Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Waldo Bastian (bastian_at_kde.org)
Date: Sun Aug 18 2002 - 23:17:14 CDT
-----BEGIN PGP SIGNED MESSAGE-----
KDE Security Advisory: Konqueror SSL vulnerability
Original Release Date: 2002-08-18
1. Systems affected:
All versions of KDE up to and including KDE 3.0.2
KDE's SSL implementation fails to check the basic constraints on
certificates and as a result may accept certificates as valid that were signed
by an issuer who was not authorized to do so.
Users of Konqueror and other SSL enabled KDE software may fall victim
to a malicious man-in-the-middle attack without noticing. In such case the
user will be under the impression that there is a secure connection with a
trusted site while in fact a different site has been connected to.
Upgrade kdelibs to KDE 3.0.3. A patch for KDE 2.2.2 is available as
well for users that are unable to upgrade to KDE 3.
A patch for KDE 2.2.2 is available from
bastiankde.org | SuSE Labs KDE Developer | bastiansuse.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----