aru Posted July 31, 2003 Report Share Posted July 31, 2003 MandrakeSoft Security Advisory MDKSA-2003:079 : kdelibs July 31st, 2003 Updated kdelibs packages fix konqueror authentication leak A vulnerability in Konqueror was discovered where it could inadvertently send authentication credentials to websites other than the intended site in clear text via the HTTP-referer header when authentication credentials are passed as part of a URL in the form http://user:password@host/. The provided packages have a patch that corrects this issue. The released versions of Mandrake GNU/Linux affected are: 9.0 [*] 9.1 [*] Corporate Server 2.1 Full information about this advisory, including the updated packages, is available at: www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:079 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2003-0459 http://www.kde.org/info/security/advisory-...-20030729-1.txt Posted automatically by aru (mdksec2mub v0.0.6) Link to comment Share on other sites More sharing options...
Recommended Posts