http://www.kde.org/info/security/advisory-20111003-1.txt

MDVSA-2011:162

RHSA-2011:1364

RHSA-2011:1385

https://bugzilla.redhat.com/show_bug.cgi?id=743054

The remote host is affected by the vulnerability described in GLSA-201412-09 (Multiple packages, Multiple vulnerabilities fixed in 2011)

    Vulnerabilities have been discovered in the packages listed below.
      Please review the CVE identifiers in the Reference section for details.
      FMOD Studio       PEAR Mail       LVM2       GnuCash       xine-lib       Last.fm Scrobbler       WebKitGTK+       shadow tool suite       PEAR       unixODBC       Resource Agents       mrouted       rsync       XML Security Library       xrdb       Vino       OProfile       syslog-ng       sFlow Toolkit       GNOME Display Manager       libsoup       CA Certificates       Gitolite       QtCreator       Racer   Impact :

    A context-dependent attacker may be able to gain escalated privileges,       execute arbitrary code, cause Denial of Service, obtain sensitive       information, or otherwise bypass security restrictions.
  Workaround :

    There are no known workarounds at this time.

The remote host is affected by the vulnerability described in GLSA-201406-34 (KDE Libraries: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in KDE Libraries. Please       review the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could cause a man-in-the-middle attack via any       certificate issued by a legitimate certification authority. Furthermore,       a local attacker may gain knowledge of user passwords through an       information leak.
  Workaround :

    There is no known workaround at this time.

An input validation flaw when displaying certificates has been fixed in KDE's KSSL (kdelibs4). CVE-2011-3365 has been assigned to this issue.

From Red Hat Security Advisory 2011:1385 :

Updated kdelibs packages for Red Hat Enterprise Linux 4 and 5 and updated kdelibs3 packages for Red Hat Enterprise Linux 6 that fix one security issue are now available.

The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

The kdelibs and kdelibs3 packages provide libraries for the K Desktop Environment (KDE).

An input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An attacker could supply a specially crafted SSL certificate (for example, via a web page) to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid. (CVE-2011-3365)

Users should upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect.

From Red Hat Security Advisory 2011:1364 :

Updated kdelibs packages that fix one security issue and add one enhancement are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

The kdelibs packages provide libraries for the K Desktop Environment (KDE).

An input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An attacker could supply a specially crafted SSL certificate (for example, via a web page) to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid. (CVE-2011-3365)

This update also adds the following enhancement :

* kdelibs provided its own set of trusted Certificate Authority (CA) certificates. This update makes kdelibs use the system set from the ca-certificates package, instead of its own copy. (BZ#743951)

Users should upgrade to these updated packages, which contain backported patches to correct this issue and add this enhancement. The desktop must be restarted (log out, then log back in) for this update to take effect.

The kdelibs and kdelibs3 packages provide libraries for the K Desktop Environment (KDE).

An input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An attacker could supply a specially crafted SSL certificate (for example, via a web page) to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid. (CVE-2011-3365)

Users should upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect.

The kdelibs packages provide libraries for the K Desktop Environment (KDE).

An input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An attacker could supply a specially crafted SSL certificate (for example, via a web page) to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid. (CVE-2011-3365)

This update also adds the following enhancement :

  - kdelibs provided its own set of trusted Certificate     Authority (CA) certificates. This update makes kdelibs     use the system set from the ca-certificates package,     instead of its own copy.

Users should upgrade to these updated packages, which contain backported patches to correct this issue and add this enhancement. The desktop must be restarted (log out, then log back in) for this update to take effect.

Multiple vulnerabilities was discovered and corrected in kdelibs4 :

KDE KSSL in kdelibs does not properly handle a \'\0\' (NUL) character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408 (CVE-2009-2702).

An input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An attacker could supply a specially crafted SSL certificate (for example, via a web page) to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid (CVE-2011-3365).

The updated packages have been patched to correct these issues.

