MDVSA-2011:162 -- Mandriva kdelibs4ID: oval:org.secpod.oval:def:301064 | Date: (C)2012-01-07 (M)2023-12-07 |
Class: PATCH | Family: unix |
Multiple vulnerabilities was discovered and corrected in kdelibs4: KDE KSSL in kdelibs does not properly handle a \'\0\' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408 . An input sanitization flaw was found in the KSSL API. An attacker could supply a specially-crafted SSL certificate to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid . The updated packages have been patched to correct these issues.
Platform: |
Mandriva Linux 2010.1 |