• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

KDE Konqueror Multiple Remote Java Sandbox Bypass Vulnerabilities

Solution:
KDE has released KDE version 3.3.2 dealing with this issue.

Mandrake Linux has released an advisory (MDKSA-2004:154) along with fixes dealing with this issue. Please see the referenced advisory for more information.

Gentoo has released an advisory to provide updates for this issue. Updates may be applied by running the following commands as the superuser:
emerge --sync
emerge --ask --oneshot --verbose kde-base/kdelibs

Fedora has released advisories FEDORA-2005-063 and FEDORA-2005-064 for Fedora Core 2 and 3. These advisories contain updated kdelibs packages. Please see the referenced advisories for more information.

SuSE Linux has released a security summary report (SUSE-SR:2005:003) that contains fixes to address this and other vulnerabilities. Customers are advised to peruse the referenced advisory for further information regarding obtaining and applying appropriate updates.


KDE KDE 3.0

• KDE KDE 3.3.2
  http://www.kde.org/download/


• KDE post-3.2.3-kdelibs-khtml-java.tar.bz2
  ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-khtml-ja va.tar.bz2

KDE KDE 3.0.1

• KDE KDE 3.3.2
  http://www.kde.org/download/


• KDE post-3.2.3-kdelibs-khtml-java.tar.bz2
  ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-khtml-ja va.tar.bz2

KDE KDE 3.0.2

• KDE KDE 3.3.2
  http://www.kde.org/download/


• KDE post-3.2.3-kdelibs-khtml-java.tar.bz2
  ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-khtml-ja va.tar.bz2

KDE KDE 3.0.3 a

• KDE KDE 3.3.2
  http://www.kde.org/download/


• KDE post-3.2.3-kdelibs-khtml-java.tar.bz2
  ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-khtml-ja va.tar.bz2

KDE KDE 3.0.3

• KDE KDE 3.3.2
  http://www.kde.org/download/


• KDE post-3.2.3-kdelibs-khtml-java.tar.bz2
  ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-khtml-ja va.tar.bz2

KDE KDE 3.0.4

• KDE KDE 3.3.2
  http://www.kde.org/download/


• KDE post-3.2.3-kdelibs-khtml-java.tar.bz2
  ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-khtml-ja va.tar.bz2

KDE KDE 3.0.5

• KDE KDE 3.3.2
  http://www.kde.org/download/


• KDE post-3.2.3-kdelibs-khtml-java.tar.bz2
  ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-khtml-ja va.tar.bz2

KDE KDE 3.0.5 b

• KDE KDE 3.3.2
  http://www.kde.org/download/


• KDE post-3.2.3-kdelibs-khtml-java.tar.bz2
  ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-khtml-ja va.tar.bz2

KDE KDE 3.0.5 a

• KDE KDE 3.3.2
  http://www.kde.org/download/


• KDE post-3.2.3-kdelibs-khtml-java.tar.bz2
  ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-khtml-ja va.tar.bz2

KDE KDE 3.1

• KDE KDE 3.3.2
  http://www.kde.org/download/


• KDE post-3.2.3-kdelibs-khtml-java.tar.bz2
  ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-khtml-ja va.tar.bz2

KDE KDE 3.1.1

• KDE KDE 3.3.2
  http://www.kde.org/download/


• KDE post-3.2.3-kdelibs-khtml-java.tar.bz2
  ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-khtml-ja va.tar.bz2


• SuSE kdebase3-3.1.1-166.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/kdebase3-3.1.1-16 6.i586.rpm


• SuSE kdelibs3-3.1.1-151.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/kdelibs3-3.1.1-15 1.i586.rpm

KDE KDE 3.1.1 a

• KDE KDE 3.3.2
  http://www.kde.org/download/


• KDE post-3.2.3-kdelibs-khtml-java.tar.bz2
  ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-khtml-ja va.tar.bz2

KDE KDE 3.1.2

• KDE KDE 3.3.2
  http://www.kde.org/download/


• KDE post-3.2.3-kdelibs-khtml-java.tar.bz2
  ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-khtml-ja va.tar.bz2

KDE KDE 3.1.3

• KDE KDE 3.3.2
  http://www.kde.org/download/


• KDE post-3.2.3-kdelibs-khtml-java.tar.bz2
  ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-khtml-ja va.tar.bz2

KDE KDE 3.1.4

• KDE KDE 3.3.2
  http://www.kde.org/download/


• KDE post-3.2.3-kdelibs-khtml-java.tar.bz2
  ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-khtml-ja va.tar.bz2


• SuSE kdebase3-3.1.4-80.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/kdebase3-3.1.4-80 .i586.rpm


