Hi all, Any idea if there are KDE 3.1.4 rpms available for SuSE 8.2 x86 ? Looks like SuSE team does not offer patches for several kde problems : 1. If you run KDE 3.1.1 ( default KDE installation ) SuSE does not offer any patch for konqueror problem as described under "KDE Security Advisory: Konqueror Referer Leaking Website Authentication Credentials Original Release Date: 2003-07-29 URL: http://www.kde.org/info/security/advisory-20030729-1.txt 0. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0459 1. Systems affected: All versions of Konqueror as distributed with KDE up to and including KDE 3.1.2 as well as Konqueror/Embedded 2. Overview: Konqueror may inadvertently send authentication credentials to websites other than the intended website in clear text via the HTTP-referer header when authentication credentials are passed as part of a URL in the form of http://user:password@host/ The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0459 to this issue." The only solution was to upgrade KDE to 3.1.3 ! SuSE does not support this nor they offer a patch for this problem. Kind of strange ! 2. Using KDE 3.1.1 or 3.1.3 you have to patch KDM as described under : URL: http://www.kde.org/info/security/advisory-20030916-1.txt Any idea about this last point ? Regards, Stefan
participants (1)
-
Stefan Parvu