USN-871-2: KDE 4 vulnerabilities
11 December 2009
KDE 4 vulnerabilities
- kde4libs -
USN-871-1 fixed vulnerabilities in KDE. This update provides the
corresponding updates for KDE 4.
This update also fixes a directory traversal flaw in KDE when processing
help:// URLs. This issue only affected Ubuntu 8.10.
Original advisory details:
It was discovered that the KDE libraries could use KHTML to process an
unknown MIME type. If a user or application linked against kdelibs were
tricked into opening a crafted file, an attacker could potentially trigger
XMLHTTPRequests to remote sites.
The problem can be corrected by updating your system to the following package versions:
After a standard system upgrade you need to restart your session to effect
the necessary changes.