From security-announce@turbolinux.co.jp Mon Aug 4 01:00:32 2003 From: Turbolinux Resent-From: security-announce@turbolinux.co.jp To: security-announce@turbolinux.co.jp Resent-To: server-users-e@turbolinux.co.jp (moderated) Date: Wed, 30 Jul 2003 19:25:32 +0900 Reply-To: server-users-e@turbolinux.co.jp Subject: [Full-Disclosure] [TURBOLINUX SECURITY INFO] 30/Jul/2003 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is an announcement only email list for the x86 architecture. ============================================================ Turbolinux Security Announcement 30/Jul/2003 ============================================================ The following page contains the security information of Turbolinux Inc. - Turbolinux Security Center http://www.turbolinux.com/security/ (1) kdelibs -> Konqueror Referer Leaking Website Authentication Credentials =========================================================== * kdelibs -> Konqueror Referer Leaking Website Authentication Credentials =========================================================== More information : Kdelibs are main libraries for the K Desktop Environment. Konqueror may inadvertently send authentication credentials to websites other than the intended website in clear text via the HTTP-referer header when authentication credentials are passed as part of a URL in the form of http://user:password@host/ Impact : Users of Konqueror may unknowingly distribute website authentication credentials to third parties with links on the password protected website. This may make it possible for those third parties to gain unauthorized access to the password protected website. Affected Products : - Turbolinux 8 Server - Turbolinux 8 Workstation - Turbolinux 7 Server - Turbolinux 7 Workstation Solution : Please use turbopkg tool to apply the update. Source Packages Size : MD5 kdelibs-2.2.2-16.src.rpm 6024245 2fe288fce27a7a84c47eb22bb81b0b1e Binary Packages Size : MD5 arts-2.2.2-16.i586.rpm 822708 cf5417a4eeefb8903f2c9e2d81217be8 arts-devel-2.2.2-16.i586.rpm 71595 7dee59a8dbb5c9fbe06264dd13648ae2 kdelibs-2.2.2-16.i586.rpm 7815233 e12341a6ecad6a266af8c3b107ce78ad kdelibs-devel-2.2.2-16.i586.rpm 2477357 37096b62bf62aea2a239dbbd57a500f7 Source Packages Size : MD5 kdelibs-2.2.2-16.src.rpm 6024245 c35a6cfb84583fd69159c79e7018b61f Binary Packages Size : MD5 arts-2.2.2-16.i586.rpm 823892 e45d94e19dfa14b7be0a64603f8c6a75 arts-devel-2.2.2-16.i586.rpm 71625 42e2eafc27506a15fa4acad18e531c95 kdelibs-2.2.2-16.i586.rpm 7815317 53a6e2cafa1aeac26d520c2150377785 kdelibs-devel-2.2.2-16.i586.rpm 2477118 bc04c10ff9d216fc922d7bdbf17a5d6a Source Packages Size : MD5 kdelibs-2.2.2-16.src.rpm 6024245 c822b6ed0256d74987964d17317c150a Binary Packages Size : MD5 arts-2.2.2-16.i586.rpm 741313 e2358094f0e58bcf8ccb80d6498b122f arts-devel-2.2.2-16.i586.rpm 70969 66e0fcd4ae3d9df9bc466b12fbf8901d kdelibs-2.2.2-16.i586.rpm 7342876 0c815a1a31d4a3ec1c9abbf7ef115696 kdelibs-devel-2.2.2-16.i586.rpm 2476081 ea8a7058faa29c5057dc4ae7164b95e1 Source Packages Size : MD5 kdelibs-2.2.2-16.src.rpm 6024245 f656c769d633587919c02e1b80b0fb45 Binary Packages Size : MD5 arts-2.2.2-16.i586.rpm 741603 ae2a204bc28ccab1f3f8dea2665294a6 arts-devel-2.2.2-16.i586.rpm 70930 8a3886c8d9b68bd373e2ffecb80488fd kdelibs-2.2.2-16.i586.rpm 7340395 f86635b55c16b6bd0dce415ab5aaabd4 kdelibs-devel-2.2.2-16.i586.rpm 2475995 deeb63aca039f55b1d4eb1e1b5cb3a6b References : KDE Security Advisory http://www.kde.org/info/security/advisory-20030729-1.txt CVE [CAN-2003-0459] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0459 * You may need to update the turbopkg tool before applying the update. Please refer to the following URL for detailed information. http://www.turbolinux.com/download/zabom.html http://www.turbolinux.com/download/zabomupdate.html Package Update Path http://www.turbolinux.com/update ============================================================ * To obtain the public key Here is the public key http://www.turbolinux.com/security/ * To unsubscribe from the list If you ever want to remove yourself from this mailing list, you can send a message to with the word `unsubscribe' in the body (don't include the quotes). unsubscribe * To change your email address If you ever want to chage email address in this mailing list, you can send a message to with the following command in the message body: chaddr 'old address' 'new address' If you have any questions or problems, please contact Thank you! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/J50gK0LzjOqIJMwRAl8gAJwPniCwx01K+jwZVAY200J7rGZDrACfQPiE C9T2rB53j4HQ9JGra/DJJas= =xVyo -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html