Tim Brown discovered that KSSL in KDE-Libs did not properly perform input validation when displaying the common name (CN) for an SSL certificate. An attacker could exploit this to spoof the common name which could be used in an attack to trick the user into accepting a fraudulent certificate. This issue only affected Ubuntu 10.04 LTS and Ubuntu 10.10. (CVE-2011-3365)

It was discovered that KIO in KDE-Libs did not properly perform input validation during proxy authentication. An attacker could exploit this to modify displaying of the realm and proxy URL.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

KDE Security Advisory reports :

The default rendering type for a QLabel is QLabel::AutoText, which uses heuristics to determine whether to render the given content as plain text or rich text. KSSL and Rekonq did not properly force its QLabels to use QLabel::PlainText. As a result, if given a certificate containing rich text in its fields, they would render the rich text.
Specifically, a certificate containing a common name (CN) that has a table element will cause the second line of the table to be displayed.
This can allow spoofing of the certificate's common name.

Updated kdelibs packages for Red Hat Enterprise Linux 4 and 5 and updated kdelibs3 packages for Red Hat Enterprise Linux 6 that fix one security issue are now available.

The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

The kdelibs and kdelibs3 packages provide libraries for the K Desktop Environment (KDE).

An input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An attacker could supply a specially crafted SSL certificate (for example, via a web page) to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid. (CVE-2011-3365)

Users should upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect.

Updated kdelibs packages that fix one security issue and add one enhancement are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

The kdelibs packages provide libraries for the K Desktop Environment (KDE).

An input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An attacker could supply a specially crafted SSL certificate (for example, via a web page) to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid. (CVE-2011-3365)

This update also adds the following enhancement :

* kdelibs provided its own set of trusted Certificate Authority (CA) certificates. This update makes kdelibs use the system set from the ca-certificates package, instead of its own copy. (BZ#743951)

Users should upgrade to these updated packages, which contain backported patches to correct this issue and add this enhancement. The desktop must be restarted (log out, then log back in) for this update to take effect.

KDE Workspaces, Applications, and Development Platform 4.7.1 bugfix release, see also: http://kde.org/announcements/announce-4.7.1.php

This batch also includes split packaging for kdeedu-related rpms.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
79962	GLSA-201412-09 : Multiple packages, Multiple vulnerabilities fixed in 2011	Nessus	Gentoo Local Security Checks	critical
76305	GLSA-201406-34 : KDE Libraries: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
75878	openSUSE Security Update : kdelibs4 (openSUSE-SU-2011:1135-1)	Nessus	SuSE Local Security Checks	medium
68374	Oracle Linux 4 / 5 / 6 : kdelibs / kdelibs3 (ELSA-2011-1385)	Nessus	Oracle Linux Local Security Checks	medium
68368	Oracle Linux 6 : kdelibs (ELSA-2011-1364)	Nessus	Oracle Linux Local Security Checks	medium
61159	Scientific Linux Security Update : kdelibs and kdelibs3 on SL4.x, SL5.x, SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	medium
61152	Scientific Linux Security Update : kdelibs on SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	medium
56687	Mandriva Linux Security Advisory : kdelibs4 (MDVSA-2011:162)	Nessus	Mandriva Local Security Checks	high
56647	Ubuntu 10.04 LTS / 10.10 / 11.04 : kde4libs vulnerability (USN-1248-1)	Nessus	Ubuntu Local Security Checks	medium
56587	FreeBSD : kdelibs4, rekonq -- input validation failure (6d21a287-fce0-11e0-a828-00235a5f2c9a)	Nessus	FreeBSD Local Security Checks	medium
56561	RHEL 4 / 5 / 6 : kdelibs and kdelibs3 (RHSA-2011:1385)	Nessus	Red Hat Local Security Checks	medium
56559	CentOS 4 / 5 : kdelibs (CESA-2011:1385)	Nessus	CentOS Local Security Checks	medium
56463	RHEL 6 : kdelibs (RHSA-2011:1364)	Nessus	Red Hat Local Security Checks	medium
56386	Fedora 16 : PyKDE4-4.7.1-2.fc16 / akonadi-1.6.1-1.fc16 / blinken-4.7.1-2.fc16 / cantor-4.7.1-2.fc16 / etc (2011-13417)	Nessus	Fedora Local Security Checks	medium

CVE-2011-3365

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Tenable Plugins