Bug 74739 - Vulnerabilities in KDE
Vulnerabilities in KDE
Product: Red Hat Enterprise Linux 2.1
Classification: Red Hat
Component: kdelibs (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: wdovlrrw
Depends On:
  Show dependency treegraph
Reported: 2002-10-01 06:42 EDT by Mark J. Cox (Product Security)
Modified: 2008-05-01 11:38 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2002-10-01 06:43:04 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Mark J. Cox (Product Security) 2002-10-01 06:42:58 EDT
The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify
the Basic Constraints for an intermediate CA-signed certificate, which
allows remote attackers to spoof the certificates of trusted sites via a
man-in-the-middle attack (CAN-2002-0970)

The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0
through 3.0.3 does not properly initialize the domains on sub-frames and
sub-iframes, which can allow remote attackers to execute script and steal
cookies from subframes that are in other domains. (CAN-2002-1151)

Red Hat Advanced Server 2.1 provides KDE version 2.2.2 and is therefore
vulnerable to both these issues.
Comment 1 Ngo Than 2002-10-10 06:48:28 EDT
It's fixed in kdelibs-2.2.2-3, which is still waiting for QA

Note You need to log in before you can comment on or make changes to this bug.