1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
- --------------------------------------------------------------------- |
5 |
GENTOO LINUX SECURITY ANNOUNCEMENT |
6 |
- --------------------------------------------------------------------- |
7 |
|
8 |
PACKAGE :kdelibs |
9 |
SUMMARY :integer overflow |
10 |
DATE :2002-09-11 09:00 GMT |
11 |
|
12 |
- --------------------------------------------------------------------- |
13 |
|
14 |
OVERVIEW |
15 |
|
16 |
Konqueror's cross site scripting protection fails to initialize the domains on |
17 |
sub-(i)frames correctly. As a result, Javascript can access any foreign |
18 |
subframe which is defined in the HTML source. |
19 |
|
20 |
DETAIL |
21 |
|
22 |
Users of Konqueror and other KDE software that uses the KHTML rendering engine |
23 |
may fall victim of a cookie stealing and other cross site scripting attacks. |
24 |
|
25 |
Versions affected: |
26 |
kdelibs 2.2.2 and earlier (kdelibs-2.2.2a has the fix) |
27 |
kdelibs 3.0.3 and earlier (kdelibs-3.0.3a has the fix) |
28 |
|
29 |
More information can be found at: |
30 |
http://www.kde.org/info/security/advisory-20020908-2.txt |
31 |
http://online.securityfocus.com/archive/1/290832/2002-09-03/2002-09-09/2 |
32 |
|
33 |
SOLUTION |
34 |
|
35 |
It is recommended that all Gentoo Linux users who are running |
36 |
kde-base/kdelibs-3.0.3 and earlier update their systems as follows: |
37 |
|
38 |
emerge rsync |
39 |
# if kdelibs-3.x is installed: |
40 |
emerge kdelibs |
41 |
# if kdelibs-2.x is also installed: |
42 |
emerge =kdelibs-2* |
43 |
emerge clean |
44 |
|
45 |
- --------------------------------------------------------------------- |
46 |
danarmak@g.o |
47 |
- --------------------------------------------------------------------- |
48 |
|
49 |
- -- |
50 |
Dan Armak |
51 |
Gentoo Linux developer (KDE) |
52 |
Matan, Israel |
53 |
-----BEGIN PGP SIGNATURE----- |
54 |
Version: GnuPG v1.0.7 (GNU/Linux) |
55 |
|
56 |
iD8DBQE9fvs3UI2RQ41fiVERArSyAJ9BaBZPEBXO7xdrw0x4WV4XeZhQYgCbBbdV |
57 |
qEh51H9sfouYtLgbMmzsrzE= |
58 |
=AmNX |
59 |
-----END PGP SIGNATURE----- |