-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2003-36
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------
Original released date : 06 Jun 2003
Last revised : 11 Jun 2003
Package : kdelibs
Summary : Konqueror Embedded SSL vulnerability
More information :
Main libraries for the K Desktop Environment.
KDE's SSL implementation in the affected versions matches certificates
based on IP number instead of hostname. Due to this it may fail to notice
a man-in-the-middle attack.
Impact :
Users of Konqueror and other SSL enabled KDE software may fall victim
to a malicious man-in-the-middle attack without noticing. In such case the
user will be under the impression that there is a secure connection with a
trusted site while in fact a different site has been connected to.
Affected Products :
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
Solution :
Please use turbopkg tool to apply the update.
<Turbolinux 8 Server>
Source Packages
Size : MD5
kdelibs-2.2.2-15.src.rpm
6023563 f45837e6e69bff7e2f3a145cd175b0a2
Binary Packages
Size : MD5
arts-2.2.2-15.i586.rpm
822618 5828ec9b401f1b08f3d86b60f2421e36
arts-devel-2.2.2-15.i586.rpm
71260 7762933416c444366fa50ae3996f301f
kdelibs-2.2.2-15.i586.rpm
7810309 111c8ff48b7f9226df74109c5c7395ba
kdelibs-devel-2.2.2-15.i586.rpm
2476287 3b36a0ced2b48421822242bdeeef6b87
<Turbolinux 8 Workstation>
Source Packages
Size : MD5
kdelibs-2.2.2-15.src.rpm
6023563 890efc75e9ee7b2df9be541a2e815304
Binary Packages
Size : MD5
arts-2.2.2-15.i586.rpm
822776 312ff357b7c9ec986f3aefa9ad424d5a
arts-devel-2.2.2-15.i586.rpm
71364 06c2712cfcab3e873d91e6ea4a9efe9e
kdelibs-2.2.2-15.i586.rpm
7811621 dd2dbfc333804b7ce29dcc0fcedb7c21
kdelibs-devel-2.2.2-15.i586.rpm
2478673 cdd87786aaeea3fbc336c1ba3d7cfe8e
<Turbolinux 7 Server>
Source Packages
Size : MD5
kdelibs-2.2.2-15.src.rpm
6023563 73444e45262c6b2ac96f45ce796283ca
Binary Packages
Size : MD5
arts-2.2.2-15.i586.rpm
741336 c1d513970ffd68d49e864a85eb8bdd14
arts-devel-2.2.2-15.i586.rpm
70816 bc776612cd0bded3645c0de0d8f9fed3
kdelibs-2.2.2-15.i586.rpm
7341074 3890e4248a6ee681a926c06247ac801a
kdelibs-devel-2.2.2-15.i586.rpm
2476432 19de24c8a1177a56b4fa16f134f93d66
<Turbolinux 7 Workstation>
Source Packages
Size : MD5
kdelibs-2.2.2-15.src.rpm
6023563 59c0418654dd0dbaaf5d01585fad1470
Binary Packages
Size : MD5
arts-2.2.2-15.i586.rpm
741437 ced2e758201633be53aa1a0c2b04d1d9
arts-devel-2.2.2-15.i586.rpm
70844 856a3edd151248b587e0b130036ffb9d
kdelibs-2.2.2-15.i586.rpm
7343445 f9404692280520c83e995622af77ccd9
kdelibs-devel-2.2.2-15.i586.rpm
2477137 3114487484a3c7ec2f0e959382eff0ce
References :
KDE Security Advisory
http://www.kde.org/info/security/advisory-20030602-1.txt
--------------------------------------------------------------------------
Revision History
06 Jun 2003 Initial release
11 Jun 2003 Modified Advisory number
--------------------------------------------------------------------------
Copyright(C) 2003 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE+5pacK0LzjOqIJMwRAoFUAJ987M6XMKNlA/FX/8pKh5Nbb9uBMwCfeoPZ
s1t522i9VkilRIUUKBUMONA=
=64Vu
-----END PGP SIGNATURE-----