Rapid7 Vulnerability & Exploit Database

RHSA-2003:192: Updated KDE packages fix security issue

Back to Search

RHSA-2003:192: Updated KDE packages fix security issue

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
06/16/2003
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

Updated KDE packages that resolve a vulnerability in KDE's SSL implementation are now available.

KDE is a graphical desktop environment for the X Window System. KDE versions 2.2.2 and earlier have a vulnerability in their SSL implementation that makes it possible for users of Konqueror and other SSL enabled KDE software to fall victim to a man-in-the-middle attack. Red Hat Linux 7.1 and 7.2 shipped with KDE packages that are vulnerable to this issue. Users of KDE should upgrade to these erratum packages, which contain KDE 2.2.2 with a backported patch to correct this vulnerability.

Solution(s)

  • redhat-upgrade-arts
  • redhat-upgrade-kdelibs
  • redhat-upgrade-kdelibs-devel
  • redhat-upgrade-kdelibs-sound
  • redhat-upgrade-kdelibs-sound-devel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;