Gentoo Archives: gentoo-announce

From: Dan Armak <danarmak@g.o>
To: gentoo-announce@g.o
Subject: [gentoo-announce] GLSA: kdelibs
Date: Wed, 11 Sep 2002 03:12:27
Message-Id: 200209111113.43823.danarmak@gentoo.org
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 - ---------------------------------------------------------------------
5 GENTOO LINUX SECURITY ANNOUNCEMENT
6 - ---------------------------------------------------------------------
7
8 PACKAGE :kdelibs
9 SUMMARY :integer overflow
10 DATE :2002-09-11 09:00 GMT
11
12 - ---------------------------------------------------------------------
13
14 OVERVIEW
15
16 Konqueror's cross site scripting protection fails to initialize the domains on
17 sub-(i)frames correctly. As a result, Javascript can access any foreign
18 subframe which is defined in the HTML source.
19
20 DETAIL
21
22 Users of Konqueror and other KDE software that uses the KHTML rendering engine
23 may fall victim of a cookie stealing and other cross site scripting attacks.
24
25 Versions affected:
26 kdelibs 2.2.2 and earlier (kdelibs-2.2.2a has the fix)
27 kdelibs 3.0.3 and earlier (kdelibs-3.0.3a has the fix)
28
29 More information can be found at:
30 http://www.kde.org/info/security/advisory-20020908-2.txt
31 http://online.securityfocus.com/archive/1/290832/2002-09-03/2002-09-09/2
32
33 SOLUTION
34
35 It is recommended that all Gentoo Linux users who are running
36 kde-base/kdelibs-3.0.3 and earlier update their systems as follows:
37
38 emerge rsync
39 # if kdelibs-3.x is installed:
40 emerge kdelibs
41 # if kdelibs-2.x is also installed:
42 emerge =kdelibs-2*
43 emerge clean
44
45 - ---------------------------------------------------------------------
46 danarmak@g.o
47 - ---------------------------------------------------------------------
48
49 - --
50 Dan Armak
51 Gentoo Linux developer (KDE)
52 Matan, Israel
53 -----BEGIN PGP SIGNATURE-----
54 Version: GnuPG v1.0.7 (GNU/Linux)
55
56 iD8DBQE9fvs3UI2RQ41fiVERArSyAJ9BaBZPEBXO7xdrw0x4WV4XeZhQYgCbBbdV
57 qEh51H9sfouYtLgbMmzsrzE=
58 =AmNX
59 -----END PGP SIGNATURE-----