Gentoo Security Advisory GLSA 200501-16 (Konqueror, Kde, Kdelibs) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200501-16.

Solution

All kdelibs users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose kde-base/kdelibs http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200501-16 http://bugs.gentoo.org/show_bug.cgi?id=72750 http://www.kde.org/info/security/advisory-20041220-1.txt

Insight

The Java sandbox environment in Konqueror can be bypassed to access arbitrary packages, allowing untrusted Java applets to perform unrestricted actions on the host system.

Severity

Classification

CVE CVE-2004-1145

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Gentoo Security Advisory GLSA 200402-05 (phpmyadmin)
Gentoo Security Advisory GLSA 200407-12 (Kernel)
Gentoo Security Advisory GLSA 200405-18 (firebird)
Gentoo Security Advisory GLSA 200403-10 (fetchmail)
Gentoo Security Advisory GLSA 200410-15 (squid)

Gentoo Security Advisory GLSA 200501-16 (Konqueror, kde, kdelibs)

Take action and discover your vulnerabilities