Synopsis: Moderate: kdelibs security update Issue date: 2007-10-08 CVE Names: CVE-2007-0242 CVE-2007-0537 CVE-2007-1308 CVE-2007-1564 CVE-2007-3820 CVE-2007-4224 Two cross-site-scripting flaws were found in the way Konqueror processes certain HTML content. This could result in a malicious attacker presenting misleading content to an unsuspecting user. (CVE-2007-0242, CVE-2007-0537) A flaw was found in KDE JavaScript implementation. A web page containing malicious JavaScript code could cause Konqueror to crash. (CVE-2007-1308) A flaw was found in the way Konqueror handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user's firewall. (CVE-2007-1564) Two Konqueror address spoofing flaws have been discovered. It was possible for a malicious website to cause the Konqueror address bar to display information which could trick a user into believing they are at a different website than they actually are. (CVE-2007-3820, CVE-2007-4224) SL 4.x SRPMS: kdelibs-3.3.1-9.el4.src.rpm i386: kdelibs-3.3.1-9.el4.i386.rpm kdelibs-devel-3.3.1-9.el4.i386.rpm x86_64: kdelibs-3.3.1-9.el4.i386.rpm kdelibs-3.3.1-9.el4.x86_64.rpm kdelibs-devel-3.3.1-9.el4.x86_64.rpm SL 5.x SRPMS: kdelibs-3.5.4-13.el5.src.rpm i386: kdelibs-3.5.4-13.el5.i386.rpm kdelibs-apidocs-3.5.4-13.el5.i386.rpm kdelibs-devel-3.5.4-13.el5.i386.rpm x86_64: kdelibs-3.5.4-13.el5.i386.rpm kdelibs-3.5.4-13.el5.x86_64.rpm kdelibs-apidocs-3.5.4-13.el5.x86_64.rpm kdelibs-devel-3.5.4-13.el5.i386.rpm kdelibs-devel-3.5.4-13.el5.x86_64.rpm -Connie Sieh -Troy Dawson