posted automatically by aru (mdksec2mub v0.0.6)

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.