FreeBSD : kdelibs4, rekonq -- input validation failure (6d21a287-fce0-11e0-a828-00235a5f2c9a)
Medium Nessus Plugin ID 56587
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionKDE Security Advisory reports :
The default rendering type for a QLabel is QLabel::AutoText, which uses heuristics to determine whether to render the given content as plain text or rich text. KSSL and Rekonq did not properly force its QLabels to use QLabel::PlainText. As a result, if given a certificate containing rich text in its fields, they would render the rich text.
Specifically, a certificate containing a common name (CN) that has a table element will cause the second line of the table to be displayed.
This can allow spoofing of the certificate's common name.
SolutionUpdate the affected packages.