Fedora alert FEDORA-2009-9400 (kdelibs3)
| From: | updates@fedoraproject.org | |
| To: | fedora-package-announce@redhat.com | |
| Subject: | [SECURITY] Fedora 10 Update: kdelibs3-3.5.10-13.fc10.1 | |
| Date: | Wed, 09 Sep 2009 01:50:21 +0000 | |
| Message-ID: | <20090909015021.C28DA10F8AB@bastion2.fedora.phx.redhat.com> | |
| Archive‑link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-9400 2009-09-09 00:47:08 -------------------------------------------------------------------------------- Name : kdelibs3 Product : Fedora 10 Version : 3.5.10 Release : 13.fc10.1 URL : http://www.kde.org/ Summary : K Desktop Environment 3 - Libraries Description : Libraries for the K Desktop Environment 3: KDE Libraries included: kdecore (KDE core library), kdeui (user interface), kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking), kspell (spelling checker), jscript (javascript), kab (addressbook), kimgio (image manipulation). -------------------------------------------------------------------------------- Update Information: This update fixes CVE-2009-2702, a security issue where SSL certificates containing embedded NUL characters would falsely pass validation when they're actually invalid, for the KDE 3 compatibility version of kdelibs. -------------------------------------------------------------------------------- ChangeLog: * Sun Sep 6 2009 Kevin Kofler <Kevin@tigcc.ticalc.org> - 3.5.10-13.1 - fix for CVE-2009-2702 * Sun Jul 26 2009 Kevin Kofler <Kevin@tigcc.ticalc.org> - 3.5.10-13 - fix CVE-2009-2537 - select length DoS - fix CVE-2009-1725 - crash, possible ACE in numeric character references - fix CVE-2009-1690 - crash, possible ACE in KHTML (<head> use-after-free) - fix CVE-2009-1687 - possible ACE in KJS (FIXME: still crashes?) - fix CVE-2009-1698 - crash, possible ACE in CSS style attribute handling * Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.5.10-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Sat Jul 18 2009 Rex Dieter <rdieter@fedoraproject.org> - 3.5.10-12 - FTBFS kdelibs3-3.5.10-11.fc11 (#511571) - -devel: Requires: %{name}%_isa ... * Sun Apr 19 2009 Rex Dieter <rdieter@fedoraproject.org> - 3.5.10-11 - update openssl patch (for 0.9.8k) * Thu Apr 16 2009 Rex Dieter <rdieter@fedoraproject.org> - 3.5.10-10 - move designer plugins to runtime (#487622) - make -apidocs noarch * Mon Mar 2 2009 Than Ngo <than@redhat.com> - 3.5.10-9 - enable -apidocs * Fri Feb 27 2009 Rex Dieter <rdieter@fedoraproject.org> - 3.5.10-8 - disable -apidocs (f11+, #487719) - cleanup unused kdeui_symlink hack baggage * Wed Feb 25 2009 Than Ngo <than@redhat.com> - 3.5.10-7 - fix files conflicts with 4.2.x - fix build issue with gcc-4.4 * Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.5.10-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild * Sat Jan 31 2009 Rex Dieter <rdieter@fedoraproject.org> - 6:3.5.10-5 - unowned dirs (#483318) * Sat Jan 10 2009 Ville Skyttä <ville.skytta at iki.fi> - 6:3.5.10-4 - Slight speedup to profile.d/kde.sh (#465370). * Mon Dec 15 2008 Kevin Kofler <Kevin@tigcc.ticalc.org> 3.5.10-3 - update the KatePart latex.xml syntax definition to the version from Kile 2.0.3 * Thu Dec 4 2008 Rex Dieter <rdieter@fedoraproject.org> 3.5.10-2 - omit libkscreensaver (F9+) -------------------------------------------------------------------------------- References: [ 1 ] Bug #520661 - CVE-2009-2702 kdelibs: kssl incorrect verification of SSL certificate with NUL in subjectAltName https://bugzilla.redhat.com/show_bug.cgi?id=520661 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update kdelibs3' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-ann...