The KDE Project released two security advisories today.
The first advisory is about a vulnerability in handling secure cookies, which has been fixed already in the KDE 3.0.3 release. Another vulnerability was discovered last week on Bugtraq, which is related to the cross site scripting protection in Konqueror. A patch and an updated kdelibs package was released today to fix both problems. The KDE 3.0.3 Info page was updated as well. It is recommended to upgrade immediately.
Comments:
Patch for KDE 3.0 for Cross Scripting Vulnerability - Eli Wapniarski - 2002-09-11
Will there be a patch for the Cross Scripting Vulnerability for version other than 2.2.2 or 3.0.3, i.e. 3.0?
Thanks
Re: Patch for KDE 3.0 for Cross Scripting Vulnerability - Eli Wapniarski - 2002-09-11
Oh... By the way... Thanks for providing the patch Secure Cookie Vulnerability. It made my life a whole lot easier.
Re: Patch for KDE 3.0 for Cross Scripting Vulnerability - Anonymous - 2002-09-11
Did you try that the 3.0.3 patch doesn't apply to 3.0?
Re: Patch for KDE 3.0 for Cross Scripting Vulnerability - Richard Moore - 2002-09-11
It isn't needed the bug was introduced between 3.0.2 and 3.0.3 IIRC.
Rich.
Re: Patch for KDE 3.0 for Cross Scripting Vulnerability - Anonymous - 2002-09-11
Did anyone read the advisory? It reads "Systems affected: KDE 3.0 - 3.0.3".
Debian packages - Daniel Stone - 2002-09-11
Debian 3.0.3a packages have been uploaded to ktown and should hit mirrors shortly; a 2.2.2 DSA for stable (woody) has been sent to the security team, and a 2.2.2 upload for unstable (sid) will be made within a couple of hours.
Re: Debian packages - Daniel Stone - 2002-09-13
3.0.3a has hit the mirrors, and the 2.2.2 unstable upload has hit sid; the 2.2.2 woody DSA is still building on all the architectures (including m68k, arm, etc). Have at it.
Compiling - David - 2002-09-11
Msut one recompile everything after installing a new kdelibs?
Re: Compiling - Rex Dieter - 2002-09-11
> Msut one recompile everything after installing a new kdelibs?
I seriously doubt it (unless you've linked things statically...)
-- Rex
Re: Compiling - Me - 2002-09-12
Definitively no.
MSIE & Konqueror same exploit - Esteban Maringolo - 2002-09-18
Does anybody knows why when a Security Bug appears in MS Internet Explorer, soon the same problem emerges in Konqueror.
I mean SSL Certificates, and now Cross Site Scripting.
Is it just casuality?
Seems like if both were based on the same code or something alike.