Gentoo Security Advisory GLSA 200501-16 (Konqueror, Kde, Kdelibs) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200501-16.

Solution

All kdelibs users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose kde-base/kdelibs http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200501-16 http://bugs.gentoo.org/show_bug.cgi?id=72750 http://www.kde.org/info/security/advisory-20041220-1.txt

Insight

The Java sandbox environment in Konqueror can be bypassed to access arbitrary packages, allowing untrusted Java applets to perform unrestricted actions on the host system.

Severity

Classification

CVE CVE-2004-1145
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Gentoo Security Advisory GLSA 200408-10 (gv)
Gentoo Security Advisory GLSA 200405-06 (libpng)
Gentoo Security Advisory GLSA 200502-16 (htdig)
Gentoo Security Advisory GLSA 200407-03 (Apache)
Gentoo Security Advisory GLSA 200501-42 (VDR)

Gentoo Security Advisory GLSA 200501-16 (Konqueror, kde, kdelibs)

Take action and discover your vulnerabilities