SECURITY: Konqueror SSL Vulnerability
Waldo Bastian
bastian at kde.org
Mon Aug 12 18:22:55 BST 2002
Konqueror (kssl to be precisely) fails to detect certificates as invalid that
have been signed by an issuer who is not allowed to do so. A patch for this
problem has been commited to both the CVS HEAD branch and the KDE_3_0_BRANCH.
KDE packages for the upcoming KDE 3.0.3 release will be updated to include
this fix. We hope to have binary packages for KDE 3.0.3 available by the
start of next week.
Thanks go to Mike Benham and Gregory Steuck for alerting us to the problem.
See also:
http://online.securityfocus.com/archive/1/286895/2002-08-08/2002-08-14/1
http://slashdot.org/article.pl?sid=02/08/12/1341239
http://www.theregister.co.uk/content/4/26620.html
Cheers,
Waldo
--
bastian at kde.org | SuSE Labs KDE Developer | bastian at suse.com
More information about the kfm-devel
mailing list