Slackware12セキュリティパッチ

oss

KDE関連のセキュリティパッチがリリース。さっそく当てなければ。

Fri Sep 21 18:13:09 CDT 2007
patches/packages/kdebase-3.5.7-i486-3_slack12.0.tgz:
  Patched Konqueror to prevent "spoofing" the URL
  (i.e. displaying a URL other than the one associated with the page displayed)
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3820
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4224
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4225
  Patched KDM issue:  "KDM can be tricked into performing a password-less
  login even for accounts with a password set under certain circumstances,
  namely autologin to be configured and "shutdown with password" enabled."
  For more information, see:
    http://www.kde.org/info/security/advisory-20070919-1.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4569
  (* Security fix *)
patches/packages/kdelibs-3.5.7-i486-3_slack12.0.tgz:
  Patched Konqueror's supporting libraries to prevent addressbar spoofing.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4225
  (* Security fix *)