dcsimg
Linux Today: Linux News On Internet Time.





More on LinuxToday


Slackware Linux Advisory: KDE

Aug 02, 2003, 11:24 (0 Talkback[s])

[slackware-security] KDE packages updated (SSA:2003-213-01)

New KDE packages are available for Slackware 9.0. These address a security issue where Konqueror may leak authentication credentials.

Here are the details from the Slackware 9.0 ChangeLog:


Fri Aug 1 15:15:51 PDT 2003
patches/packages/kde/*: Upgraded to KDE 3.1.3.
Note that this update addresses a security problem in Konqueror which may cause authentication credentials to be leaked to an unintended website through the HTTP-referer header when they have been entered into Konqueror as a URL of the form:
http://user:password@host/
For more information about this issue, please see the KDE advisory:
http://www.kde.org/info/security/advisory-20030729-1.txt
We recommend that sites running KDE install this update.
(* Security fix *)
patches/packages/kdei/*: New internationalization packages for KDE 3.1.3.

WHERE TO FIND THE NEW PACKAGES:

Updated packages for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/kde/*.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/kdei/*.tgz

These packages are signed with our GPG key: http://slackware.com/gpg-key

INSTALLATION INSTRUCTIONS:

Upgrade using upgradepkg (as root):
upgradepkg *.tgz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com