• SuSE kdebase3-3.1.4-80.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/kdebase3-3.1. 4-80.x86_64.rpm


• SuSE kdelibs3-3.1.4-58.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/kdelibs3-3.1.4-58 .i586.rpm


• SuSE kdelibs3-3.1.4-58.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/kdelibs3-3.1. 4-58.x86_64.rpm

KDE KDE 3.1.5

• KDE KDE 3.3.2
  http://www.kde.org/download/


• KDE post-3.2.3-kdelibs-khtml-java.tar.bz2
  ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-khtml-ja va.tar.bz2

KDE KDE 3.2

• KDE KDE 3.3.2
  http://www.kde.org/download/


• KDE post-3.2.3-kdelibs-khtml-java.tar.bz2
  ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-khtml-ja va.tar.bz2


• Mandrake kdelibs-common-3.2-36.7.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake kdelibs-common-3.2-36.7.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64kdecore4-3.2-36.7.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64kdecore4-devel-3.2-36.7.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libkdecore4-3.2-36.7.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libkdecore4-devel-3.2-36.7.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php

KDE KDE 3.2.1

• KDE KDE 3.3.2
  http://www.kde.org/download/


• KDE post-3.2.3-kdelibs-khtml-java.tar.bz2
  ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-khtml-ja va.tar.bz2


• SuSE kdebase3-3.2.1-68.36.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kdebase3-3.2.1-68 .36.i586.rpm


• SuSE kdelibs3-3.2.1-44.39.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kdelibs3-3.2.1-44 .39.i586.rpm

KDE KDE 3.2.2

• Fedora kdelibs-3.2.2-12.FC2.i386.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora kdelibs-3.2.2-12.FC2.x86_64.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora kdelibs-debuginfo-3.2.2-12.FC2.i386.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora kdelibs-debuginfo-3.2.2-12.FC2.x86_64.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora kdelibs-devel-3.2.2-12.FC2.i386.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora kdelibs-devel-3.2.2-12.FC2.x86_64.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• KDE KDE 3.3.2
  http://www.kde.org/download/


• KDE post-3.2.3-kdelibs-khtml-java.tar.bz2
  ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-khtml-ja va.tar.bz2

KDE KDE 3.2.3

• KDE KDE 3.3.2
  http://www.kde.org/download/


• KDE post-3.2.3-kdelibs-khtml-java.tar.bz2
  ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-khtml-ja va.tar.bz2


• Mandrake kdelibs-common-3.2.3-99.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake kdelibs-common-3.2.3-99.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64kdecore4-3.2.3-99.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64kdecore4-devel-3.2.3-99.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libkdecore4-3.2.3-99.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libkdecore4-devel-3.2.3-99.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php

KDE KDE 3.3

• Fedora kdelibs-3.3.1-2.6.FC3.i386.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora kdelibs-3.3.1-2.6.FC3.x86_64.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora kdelibs-debuginfo-3.3.1-2.6.FC3.i386.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora kdelibs-debuginfo-3.3.1-2.6.FC3.x86_64.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora kdelibs-devel-3.3.1-2.6.FC3.i386.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora kdelibs-devel-3.3.1-2.6.FC3.x86_64.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• KDE KDE 3.3.2
  http://www.kde.org/download/


• KDE post-3.2.3-kdelibs-khtml-java.tar.bz2
  ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-khtml-ja va.tar.bz2


• SuSE kdebase3-3.2.1-68.36.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kdebase3-3.2. 1-68.36.x86_64.rpm


• SuSE kdebase3-3.3.0-29.3.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kdebase3-3.3.0-29 .3.i586.rpm


• SuSE kdebase3-3.3.0-29.3.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/kdebase3-3.3. 0-29.3.x86_64.rpm


• SuSE kdebase3-32bit-9.2-200501241627.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/kdebase3-32bi t-9.2-200501241627.x86_64.rpm


• SuSE kdelibs3-3.2.1-44.39.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kdelibs3-3.2. 1-44.39.x86_64.rpm


• SuSE kdelibs3-3.3.0-34.3.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kdelibs3-3.3.0-34 .3.i586.rpm


• SuSE kdelibs3-3.3.0-34.3.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/kdelibs3-3.3. 0-34.3.x86_64.rpm


• SuSE kdelibs3-32bit-9.2-200501241627.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/kdelibs3-32bi t-9.2-200501241627.x86_64.rpm

KDE KDE 3.3.1

• KDE KDE 3.3.2
  http://www.kde.org/download/


• KDE post-3.2.3-kdelibs-khtml-java.tar.bz2
  ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-khtml-ja va.tar.bz2