rPSA-2007-0066-1 kdelibs qt-x11-free
rPath Update Announcements
announce-noreply at rpath.com
Wed Apr 4 04:27:05 EDT 2007
rPath Security Advisory: 2007-0066-1
Published: 2007-04-04
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification:
Indirect User Deterministic Information Exposure
Updated Versions:
kdelibs=/conary.rpath.com at rpl:devel//1/3.4.2-5.14-1
qt-x11-free=/conary.rpath.com at rpl:devel//1/3.3.4-5.8-1
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1564
https://issues.rpath.com/browse/RPL-1201
https://issues.rpath.com/browse/RPL-1202
Description:
Previous versions of the kdelibs and qt-x11-free packages are vulnerable
to two attacks. The first is a Cross-Site Scripting (XSS) attack
against the Konquerer web browser; the second is a potential information
leak in which a malicious passive FTP server could possibly discover
which network ports are open on client systems when the FTP connection
is done via the KDE FTP ioslave.
More information about the update-announce
mailing list