New security updates for Debian GNU/Linux and Red Hat Linux are available.
Debian GNU/Linux:
DSA-155-1 kdelibs -- privacy escalation with Konqueror
"Due to a security engineering oversight, the SSL library from KDE, which Konqueror uses, doesn't check whether an intermediate certificate for a connection is signed by the certificate authority as safe for the purpose, but accepts it when it is signed. This makes it possible for anyone with a valid VeriSign SSL site certificate to forge any other VeriSign SSL site certificate, and abuse Konqueror users."
Read more
Red Hat Linux:
New kernel update available, fixes i810 video oops, several security issues
"Updated kernel packages are now available which fix an oops in the i810 3D kernel code. This kernel update also fixes a difficult to trigger race in the dcache (filesystem cache) code, as well as some potential security holes, although we are not currently aware of any exploits."
Read more
Debian GNU/Linux:
DSA-155-1 kdelibs -- privacy escalation with Konqueror
"Due to a security engineering oversight, the SSL library from KDE, which Konqueror uses, doesn't check whether an intermediate certificate for a connection is signed by the certificate authority as safe for the purpose, but accepts it when it is signed. This makes it possible for anyone with a valid VeriSign SSL site certificate to forge any other VeriSign SSL site certificate, and abuse Konqueror users."
Read more
Red Hat Linux:
New kernel update available, fixes i810 video oops, several security issues
"Updated kernel packages are now available which fix an oops in the i810 3D kernel code. This kernel update also fixes a difficult to trigger race in the dcache (filesystem cache) code, as well as some potential security holes, although we are not currently aware of any exploits."
Read more