Bug 743054 (CVE-2011-3365)
Summary: | CVE-2011-3365 kdelibs: input validation failure in KSSL | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> | ||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||
Status: | CLOSED ERRATA | QA Contact: | |||||||
Severity: | medium | Docs Contact: | |||||||
Priority: | medium | ||||||||
Version: | unspecified | CC: | fedora, jreznik, kevin, ltinkl, mjc, rdieter, rnovacek, ry, smparrish, than | ||||||
Target Milestone: | --- | Keywords: | Security | ||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2012-08-08 15:49:52 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | 743056, 743074, 743515, 743516, 746150, 746157, 746158, 746160, 746161, 833920 | ||||||||
Bug Blocks: | 743057 | ||||||||
Attachments: |
|
Description
Vincent Danen
2011-10-03 17:45:44 UTC
Created rekonq tracking bugs for this issue Affects: fedora-all [bug 743055] Created kdelibs tracking bugs for this issue Affects: fedora-all [bug 743056] According to bug #743074, it looks as though KDE3 may be affected by this as well. This issue affects the version of kdelibs as shipped with Red Hat Enterprise Linux 6. Created attachment 526185 [details]
kdelibs patch
Created attachment 526187 [details]
kio patch
Since there are two issues here, affecting different products, this bug is being split into two parts. This bug will be used for CVE-2011-3365: kssl/kdelibs input validation failure The rekonq flaw (CVE-2011-3366) is tracked via: https://bugzilla.redhat.com/show_bug.cgi?id=743194 This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:1364 https://rhn.redhat.com/errata/RHSA-2011-1364.html This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2011:1385 https://rhn.redhat.com/errata/RHSA-2011-1385.html kdelibs-4.6.5-6.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report. kdelibs-4.6.5-6.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report. confirmed this patch is already present and applied to rekonq-0.9.2-1 builds present already in f16 and f17 |