CVE-2011-3365

Name of the Vulnerable Software and Affected Versions kdelibs versions 3.3.1 through 3.5.4 kdelibs versions prior to 4.12.5-r1 KDE SC versions 4.6.0 through 4.7.1

Description The issue allows remote attackers to exploit vulnerabilities in the kdelibs package, potentially leading to a breach of confidentiality, integrity, and availability of protected information. The vulnerability can be exploited remotely. The KDE SSL Wrapper (KSSL) API does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.

Recommendations For kdelibs versions 3.3.1 through 3.5.4, update to a version outside of this range to mitigate the risk. For kdelibs versions prior to 4.12.5-r1, update to version 4.12.5-r1 or later to resolve the issue. For KDE SC versions 4.6.0 through 4.7.1, consider disabling the KSSL API until a patch is available. As a temporary workaround, restrict access to the vulnerable kdelibs package to minimize the risk of exploitation.