Slackware: Konqueror Multiple vulnerabilities
Posted by LinuxSecurity.com Team   
Slackware Note that this update addresses a security problem in Konqueror which may cause authentication credentials to be leaked to an unintended website through the HTTP-referer header when they have been entered into Konqueror as a URL

[slackware-security]  KDE packages updated (SSA:2003-213-01)

New KDE packages are available for Slackware 9.0.  These address a
security issue where Konqueror may leak authentication credentials.


Here are the details from the Slackware 9.0 ChangeLog:
+--------------------------+
Fri Aug  1 15:15:51 PDT 2003
patches/packages/kde/*:  Upgraded to KDE 3.1.3.
  Note that this update addresses a security problem in Konqueror which may
  cause authentication credentials to be leaked to an unintended website
  through the HTTP-referer header when they have been entered into Konqueror
  as a URL of the form:
     password@host/'>http://user:password@host/
  For more information about this issue, please see the KDE advisory:
     http://www.kde.org/info/security/advisory-20030729-1.txt
We recommend that sites running KDE install this update.
(* Security fix *)
patches/packages/kdei/*:  New internationalization packages for KDE 3.1.3.
+--------------------------+


WHERE TO FIND THE NEW PACKAGES:
+-----------------------------+

Updated packages for Slackware 9.0: 
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/kde/*.tgz 
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/kdei/*.tgz

These packages are signed with our GPG key: 
http://slackware.com/gpg-key


INSTALLATION INSTRUCTIONS:
+------------------------+

Upgrade using upgradepkg (as root):
upgradepkg *.tgz


+-----+

Slackware Linux Security Team 
http://slackware.com/gpg-key
security@slackware.com