LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Security page

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

A couple of KDE security advisories

[Posted September 11, 2002 by corbet]

The KDE project has issued a couple of security advisories:
  • This one describes a cross-site scripting vulnerability in Konqueror (and any other application which uses the KHTML renderer). Javascript code running in one frame can access other frames which should be inaccessible. This problem is fixed in kdelibs 3.0.3a.

  • The second is for a secure cookie problem in Konqueror. The "secure" flag in cookies is not recognized, with the result that "secure" cookes can be transmitted over unencrypted connections. KDE 3.0.3 fixes the problem.

We will, of course, pass on distributor updates as we receive them.

(Log in to post comments)

A couple of KDE security advisories

Posted Sep 12, 2002 9:46 UTC (Thu) by dannys (guest, #3651) [Link]

The Debian packages on all the KDE mirrors have been updated with KDE 3.0.3a, and a fixed kdelibs for 2.2.2 has been uploaded to unstable (aka sid). The security team has the package for stable (aka woody), and is working on getting it built for all architectures.

Cheers,
Daniel (not the maintainer any more, but occasional packager when Chris has no time)

Copyright © 2002, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds