drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Prüfung von URIs in kdelibs (Fedora Core 2)
| Name: |
Mangelnde Prüfung von URIs in kdelibs (Fedora Core 2)
|
|
| ID: |
FEDORA-2004-122 |
|
| Distribution: |
Fedora |
|
| Plattformen: |
Keine Angabe |
|
| Datum: |
Do, 20. Mai 2004, 13:00 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0411 |
|
| Applikationen: |
KDE Software Compilation |
|
Originalnachricht |
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-122
2004-05-19
---------------------------------------------------------------------
Name : kdelibs
Version : 3.2.2
Release : 6
Summary : K Desktop Environment - Libraries
Description :
Libraries for the K Desktop Environment:
KDE Libraries included: kdecore (KDE core library), kdeui (user interface),
kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking),
kspell (spelling checker), jscript (javascript), kab (addressbook),
kimgio (image manipulation).
---------------------------------------------------------------------
Update Information:
iDEFENSE identified a vulnerability in the Opera Web Browser that could
allow remote attackers to create or truncate arbitrary files. The KDE team
has found that a similar vulnerability exists in KDE.
A flaw in the telnet URL handler can allow options to be passed to the
telnet program which can be used to allow file creation or overwriting.
An attacker could create a carefully crafted link such that when opened by
a victim it creates or overwrites a file in the victims home directory. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2004-0411 to this issue.
---------------------------------------------------------------------
* Sun May 16 2004 Than Ngo <than@redhat.com> 6:3.2.2-6
- vulnerability in the mailto handler, CAN-2004-0411
* Fri May 14 2004 Than Ngo <than@redhat.com> 3.2.2-5
- KDE Telnet URI Handler File Vulnerability , CAN-2004-0411
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
b271936a42f0370877996f52b25d7304 SRPMS/kdelibs-3.2.2-6.src.rpm
1f002c97bebde36e11f8ebaa8dd49ceb i386/kdelibs-3.2.2-6.i386.rpm
fcdb0589544dbc9d878dd99c890429a8 i386/kdelibs-devel-3.2.2-6.i386.rpm
853897fa6815cc47ae2bf92c3352847b
i386/debug/kdelibs-debuginfo-3.2.2-6.i386.rpm
b2174cd0c744138b24364cccfbf50847 x86_64/kdelibs-3.2.2-6.x86_64.rpm
795aa24e391b667a5b2fb79cb8d4230f x86_64/kdelibs-devel-3.2.2-6.x86_64.rpm
e95f633ef222198d8cbb8be067773fae
x86_64/debug/kdelibs-debuginfo-3.2.2-6.x86_64.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list
|
|
|
|
