[SECURITY] Fedora Core 1 Update: kdelibs-3.1.4-5

Than Ngo than at redhat.com
Mon May 17 16:24:02 UTC 2004



---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-121
2004-05-17
---------------------------------------------------------------------

Name        : kdelibs
Version     : 3.1.4
Release     : 5
Summary     : K Desktop Environment - Libraries
Description :
Libraries for the K Desktop Environment:
KDE Libraries included: kdecore (KDE core library), kdeui (user interface),
kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking),
kspell (spelling checker), jscript (javascript), kab (addressbook),
kimgio (image manipulation).

---------------------------------------------------------------------
Update Information:

iDEFENSE identified a vulnerability in the Opera Web Browser that could
allow remote attackers to create or truncate arbitrary files. The KDE team
has found that a similar vulnerability exists in KDE.

A flaw in the telnet URL handler can allow options to be passed to the
telnet program which can be used to allow file creation or overwriting.
An attacker could create a carefully crafted link such that when opened by
a victim it creates or overwrites a file in the victims home directory. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2004-0411 to this issue.

---------------------------------------------------------------------
* Sun May 16 2004 Than Ngo <than at redhat.com> 6:3.1.4-5

- KDE Telnet URI Handler File Vulnerability, vulnerability in the mailto 
handler, CAN-2004-0411


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

17ef612d8376994d49d775e65f7cf3e2  SRPMS/kdelibs-3.1.4-5.src.rpm
67043b7db880bd1c5a6f6a860e357c3f  i386/kdelibs-3.1.4-5.i386.rpm
4d7004becf7fb55a35530c49e77c36b7  i386/kdelibs-devel-3.1.4-5.i386.rpm
d2ecc5a35193a30df1fa70bb382bc708  
i386/debug/kdelibs-debuginfo-3.1.4-5.i386.rpm
7b91158e81b7291826d5ba614179d706  x86_64/kdelibs-3.1.4-5.x86_64.rpm
6a213815b2584be92ec32da05a985cba  x86_64/kdelibs-devel-3.1.4-5.x86_64.rpm
b136d3d183e72666f6f56e6a507c10f3  
x86_64/debug/kdelibs-debuginfo-3.1.4-5.x86_64.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------






More information about the announce mailing list