| |||||||||||||||||||
Pardus alert 2011-79 (kdelibs)
------------------------------------------------------------------------ Pardus Linux Security Advisory 2011-79 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2011-05-11 Severity: 3 Type: Local ------------------------------------------------------------------------ Summary ======= A vulnerability has been fixed in kdelibs,which can be exploited by malicious people to man-in-the-middle attack. Description =========== CVE-2011-1094 An attacker able to get an SSL certificate form a trusted CA issued for an attacker-controlled IP address could perform a MITM attack, if they were also able to hijack victim's DNS to resolve host names to the attacker's IP. Affected packages: Pardus 2009: kdelibs, all before 4.4.5-80-52 Pardus 2011: kdelibs, all before 4.5.5-94-p11 Resolution ========== There are update(s) for kdelibs. You can update them via Package Manager or with a single command from console: Pardus 2009: pisi up kdelibs Pardus 2011: pisi up kdelibs References ========== * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-... * http://bugs.pardus.org.tr/show_bug.cgi?id=17340 ------------------------------------------------------------------------ _______________________________________________ Pardus-Security mailing list Pardus-Security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security (Log in to post comments)
|
|||||||||||||||||||