Launchpad.net

CVE 2011-1094

kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a certificate issued by a legitimate Certification Authority for an IP address, a different vulnerability than CVE-2009-2702.

Related bugs and status

CVE-2011-1094 (Candidate) is related to these bugs:

Bug #743669: XSS scripting vulnerability in kdelibs

		In	Importance	Status
743669	XSS scripting vulnerability in kdelibs	kde4libs (Ubuntu)	Medium	Invalid
743669	XSS scripting vulnerability in kdelibs	kde4libs (Ubuntu Maverick)	Medium	Fix Released
743669	XSS scripting vulnerability in kdelibs	kde4libs (Ubuntu Lucid)	Medium	Fix Released
743669	XSS scripting vulnerability in kdelibs	kde4libs (Ubuntu Karmic)	Medium	Fix Released
743669	XSS scripting vulnerability in kdelibs	kde4libs (Ubuntu Natty)	Medium	Invalid

Bug #757065: Tracking bug for SRU update of KDE to 4.5.5 in Maverick

		In	Importance	Status
757065	Tracking bug for SRU update of KDE to 4.5.5 in Maverick	kde4libs (Ubuntu)	Undecided	Fix Released
757065	Tracking bug for SRU update of KDE to 4.5.5 in Maverick	kdepimlibs (Ubuntu)	Undecided	Fix Released
757065	Tracking bug for SRU update of KDE to 4.5.5 in Maverick	kdebindings (Ubuntu)	Undecided	Fix Released
757065	Tracking bug for SRU update of KDE to 4.5.5 in Maverick	meta-kde (Ubuntu)	Undecided	Fix Released
757065	Tracking bug for SRU update of KDE to 4.5.5 in Maverick	kdebase-workspace (Ubuntu)	Undecided	Fix Released
757065	Tracking bug for SRU update of KDE to 4.5.5 in Maverick	kdegraphics (Ubuntu)	Undecided	Fix Released
757065	Tracking bug for SRU update of KDE to 4.5.5 in Maverick	kdebase (Ubuntu)	Undecided	Fix Released
757065	Tracking bug for SRU update of KDE to 4.5.5 in Maverick	kdeedu (Ubuntu)	Undecided	Fix Released
757065	Tracking bug for SRU update of KDE to 4.5.5 in Maverick	kdeaccessibility (Ubuntu)	Undecided	Fix Released
757065	Tracking bug for SRU update of KDE to 4.5.5 in Maverick	kdeartwork (Ubuntu)	Undecided	Fix Released
757065	Tracking bug for SRU update of KDE to 4.5.5 in Maverick	kdeadmin (Ubuntu)	Undecided	Fix Released
757065	Tracking bug for SRU update of KDE to 4.5.5 in Maverick	kdebase-runtime (Ubuntu)	Undecided	Fix Released
757065	Tracking bug for SRU update of KDE to 4.5.5 in Maverick	kdegames (Ubuntu)	Undecided	Fix Released
757065	Tracking bug for SRU update of KDE to 4.5.5 in Maverick	kdemultimedia (Ubuntu)	Undecided	Fix Released
757065	Tracking bug for SRU update of KDE to 4.5.5 in Maverick	kdenetwork (Ubuntu)	Undecided	Fix Released
757065	Tracking bug for SRU update of KDE to 4.5.5 in Maverick	kdeplasma-addons (Ubuntu)	Undecided	Fix Released
757065	Tracking bug for SRU update of KDE to 4.5.5 in Maverick	kdesdk (Ubuntu)	Undecided	Fix Released
757065	Tracking bug for SRU update of KDE to 4.5.5 in Maverick	kdetoys (Ubuntu)	Undecided	Fix Released
757065	Tracking bug for SRU update of KDE to 4.5.5 in Maverick	kdeutils (Ubuntu)	Undecided	Fix Released
757065	Tracking bug for SRU update of KDE to 4.5.5 in Maverick	kdewebdev (Ubuntu)	Undecided	Fix Released
757065	Tracking bug for SRU update of KDE to 4.5.5 in Maverick	oxygen-icons (Ubuntu)	Undecided	Fix Released
757065	Tracking bug for SRU update of KDE to 4.5.5 in Maverick	plasma-widget-yawp (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2011-1094

Related bugs and status

Related bugs

References