[slackware-security] KDE packages updated (SSA:2003-213-01)
New KDE packages are available for Slackware 9.0. These address
a security issue where Konqueror may leak authentication
credentials.
Here are the details from the Slackware 9.0 ChangeLog:
Fri Aug 1 15:15:51 PDT 2003
patches/packages/kde/*: Upgraded to KDE 3.1.3.
Note that this update addresses a security problem in Konqueror
which may cause authentication credentials to be leaked to an
unintended website through the HTTP-referer header when they have
been entered into Konqueror as a URL of the form:
http://user:password@host/
For more information about this issue, please see the KDE
advisory:
http://www.kde.org/info/security/advisory-20030729-1.txt
We recommend that sites running KDE install this update.
(* Security fix *)
patches/packages/kdei/*: New internationalization packages for KDE
3.1.3.
WHERE TO FIND THE NEW PACKAGES:
Updated packages for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/kde/*.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/kdei/*.tgz
These packages are signed with our GPG key: http://slackware.com/gpg-key
INSTALLATION INSTRUCTIONS:
Upgrade using upgradepkg (as root):
upgradepkg *.tgz
+—–+
Slackware Linux Security Team
http://slackware.com/gpg-key
[email protected]