Fedora Core 2 Update: kdelibs-3.2.2-6
Posted on: 05/19/2004 02:47 PM

A kdelib update has been released for Fedora Core 2

Fedora Update Notification

Name : kdelibs
Version : 3.2.2
Release : 6
Summary : K Desktop Environment - Libraries
Description :
Libraries for the K Desktop Environment:
KDE Libraries included: kdecore (KDE core library), kdeui (user interface), kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking), kspell (spelling checker), jscript (javascript), kab (addressbook), kimgio (image manipulation).

Update Information:

iDEFENSE identified a vulnerability in the Opera Web Browser that could allow remote attackers to create or truncate arbitrary files. The KDE team has found that a similar vulnerability exists in KDE.

A flaw in the telnet URL handler can allow options to be passed to the telnet program which can be used to allow file creation or overwriting. An attacker could create a carefully crafted link such that when opened by a victim it creates or overwrites a file in the victims home directory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0411 to this issue.

* Sun May 16 2004 Than Ngo than@redhat.com 6:3.2.2-6

- vulnerability in the mailto handler, CAN-2004-0411

* Fri May 14 2004 Than Ngo than@redhat.com 3.2.2-5

- KDE Telnet URI Handler File Vulnerability , CAN-2004-0411

This update can be downloaded from:

b271936a42f0370877996f52b25d7304 SRPMS/kdelibs-3.2.2-6.src.rpm
1f002c97bebde36e11f8ebaa8dd49ceb i386/kdelibs-3.2.2-6.i386.rpm
fcdb0589544dbc9d878dd99c890429a8 i386/kdelibs-devel-3.2.2-6.i386.rpm
b2174cd0c744138b24364cccfbf50847 x86_64/kdelibs-3.2.2-6.x86_64.rpm
795aa24e391b667a5b2fb79cb8d4230f x86_64/kdelibs-devel-3.2.2-6.x86_64.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.

Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/fedora_core_2_update_kdelibs_322_6.html)