Ubuntu Update For Kde4libs USN-1248-1 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1248-1

Solution

Please Install the Updated Packages.

Insight

Tim Brown discovered that KSSL in KDE-Libs did not properly perform input validation when displaying the common name (CN) for an SSL certificate. An attacker could exploit this to spoof the common name which could be used in an attack to trick the user into accepting a fraudulent certificate. This issue only affected Ubuntu 10.04 LTS and Ubuntu 10.10. (CVE-2011-3365) It was discovered that KIO in KDE-Libs did not properly perform input validation during proxy authentication. An attacker could exploit this to modify displaying of the realm and proxy URL.

Affected

kde4libs on Ubuntu 11.04 , Ubuntu 10.10 , Ubuntu 10.04 LTS

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-October/001467.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-3365
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Ubuntu Update for colord USN-1289-1
Ubuntu Update for avahi vulnerabilities USN-696-1
Ubuntu Update for bind9 vulnerability USN-491-1
Ubuntu Update for clamav USN-1482-3
Ubuntu Update for cmake vulnerabilities USN-890-6

Ubuntu Update for kde4libs USN-1248-1

Take action and discover your vulnerabilities