Pardus alert 2011-79 (kdelibs)
| From: | Meltem Parmaksız <meltem@pardus.org.tr> | |
| To: | pardus-security@pardus.org.tr | |
| Subject: | [Pardus-security] [PLSA 2011-79] kdelibs: MITM Attack | |
| Date: | Thu, 26 May 2011 15:01:07 +0300 | |
| Message-ID: | <201105261501.07419.meltem@pardus.org.tr> |
------------------------------------------------------------------------ Pardus Linux Security Advisory 2011-79 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2011-05-11 Severity: 3 Type: Local ------------------------------------------------------------------------ Summary ======= A vulnerability has been fixed in kdelibs,which can be exploited by malicious people to man-in-the-middle attack. Description =========== CVE-2011-1094 An attacker able to get an SSL certificate form a trusted CA issued for an attacker-controlled IP address could perform a MITM attack, if they were also able to hijack victim's DNS to resolve host names to the attacker's IP. Affected packages: Pardus 2009: kdelibs, all before 4.4.5-80-52 Pardus 2011: kdelibs, all before 4.5.5-94-p11 Resolution ========== There are update(s) for kdelibs. You can update them via Package Manager or with a single command from console: Pardus 2009: pisi up kdelibs Pardus 2011: pisi up kdelibs References ========== * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-... * http://bugs.pardus.org.tr/show_bug.cgi?id=17340 ------------------------------------------------------------------------ _______________________________________________ Pardus-Security mailing list Pardus-Security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security