Mandriva Update for kdelibs4 MDVSA-2011:162 (kdelibs4)

The remote host is missing an update for the 'kdelibs4' package(s) announced via the referenced advisory.

Multiple vulnerabilities was discovered and corrected in kdelibs4: KDE KSSL in kdelibs does not properly handle a NUL character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408 (CVE-2009-2702). An input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An attacker could supply a specially-crafted SSL certificate (for example, via a web page) to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid (CVE-2011-3365). The updated packages have been patched to correct these issues.

kdelibs4 on Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64

Please Install the Updated Packages.