Slackware: 2004-014-01: kdepim Security Update
Summary
Here are the details from the Slackware 9.1 ChangeLog: Wed Jan 14 11:58:58 PST 2004 patches/packages/kdepim-3.1.4-i486-2.tgz: Recompiled with security patch post-3.1.4-kdepim-kfile-plugins.diff. From the KDE advisory: The KDE team has found a buffer overflow in the file information reader of VCF files. A carefully crafted .VCF file potentially enables local attackers to compromise the privacy of a victim's data or execute arbitrary commands with the victim's privileges. By default, file information reading is disabled for remote files. However, if previews are enabled for remote files, remote attackers may be able to compromise the victim's account. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0988 (* Security fix *) WHERE TO FIND THE NEW PACKAGES: Updated packages for Slackware 9.0: ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/kde/kdepim-3.1.3-i386-2.tgz ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/kde/kdebase-3.1.3-i386-2.tgz Updated package for Slackware 9.1: ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/kdepim-3.1.4-i486-2.tgz Updated packages for Slackware -current: MD5 SIGNATURES: MD5 signatures may be downloaded from our FTP server: Slackware 9.0 packages: ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/CHECKSUMS.md5 To verify authenticity, this file has been signed with the Slackware GPG key (use 'gpg --verify'): ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/CHECKSUMS.md5.asc Slackware 9.1 packages: ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/CHECKSUMS.md5 ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/CHECKSUMS.md5.asc Slackware -current packages: ftp://ftp.slackware.com/pub/slackware/slackware-current/CHECKSUMS.md5 ftp://ftp.slackware.com/pub/slackware/slackware-current/CHECKSUMS.md5.asc INSTALLATION INSTRUCTIONS: As root, upgrade the package(s) using upgradepkg: # upgradepkg *.tgz
Where Find New Packages
MD5 Signatures
Installation Instructions