-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:031 http://www.mandriva.com/security/ _______________________________________________________________________ Package : kdelibs Date : February 2, 2007 Affected: 2007.0, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: FIXME Konqueror 3.5.5 does not properly parse HTML comments in title tags, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment, a related issue to CVE-2007-0478. Updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0537 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 7882590402c82ff347205c176380153e 2007.0/i586/kdelibs-common-3.5.4-19.2mdv2007.0.i586.rpm 01c4eb64ef06a8a8759843be0c07a920 2007.0/i586/kdelibs-devel-doc-3.5.4-19.2mdv2007.0.i586.rpm e63e9a2d3a07d3f2cfa20e495a5b1010 2007.0/i586/libkdecore4-3.5.4-19.2mdv2007.0.i586.rpm 1ad276143d78de84b08606a815eecda9 2007.0/i586/libkdecore4-devel-3.5.4-19.2mdv2007.0.i586.rpm 34ee09ad1644f5685f6ebb6e7e214939 2007.0/SRPMS/kdelibs-3.5.4-19.2mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 081d768881b4f012e75854738189327d 2007.0/x86_64/kdelibs-common-3.5.4-19.2mdv2007.0.x86_64.rpm 051e3625e87627e52c47590961523b51 2007.0/x86_64/kdelibs-devel-doc-3.5.4-19.2mdv2007.0.x86_64.rpm 6a2b0171144925bd21073553816f33b1 2007.0/x86_64/lib64kdecore4-3.5.4-19.2mdv2007.0.x86_64.rpm ae2202556fccf0bb820ed3e8401825ec 2007.0/x86_64/lib64kdecore4-devel-3.5.4-19.2mdv2007.0.x86_64.rpm 34ee09ad1644f5685f6ebb6e7e214939 2007.0/SRPMS/kdelibs-3.5.4-19.2mdv2007.0.src.rpm Corporate 3.0: 6afd1be3e42d77e131e44f9ed969c80e corporate/3.0/i586/kdelibs-common-3.2-36.17.C30mdk.i586.rpm c00a10231de66159fecb2106e56ec1ca corporate/3.0/i586/libkdecore4-3.2-36.17.C30mdk.i586.rpm 733852a68f994ace4eb35017342443fb corporate/3.0/i586/libkdecore4-devel-3.2-36.17.C30mdk.i586.rpm 4d4c9fee93b93f2c76f5092ff5ef23f3 corporate/3.0/SRPMS/kdelibs-3.2-36.17.C30mdk.src.rpm Corporate 3.0/X86_64: 418170a92387d41c49f3d32c91c97c9b corporate/3.0/x86_64/kdelibs-common-3.2-36.17.C30mdk.x86_64.rpm 590e047f677eb717c40a9e2fd77590e8 corporate/3.0/x86_64/lib64kdecore4-3.2-36.17.C30mdk.x86_64.rpm ec04fe80ee4a983e1ad98f54d75681af corporate/3.0/x86_64/lib64kdecore4-devel-3.2-36.17.C30mdk.x86_64.rpm 4d4c9fee93b93f2c76f5092ff5ef23f3 corporate/3.0/SRPMS/kdelibs-3.2-36.17.C30mdk.src.rpm Corporate 4.0: 2dc94e4e225b74d3f2e283b04c836273 corporate/4.0/i586/kdelibs-arts-3.5.4-2.3.20060mlcs4.i586.rpm 826d76e2f3d50f48513ed18c4360dd67 corporate/4.0/i586/kdelibs-common-3.5.4-2.3.20060mlcs4.i586.rpm f7dad3711d9406d1123428f2c0cd9453 corporate/4.0/i586/kdelibs-devel-doc-3.5.4-2.3.20060mlcs4.i586.rpm 88f0164705a9d71f21c3c4edfe7822b2 corporate/4.0/i586/libkdecore4-3.5.4-2.3.20060mlcs4.i586.rpm e00f9222203a3c51a747a694e3ab32c7 corporate/4.0/i586/libkdecore4-devel-3.5.4-2.3.20060mlcs4.i586.rpm 79690e9ab56836b4adc7a4d59bb872db corporate/4.0/SRPMS/kdelibs-3.5.4-2.3.20060mlcs4.src.rpm Corporate 4.0/X86_64: 88d9b2f945bd62aa89b5f7743320cc0a corporate/4.0/x86_64/kdelibs-arts-3.5.4-2.3.20060mlcs4.x86_64.rpm c1e462eaeb2127939d0d3775fb7a04a4 corporate/4.0/x86_64/kdelibs-common-3.5.4-2.3.20060mlcs4.x86_64.rpm a559376fde6f8513904010fc377293e7 corporate/4.0/x86_64/kdelibs-devel-doc-3.5.4-2.3.20060mlcs4.x86_64.rpm d97e4c4dd9859b6e43f3399e3e2c5fa1 corporate/4.0/x86_64/lib64kdecore4-3.5.4-2.3.20060mlcs4.x86_64.rpm f3e43bca041aeca542bba33a0bac1d43 corporate/4.0/x86_64/lib64kdecore4-devel-3.5.4-2.3.20060mlcs4.x86_64.rpm 79690e9ab56836b4adc7a4d59bb872db corporate/4.0/SRPMS/kdelibs-3.5.4-2.3.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFw5r6mqjQ0CJFipgRAnJ4AJ9RqADSMDbkaQkcR9ZPi2ArjF9rtACgrhPc 7PYBsjk/ZTsogFdYFeWPWdc= =r0d9 -----END PGP SIGNATURE-----
