Nyomtatóbarát verzió Oldal küldése email-ben
Kapcsolódó linkek:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/i386/kdelibs-3.2.2-12.FC2.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/x86_64/kdelibs-3.3.1-2.6.FC3.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/i386/kdelibs-3.3.1-2.6.FC3.i386.rpm
Original source:
KDE Konqueror Java sandbox restrictions bypass vulnerabiliti
KDE Konqueror Java sandbox restrictions bypass vulnerabiliti
Date Discovered: 2004. december 20.
Date Published: 2005. március 1.
Last Updated: 2005. március 1.
The information below provides details about this vulnerability.
Threat Assessment
Impact: Medium
Popularity: Medium
Simplicity: Low
Risk: Medium
Vulnerability Description
Vulnerability ID: 32118
Discovered By: heise Security
Exploitable Locally: No
Exploitable Remotely: Yes
Impact: Remote attackers can bypass sandbox restrictions.
Root Cause: Software Vulnerability
KDE Konqueror contains multiple vulnerabilities that may allow remote attackers to bypass sandbox restrictions. The vulnerabilities are due to improper access restrictions to Java classes. Remote attackers can use JavaScript or a Java applet to bypass these restrictions and read or write to arbitrary files.
Recommendations
KDE advisory-20041220-1
Upgrade to KDE 3.3.2. Alternatively, apply the patch provided by the vendor:
ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-khtml-java.tar.bz2
Vendor advisory:
http://www.kde.org/info/security/advisory-20041220-1.txt
GLSA 200501-16
Upgrade to kde-base/kdelibs 3.3.2 or later from the vendor.
Vendor advisory:
GLSA 200501-16
Fedora konqueror patches
Fedora Core 2:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/SRPMS/kdelibs-3.2.2-12.FC2.src.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/x86_64/kdelibs-3.2.2-12.FC2.x86_64.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/x86_64/kdelibs-devel-3.2.2-12.FC2.x86_64.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/x86_64/debug/kdelibs-debuginfo-3.2.2-12.FC2.x86_64.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/i386/kdelibs-3.2.2-12.FC2.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/i386/kdelibs-devel-3.2.2-12.FC2.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/i386/debug/kdelibs-debuginfo-3.2.2-12.FC2.i386.rpm
Fedora Core 3:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/SRPMS/kdelibs-3.3.1-2.6.FC3.src.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/x86_64/kdelibs-3.3.1-2.6.FC3.x86_64.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/x86_64/kdelibs-devel-3.3.1-2.6.FC3.x86_64.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/x86_64/debug/kdelibs-debuginfo-3.3.1-2.6.FC3.x86_64.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/x86_64/kdelibs-3.3.1-2.6.FC3.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/i386/kdelibs-3.3.1-2.6.FC3.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/i386/kdelibs-devel-3.3.1-2.6.FC3.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/i386/debug/kdelibs-debuginfo-3.3.1-2.6.FC3.i386.rpm
MDKSA-2004:154
Mandrakelinux 10.0:
10.0/RPMS/kdelibs-common-3.2-36.7.100mdk.i586.rpm
10.0/RPMS/libkdecore4-3.2-36.7.100mdk.i586.rpm
10.0/RPMS/libkdecore4-devel-3.2-36.7.100mdk.i586.rpm
10.0/SRPMS/kdelibs-3.2-36.7.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
amd64/10.0/RPMS/kdelibs-common-3.2-36.7.100mdk.amd64.rpm
amd64/10.0/RPMS/lib64kdecore4-3.2-36.7.100mdk.amd64.rpm
amd64/10.0/RPMS/lib64kdecore4-devel-3.2-36.7.100mdk.amd64.rpm
amd64/10.0/SRPMS/kdelibs-3.2-36.7.100mdk.src.rpm
Mandrakelinux 10.1:
10.1/RPMS/kdelibs-common-3.2.3-99.1.101mdk.i586.rpm
10.1/RPMS/libkdecore4-3.2.3-99.1.101mdk.i586.rpm
10.1/RPMS/libkdecore4-devel-3.2.3-99.1.101mdk.i586.rpm
10.1/SRPMS/kdelibs-3.2.3-99.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
x86_64/10.1/RPMS/kdelibs-common-3.2.3-99.1.101mdk.x86_64.rpm
x86_64/10.1/RPMS/lib64kdecore4-3.2.3-99.1.101mdk.x86_64.rpm
