Fedora Update Notification
FEDORA-2004-122
2004-05-19
---------------------------------------------------------------------

Name        : kdelibs
Version     : 3.2.2
Release     : 6
Summary     : K Desktop Environment - Libraries
Description :
Libraries for the K Desktop Environment:
KDE Libraries included: kdecore (KDE core library), kdeui (user interface),
kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking),
kspell (spelling checker), jscript (javascript), kab (addressbook),
kimgio (image manipulation).

---------------------------------------------------------------------
Update Information:

iDEFENSE identified a vulnerability in the Opera Web Browser that could
allow remote attackers to create or truncate arbitrary files. The KDE team
has found that a similar vulnerability exists in KDE.

A flaw in the telnet URL handler can allow options to be passed to the
telnet program which can be used to allow file creation or overwriting.
An attacker could create a carefully crafted link such that when opened by
a victim it creates or overwrites a file in the victims home directory. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2004-0411 to this issue.

---------------------------------------------------------------------
* Sun May 16 2004 Than Ngo <than@redhat.com> 6:3.2.2-6

- vulnerability in the mailto handler, CAN-2004-0411

* Fri May 14 2004 Than Ngo <than@redhat.com> 3.2.2-5

- KDE Telnet URI Handler File Vulnerability , CAN-2004-0411


---------------------------------------------------------------------
This update can be downloaded from:
   

b271936a42f0370877996f52b25d7304  SRPMS/kdelibs-3.2.2-6.src.rpm
1f002c97bebde36e11f8ebaa8dd49ceb  i386/kdelibs-3.2.2-6.i386.rpm
fcdb0589544dbc9d878dd99c890429a8  i386/kdelibs-devel-3.2.2-6.i386.rpm
853897fa6815cc47ae2bf92c3352847b  i386/debug/kdelibs-debuginfo-3.2.2-6.i386.rpm
b2174cd0c744138b24364cccfbf50847  x86_64/kdelibs-3.2.2-6.x86_64.rpm
795aa24e391b667a5b2fb79cb8d4230f  x86_64/kdelibs-devel-3.2.2-6.x86_64.rpm
e95f633ef222198d8cbb8be067773fae  x86_64/debug/kdelibs-debuginfo-3.2.2-6.x86_64.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.

Fedora: 2: kdelibs Insufficient input sanitation

May 19, 2004
An attacker could create a carefully crafted link such that when opened by a victim it creates or overwrites a file in the victims home directory.

Summary

Libraries for the K Desktop Environment:

KDE Libraries included: kdecore (KDE core library), kdeui (user interface),

kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking),

kspell (spelling checker), jscript (javascript), kab (addressbook),

kimgio (image manipulation).

Update Information:

iDEFENSE identified a vulnerability in the Opera Web Browser that could allow remote attackers to create or truncate arbitrary files. The KDE team has found that a similar vulnerability exists in KDE.

A flaw in the telnet URL handler can allow options to be passed to the telnet program which can be used to allow file creation or overwriting. An attacker could create a carefully crafted link such that when opened by a victim it creates or overwrites a file in the victims home directory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0411 to this issue.

* Sun May 16 2004 Than Ngo <than@redhat.com> 6:3.2.2-6

- vulnerability in the mailto handler, CAN-2004-0411

* Fri May 14 2004 Than Ngo <than@redhat.com> 3.2.2-5

- KDE Telnet URI Handler File Vulnerability , CAN-2004-0411


This update can be downloaded from:


b271936a42f0370877996f52b25d7304 SRPMS/kdelibs-3.2.2-6.src.rpm 1f002c97bebde36e11f8ebaa8dd49ceb i386/kdelibs-3.2.2-6.i3...

Read the Full Advisory

Change Log

References

Fedora Update Notification FEDORA-2004-122 2004-05-19 Name : kdelibs Version : 3.2.2 Release : 6 Summary : K Desktop Environment - Libraries Description : Libraries for the K Desktop Environment: KDE Libraries included: kdecore (KDE core library), kdeui (user interface), kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking), kspell (spelling checker), jscript (javascript), kab (addressbook), kimgio (image manipulation).

Update Instructions

Severity
Name : kdelibs
Version : 3.2.2
Release : 6
Summary : K Desktop Environment - Libraries

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved