George Staikos

**Name of the Vulnerable Software and Affected Versions** kdelibs versions 2.2.2 through 3.0.5a kdebase versions 3.0.5a and earlier kdelibs-sound versions 2.2.2 kdelibs-sound-devel version 2.2.2 kdebase-devel version 3.0.5a kdelibs-devel versions 2.2.2 through 3.0.5a **Description** The issue concerns multiple vulnerabilities in various packages of the Red Hat Linux operating system, including kdelibs, kdebase, kdelibs-sound, kdelibs-sound-devel, kdebase-devel, and kdelibs-devel. These vulnerabilities can be exploited remotely, potentially leading to breaches of confidentiality, integrity, and availability of protected information. Specifically, KDE Konqueror for KDE 3.1.2 and earlier does not properly remove authentication credentials from URLs in the HTTP-Referer header, which could allow remote websites to steal these credentials. **Recommendations** For kdelibs versions 2.2.2 through 3.0.5a, update to a version later than 3.0.5a to resolve the issue. For kdebase versions 3.0.5a and earlier, update to a version later than 3.0.5a to resolve the issue. For kdelibs-sound versions 2.2.2, update to a version later than 2.2.2 to resolve the issue. For kdelibs-sound-devel version 2.2.2, update to a version later than 2.2.2 to resolve the issue. For kdebase-devel version 3.0.5a, update to a version later than 3.0.5a to resolve the issue. For kdelibs-devel versions 2.2.2 through 3.0.5a, update to a version later than 3.0.5a to resolve the issue. As a temporary workaround, consider restricting access to sensitive information and authentication credentials until a patch is available.