x86_64/10.1/RPMS/lib64kdecore4-devel-3.2.3-99.1.101mdk.x86_64.rpm
x86_64/10.1/SRPMS/kdelibs-3.2.3-99.1.101mdk.src.rpm
Vendor advisory:
MDKSA-2004:154
RHSA-2005:065-06
Red Hat Desktop (v. 4)
SRPMS:
kdelibs-3.3.1-3.3.src.rpm
IA-32:
kdelibs-3.3.1-3.3.i386.rpm
kdelibs-devel-3.3.1-3.3.i386.rpm
x86_64:
kdelibs-3.3.1-3.3.i386.rpm
kdelibs-3.3.1-3.3.x86_64.rpm
kdelibs-devel-3.3.1-3.3.x86_64.rpm
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
kdelibs-3.3.1-3.3.src.rpm
IA-32:
kdelibs-3.3.1-3.3.i386.rpm
kdelibs-devel-3.3.1-3.3.i386.rpm
IA-64:
kdelibs-3.3.1-3.3.i386.rpm
kdelibs-3.3.1-3.3.ia64.rpm
kdelibs-devel-3.3.1-3.3.ia64.rpm
PPC:
kdelibs-3.3.1-3.3.ppc.rpm
kdelibs-3.3.1-3.3.ppc64.rpm
kdelibs-devel-3.3.1-3.3.ppc.rpm
s390:
kdelibs-3.3.1-3.3.s390.rpm
kdelibs-devel-3.3.1-3.3.s390.rpm
s390x:
kdelibs-3.3.1-3.3.s390.rpm
kdelibs-3.3.1-3.3.s390x.rpm
kdelibs-devel-3.3.1-3.3.s390x.rpm
x86_64:
kdelibs-3.3.1-3.3.i386.rpm
kdelibs-3.3.1-3.3.x86_64.rpm
kdelibs-devel-3.3.1-3.3.x86_64.rpm
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
kdelibs-3.3.1-3.3.src.rpm
IA-32:
kdelibs-3.3.1-3.3.i386.rpm
kdelibs-devel-3.3.1-3.3.i386.rpm
IA-64:
kdelibs-3.3.1-3.3.i386.rpm
kdelibs-3.3.1-3.3.ia64.rpm
kdelibs-devel-3.3.1-3.3.ia64.rpm
x86_64:
kdelibs-3.3.1-3.3.i386.rpm
kdelibs-3.3.1-3.3.x86_64.rpm
kdelibs-devel-3.3.1-3.3.x86_64.rpm
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
kdelibs-3.3.1-3.3.src.rpm
IA-32:
kdelibs-3.3.1-3.3.i386.rpm
kdelibs-devel-3.3.1-3.3.i386.rpm
IA-64:
kdelibs-3.3.1-3.3.i386.rpm
kdelibs-3.3.1-3.3.ia64.rpm
kdelibs-devel-3.3.1-3.3.ia64.rpm
x86_64:
kdelibs-3.3.1-3.3.i386.rpm
kdelibs-3.3.1-3.3.x86_64.rpm
kdelibs-devel-3.3.1-3.3.x86_64.rpm
Vendor advisory:
RHSA-2005:065-06
Return to top
Affected Technologies
Gentoo Technologies, Inc. : Gentoo Linux 1.4
Gentoo Technologies, Inc. : Gentoo Linux 1.4 rc1
Gentoo Technologies, Inc. : Gentoo Linux 1.4 rc2
Gentoo Technologies, Inc. : Gentoo Linux 1.4 rc3
KDE e.V.: KDE 3
KDE e.V.: KDE 3.0.1
KDE e.V.: KDE 3.0.2
KDE e.V.: KDE 3.0.3
KDE e.V.: KDE 3.0.4
KDE e.V.: KDE 3.0.5
KDE e.V.: KDE 3.0.5a
KDE e.V.: KDE 3.0.5b
KDE e.V.: KDE 3.1.1
KDE e.V.: KDE 3.1.2
KDE e.V.: KDE 3.1.3
KDE e.V.: KDE 3.1.4
KDE e.V.: KDE 3.1.5
KDE e.V.: KDE 3.2.1
KDE e.V.: KDE 3.2.2
KDE e.V.: KDE 3.2.3
KDE e.V.: KDE 3.3
KDE e.V.: KDE 3.3.0
KDE e.V.: KDE 3.3.1
MandrakeSoft SA : Mandrake Linux 10.0
MandrakeSoft SA : Mandrake Linux 10.1
Red Hat: Fedora Core 2
Red Hat: Fedora Core 3
Red Hat: Red Hat Desktop 4
Red Hat: Red Hat Enterprise Linux AS 4
Red Hat: Red Hat Enterprise Linux ES 4
Red Hat: Red Hat Enterprise Linux WS 4
References
Mitre CVE: CAN-2004-1145
More information on CA Virus Information Center:
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=32118
Computer Associates – the Trusted Source of Security Knowledge
- Microsoft revamps Bing to include interactive social sidebar
The three-column interface also includes a ´snapshot´ for more direct interaction with products and places.
- Adobe Creative Cloud Now Available
Two New Touch Apps for iOS and Adobe Muse Also Shipping
- Acer G6 series - Super-slim design, inspiring performance
- Come Explore the VIA Smart Ecosystem at Computex 2012
- HP tries to beat ultrabook pricing with thin-and-light Sleekbooks
- MasterCard´s PayPass Wallet will span online, mobile, in-store shopping
- Google infringed Java copyrights in Android, jury finds
- After false alarm, no verdict Friday in Oracle Google
- Lenovo building industrial center to develop tablets, smartphones
- Facebook´s valuation for IPO will be lower than initially expected
Member of IVSZ
Member of SZEK
Acer Affinity Gold partner
Dell Registered Partner
OKI System Shinrai Partner
XEROX Viszonteladó
APC megbízható szállító
EATON Authorized Partner
Cisco partner
Symantec Software Partner
ESET Partner
FUJITSU partner
LENOVO Premium Partner
IBM Business Partner
PARTNERS: Computerworld.hu | GameStar.hu | PCWorld.hu | SG.hu | PC Guru | Hitel