Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

rPSA-2007-0066-1 kdelibs qt-x11-free

From: rPath Update Announcements <announce-noreply () rpath com>
Date: Wed, 04 Apr 2007 04:27:05 -0400
rPath Security Advisory: 2007-0066-1
Published: 2007-04-04
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification:
    Indirect User Deterministic Information Exposure
Updated Versions:
    kdelibs=/conary.rpath.com@rpl:devel//1/3.4.2-5.14-1
    qt-x11-free=/conary.rpath.com@rpl:devel//1/3.3.4-5.8-1

References:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0242
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1564
    https://issues.rpath.com/browse/RPL-1201
    https://issues.rpath.com/browse/RPL-1202

Description:
    Previous versions of the kdelibs and qt-x11-free packages are vulnerable
    to two attacks.  The first is a Cross-Site Scripting (XSS) attack
    against the Konquerer web browser; the second is a potential information
    leak in which a malicious passive FTP server could possibly discover
    which network ports are open on client systems when the FTP connection
    is done via the KDE FTP ioslave.
Previous By Date Next
Previous By Thread Next

Current thread: