[SECURITY] Fedora 11 Update: kdelibs3-3.5.10-13.fc11.1

updates at fedoraproject.org updates at fedoraproject.org
Wed Sep 9 01:49:04 UTC 2009 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-9391
2009-09-09 00:46:03
--------------------------------------------------------------------------------

Name        : kdelibs3
Product     : Fedora 11
Version     : 3.5.10
Release     : 13.fc11.1
URL         : http://www.kde.org/
Summary     : K Desktop Environment 3 - Libraries
Description :
Libraries for the K Desktop Environment 3:
KDE Libraries included: kdecore (KDE core library), kdeui (user interface),
kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking),
kspell (spelling checker), jscript (javascript), kab (addressbook),
kimgio (image manipulation).

--------------------------------------------------------------------------------
Update Information:

This update fixes CVE-2009-2702, a security issue where SSL certificates
containing embedded NUL characters would falsely pass validation when they're
actually invalid, for the KDE 3 compatibility version of kdelibs.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Sep  6 2009 Kevin Kofler <Kevin at tigcc.ticalc.org> - 3.5.10-13.1
- fix for CVE-2009-2702
* Sun Jul 26 2009 Kevin Kofler <Kevin at tigcc.ticalc.org> - 3.5.10-13
- fix CVE-2009-2537 - select length DoS
- fix CVE-2009-1725 - crash, possible ACE in numeric character references
- fix CVE-2009-1690 - crash, possible ACE in KHTML (<head> use-after-free)
- fix CVE-2009-1687 - possible ACE in KJS (FIXME: still crashes?)
- fix CVE-2009-1698 - crash, possible ACE in CSS style attribute handling
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.5.10-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Sat Jul 18 2009 Rex Dieter <rdieter at fedoraproject.org> - 3.5.10-12 
- FTBFS kdelibs3-3.5.10-11.fc11 (#511571)
- -devel: Requires: %{name}%_isa ...
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #520661 - CVE-2009-2702 kdelibs: kssl incorrect verification of SSL certificate with NUL in subjectAltName
        https://bugzilla.redhat.com/show_bug.cgi?id=520661
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update kdelibs3' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the Fedora-package-announce mailing list